- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MAB or PSK?
Hello,
I am looking for suggestions on the best way to secure non 802.1x compatible wireless devices connecting to our network. We currently use a hidden SSID with a PSK specifically for these devices but was wondering if there was a different approach that people have used with enhanced security?
I am considering MAB using ISE but again this leave us potentially open to MAC spoofing etc.
Any advice would be great!
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Both SSID-hiding and MAB are no security-tools.
If the devices do not support 802.1X, PSKs (perhaps with iPSKs) are the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @KarstenI iPSKs certainly look like a more secure option than we currently have.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additionally you can assign them a different vlan/subnet and restrict access using the firewall/group-policy and only allow necessary traffic ip-port to your other lan segments
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A few of our customers use iPSK with Meraki and ISE, works brilliantly!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@DazKew wrote:A few of our customers use iPSK with Meraki and ISE, works brilliantly!
same here. We just have to make sure that the mac-address is never changed or the system falls down to basic access based on the default PSK.