Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

machine authentication security risk with wireless

mrbzumrbzu
Level 1
Level 1

‎10-06-2010 08:42 AM - edited ‎03-10-2019 05:28 PM

Hi,

I have machine authentication enabled in my network for wireless users and caching for 24 hours. It appears that after machine authentication with domain, acs stores the mac address of wireless card into the cache as successfull authentication. so any user facking same mac address on the pc gets authenticated with acs server as its cached for 24 hours. so if the non legitmate user knows any legitmate  mac address (Calling-station-id), he could access the network.

Is there any way we can make machine authentication better from security point of view?

Regards

Labels:
0 Helpful
1 Reply 1

jedubois
Cisco Employee
Cisco Employee

‎10-07-2010 01:50 PM

Hello,

     Machine authentication is not MAC Address Authentication, it users Machine Credentials (machine user/pass or certificate) to authenticate to the ACS.  If a user simpily spoofs a MAC Address they do not have the required credentials required to authenticate to your network.  On the other hand if a user with a valid username/password or certificte spoofs the MAC address on an non corporate machine they could connect a non corporate asset to the wireless network.  In either case the user connecting still has valid credentials to your network so the risk minimal.

     If there is a big concern of this you could considder adding a NAC (Network Admission Control) solution to your wireless network where you can do more extensive checks to the machine before providing it access to the network.  If you are interested you can find more information on Cisco's offerring here: http://www.cisco.com/en/US/products/ps6128/index.html

--Jesse

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents