I am currently implementing and testing the NAC Appliance solution for clean access. I have noticed a massive flaw in the security of this product, unless I'm mistaken. I was wondering if anyone can comment on this.
In order to utilise Active Directory SS0 I need to allow communications from the unauthenticated VLAN to the active directory servers on the below listed ports. This means that any device that is connected to the network and is not authenticated will be able to communicate with my servers on these ports. as you can see these are some of the most vulnerable ports on a microsoft server and hence I have my network and AD wide open to hackers and viruses. Surely this is wrong or have I misunderstood how the NAC AD SSO works?
Many thanks for your help.