Re: Anti MAC & Anti IP Spoofing Solution

ZAHIDHASEEB · ‎12-28-2021

If official devices are registered thru MAC & IP to access the LAN. How can we deal with MAC & IP spoofing. Anyone can bring its home laptop or mobile and put the allowed MAC or IP on his home device to access the secure network. How can we deal with challenge

Rob Ingram · ‎12-28-2021

@ZAHIDHASEEB you could use Network Access Control (NAC) to control which devices are allowed to connect to the network. Cisco's solution is ISE, which can authenticate your offical devices to the network, any device that is unknown can be denied access or provided limited access.

ZAHIDHASEEB · ‎12-28-2021

Does NAC see the client devices deeply instead of only verifying, for example firewall is enabled or antivirus definitions or windows updates are updated ? what are some good NAC in the market ?

Kasun Bandara · ‎12-28-2021

Hi,

these options are supported by cisco ISE. that is matching for your requirement. ISE have posture checking, MAB, dynamic VLANs, etc.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Massimo Baschieri · ‎12-28-2021

As far as I know, if you are doing MAB, and usually you need to, at least for some devices, antispoofing is quite a dream, do you agree?

Rob Ingram · ‎12-28-2021

@ZAHIDHASEEB yes if you run posture assessment, you can determine the firewall and if it's enabled and what AntiVirus is installed and if the definitions have been updated or windows update patches have been installed. Like I said Cisco ISE (Identity Services Engine) is Cisco's NAC solution.