Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
3
Replies

Cisco İSE authentication

teymur azimov
Level 1
Level 1

‎03-17-2014 05:40 AM - edited ‎03-10-2019 09:32 PM

Dears,

I have ipad and authenticate from ISE. In our company someone is hacker  and have the same model of ipad and put my ipad mac address in his ipad. Can he connect to network?? He also know the username and password.How ISE identify the hacker ipad? i

Labels:
0 Helpful
3 Replies 3

Saurav Lodh
Level 7
Level 7

‎03-20-2014 12:57 AM

Yes he can access the network, moreover, if BYOD is supported , he can easily register any device using your AD credentials. One scenario, where he cant use that device is when devices with certificates installed manually ( no SCEP ). Then the device he would be carrying shouldnot be having certificate installed using your AD.

0 Helpful

kaaftab
Level 4
Level 4

‎03-26-2014 06:54 AM

yes you are right but with profiling and posturing you can also identify certain application or apply fingerprinting and rule combination to limit this .

However certians posiblities will always remain and main concept is always to make it difficult.

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎03-27-2014 01:23 PM

If the username and password are known then you are going to have bigger issues to worry about :) The iPad MAC address will not matter unless you are only using the MAC addrss to autenticate to the network. Even Profiling is not guaranteed to protect you against MAC spoofing. 

A better way to protect your network is to use PKI  (EAP-TLS autnentication)

 

Thank you for rating!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents