07-24-2019 08:20 PM
With current configuration setup for ISE and ID-PSK, using Cisco AV Pairs in the Authorization profile to hold the network key - these attributes in the Authorization profile are shown in clear text in the Live log details. The ISE Live Logs are accessible - typically by lowest level admins in ISE (i.e. HelpDesk). Is there a way to hide or block these components of the Authz Profile from showing in the live logs? Looking for something similar to how invalid user credentials/identity can be blocked via RADIUS protocol settings from showing in live logs and Live log details
Thanks!
Solved! Go to Solution.
07-25-2019 07:07 AM
07-24-2019 09:18 PM
07-25-2019 08:44 AM
I kind of figured as much. For corporations leveraging this feature, this can put lower-tier support team enablement at odds with the security of the wireless network. (As secure as WPA2-PSK is in this day and age). One of the great benefits of ISE is the HelpDesk/Operations role can be given to anyone within the organization in the Endpoint management/support path and with very quick tutorial they can become more efficient at resolving issues faster and within lower support bands. This exposure of the network keys changes that.
07-25-2019 06:57 PM
07-25-2019 07:07 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide