http://nacblog.juniper.net/2007/11/07/assessment-options/ Steve Hanna's Weblog Mon, 08 Sep 2008 03:19:54 +0000 http://wordpress.org/?v=2.2.1 http://nacblog.juniper.net/2007/11/07/assessment-options/#comment-33 Tarek Mon, 28 Jan 2008 19:25:02 +0000 http://nacblog.juniper.net/2007/11/07/assessment-options/#comment-33 I had a debate with someone recently on dealing with unmanaged devices in NAC deployments. I was telling someone that you can authenticate the unmanaged devices using their MAC addresses, however he told me that the MAC address can be spoofed easily. My point is that if someone has the intention to spoof, he can also tweak the kernel parameter, fake his response to the probes, in order to deceive scanners a make them believe that his PC is a Printer or so. Also the scanning technique is not useful for PC, especially that most of the users today have personal firewalls on the machines. That's why I'd like to know if the Scanning/Probing technique is really useful or at least mandatory in a UAC deployment or not? I had a debate with someone recently on dealing with unmanaged devices in NAC deployments.
I was telling someone that you can authenticate the unmanaged devices using their MAC addresses, however he told me that the MAC address can be spoofed easily.
My point is that if someone has the intention to spoof, he can also tweak the kernel parameter, fake his response to the probes, in order to deceive scanners a make them believe that his PC is a Printer or so.
Also the scanning technique is not useful for PC, especially that most of the users today have personal firewalls on the machines.
That’s why I’d like to know if the Scanning/Probing technique is really useful or at least mandatory in a UAC deployment or not?

]]>