4.2. Unintentional LAN-Based Threats
You have now seen briefly how unintentional threats can cause problems on a LAN. Although these users are utilizing their systems with the most honorable of intentions, they can still cause problems by the simple act of them connecting to the LAN.
NOTE
I spoke with a company that actually caused one of their customer's LANs to become infected. One of their laptops contained malware, and it spread throughout the customer's LAN. That is certainly not a good position to be in and was why that company was seeking a Mobile NAC solution!
Unintentional threats are not limited to outsiders. Employees can cause unintentional infections as well. The following are the two types of devices of which to be aware of in regard to unintentional threats:
Corporate-owned devices that are authorized to connect to the LAN
Guest (or unknown) devices that may or may not be authorized to connect to the LAN
When utilizing a LAN-based NAC/NAP solution to address unintentional threats, the enterprise has a few decisions to make on how it wants to address this threat from a topological standpoint. How this is done defines the types of threats to which the LAN is vulnerable. The topology considerations include the following:
Having all guest/unknown device access be limited to guest networks, which are separate from the corporate LAN
Assessing the devices and providing access based upon their security posture
4.2.1. The Pros and Cons of a Guest Network
Guest networks have ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
