Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco İSE authentication

Dears,

I have ipad and authenticate from ISE. In our company someone is hacker  and have the same model of ipad and put my ipad mac address in his ipad. Can he connect to network?? He also know the username and password.How ISE identify the hacker ipad? i

  • AAA Identity and NAC
3 REPLIES

Yes he can access the network

Yes he can access the network, moreover, if BYOD is supported , he can easily register any device using your AD credentials. One scenario, where he cant use that device is when devices with certificates installed manually ( no SCEP ). Then the device he would be carrying shouldnot be having certificate installed using your AD.

Silver

yes you are right but with

yes you are right but with profiling and posturing you can also identify certain application or apply fingerprinting and rule combination to limit this .

However certians posiblities will always remain and main concept is always to make it difficult.

Cisco Employee

If the username and password

If the username and password are known then you are going to have bigger issues to worry about :) The iPad MAC address will not matter unless you are only using the MAC addrss to autenticate to the network. Even Profiling is not guaranteed to protect you against MAC spoofing. 

A better way to protect your network is to use PKI  (EAP-TLS autnentication)

 

Thank you for rating!

88
Views
0
Helpful
3
Replies
This widget could not be displayed.