Posted by: Joshua Wood
BYOD, Cisco, Integrated Service Engine, iphone, ISE
Hi all, today more and more companies are opening up their cooperate infrastructure to BYOD or Bring Your Own Device strategies. This has serious implications for IT departments because you have no way of knowing who will bring in what at what time and for what reason. Well, leave it to Cisco to have a solution to this.
Cisco has come out with the Integrated Service Engine or ISE that lets you classify devices passively. The ISE (pronounced ice) will watch the traffic flowing from a device and based on several parameters determine the hardware type and sometimes OS version that is being used. Once it finds that out it matches it with who is using the hardware and assigns a security context for the user. Let’s look at a scenario where this would come into play.
John Doe works for school and is a teachers assistant. The school doesn’t provide John with a corporate data device like a laptop or iPad but John finds that it makes his job a lot easier and he can also use it for personal activities during his breaks if he has one with him during the day. (So basically, a user who has their personal device at work for whatever reason.) The board has decided that that this is ok and in fact encouraged for everyone including older students. How do you separate and secure these devices?
The short answer is of course ISE but a more detailed answer is that the ISE lets the users logon to the network and identifies if the device is corporate controlled desktop in the library or the personal iPad by watching the traffic, mac address and other info. Then it puts them in a VLAN with a set of ACLs that is specific to them and their temporary IP.
I realize that this is complex topic and it always helps to see it in action so check out the link just below.
Until next time,