Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Identify Domain Devices

This thread has been viewed 0 times

  • 1.  Identify Domain Devices

    Posted Feb 20, 2015 10:35 AM
    I want to make sure I'm not missing something. I need to identify and only allow domain devices on a wireless network. The only real way I can make this happen with 99.99% certainty is via:
     
    Certificates (EAP-TLS)
    MDM (Mobile and Laptops)
    Agent (inspect the reg for example for domain info)
     
    Am I missing any other way ?

     

     

     



  • 2.  RE: Identify Domain Devices

    EMPLOYEE
    Posted Feb 20, 2015 10:37 AM
    Machine Authentication (either TLS or PEAP-MSCHAPv2)


  • 3.  RE: Identify Domain Devices

    Posted Feb 20, 2015 10:38 AM

    Hey Cap! 

     

    Well PEAP really cant tell its a domain device, right ? Its just logon / password, unless PEAPv2 is used (TLS). Or am I missing something ..



  • 4.  RE: Identify Domain Devices

    EMPLOYEE
    Posted Feb 20, 2015 10:42 AM

    Every domain computer has a machine account. Non-domain machines do not have a valid account.

    When you see the device authenticate to the network with host/device-name.domain.com, this is a machine authentication.

    The credential can be either a certificate or password. Active Directory can issue certificates to each domain computer automagically.



  • 5.  RE: Identify Domain Devices

    Posted Feb 20, 2015 10:46 AM

    Right right right .. via the AD SID. Any other ways you can think of ?