topic Re: Anti MAC & Anti IP Spoofing Solution in Network Security

Anti MAC & Anti IP Spoofing Solution

ZAHIDHASEEB — Tue, 28 Dec 2021 09:40:39 GMT

If official devices are registered thru MAC & IP to access the LAN. How can we deal with MAC & IP spoofing. Anyone can bring its home laptop or mobile and put the allowed MAC or IP on his home device to access the secure network. How can we deal with challenge

Re: Anti MAC & Anti IP Spoofing Solution

Rob Ingram — Tue, 28 Dec 2021 09:49:03 GMT

@ZAHIDHASEEB you could use Network Access Control (NAC) to control which devices are allowed to connect to the network. Cisco's solution is ISE, which can authenticate your offical devices to the network, any device that is unknown can be denied access or provided limited access.

Re: Anti MAC & Anti IP Spoofing Solution

ZAHIDHASEEB — Tue, 28 Dec 2021 10:10:58 GMT

Does NAC see the client devices deeply instead of only verifying, for example firewall is enabled or antivirus definitions or windows updates are updated ? what are some good NAC in the market ?

Re: Anti MAC & Anti IP Spoofing Solution

Kasun Bandara — Tue, 28 Dec 2021 10:13:37 GMT

Hi,

these options are supported by cisco ISE. that is matching for your requirement. ISE have posture checking, MAB, dynamic VLANs, etc.

Re: Anti MAC & Anti IP Spoofing Solution

Rob Ingram — Tue, 28 Dec 2021 10:14:34 GMT

@ZAHIDHASEEB yes if you run posture assessment, you can determine the firewall and if it's enabled and what AntiVirus is installed and if the definitions have been updated or windows update patches have been installed. Like I said Cisco ISE (Identity Services Engine) is Cisco's NAC solution.

Re: Anti MAC & Anti IP Spoofing Solution

Massimo Baschieri — Wed, 29 Dec 2021 06:30:24 GMT

As far as I know, if you are doing MAB, and usually you need to, at least for some devices, antispoofing is quite a dream, do you agree?