Photo by Keith Hardy on Unsplash
Network access control with Cisco's Identity Services Engine
The Magic Gate
Access control is a standard feature of networks, with a general need to reconcile strict security requirements with a greater diversity and larger number of terminal devices, even in times of constantly changing threats. In this article, I look at the options offered by Cisco's Identity Services Engine (ISE), including the architecture, feature set, and how to integrate guest devices.
Internal Barriers
The increasing penetration of Internet of Things (IoT) components means new threats. For example, many IoT elements do not support the authentication methods familiar on enterprise networks. The lack of hardening options (e.g., the ability to disable services) and missing or delayed update processes aggravate the situation. At the same time, the larger number of end devices inevitably means more points of access to the network, such as switches and wireless local area network (WLAN) access points. Virtual private network (VPN) gateways also play a major role for system administrators, especially during the pandemic, because of increased use of home offices.
It makes sense, then, to establish a stronger focus on segmentation and "least privileges" as early as possible in the network access phase on top of a classic "allow/deny" policy. True to the motto, "You can't protect what you can't see," increasing visibility on the network and identifying, reporting, and dealing with potential threats at an early stage is important.
Despite cloudification and zero trust approaches, securing internal networks and resources is still very important in many organizations because this is where the crown jewels are hidden away, for which outsourcing to external cloud providers is strictly prohibited. Internal security mechanisms are required to prevent access completely or to restrict lateral movement on the network after the potential infection of a host. These
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Cisco Issues an Advisory for WiFi Admin Software
-
Software-defined networking with Windows Server 2016
Windows Server 2016 takes a big step toward software-defined networking, with the Network Controller server role handling the centralized management, monitoring, and configuration of network devices and virtual networks. This service can also be controlled with PowerShell and is particularly interesting for Hyper-V infrastructures. -
Microsoft Network Policy Server
Redmond's RADIUS implementation connects systems and provides secure authorization and logging. - Remote Code Execution Vulnerability Found in Cisco
-
Exploring Apache CloudStack
Apache's CloudStack offers flexibility and some powerful networking features.