n n n

Cisco ISE Implementation

Customer Need

  1. No 802.1x authentication for wireless networks in place. Authentication was based on pre-shared keys, which is not a best practice for enhanced security
  2. When an employee with knowledge of the pre-shared keys leaves, it’s possible for him/her to connect to the client’s network, which poses a security risk
  3. The client’s environment is mostly an open, public place, where anyone can plug in his/her device, and get on the network, which is also a security concern
  4. Switches were running older versions of IOS, which had bugs that produced inconsistent 802.1x behavior.
  5. Some domain-joined Windows workstations did not have the proper 802.1x settings

 

Solution

  1. Implementin a Network Access Control (NAC) solutions: Cisco Identity Services Engine (ISE) was chosen as the RADIUS server, which authenticate the wired and wireless devices when they attempt to connect to the client’s network.
  2. Upgrading all the switches to Cisco’s recommended code versions to resolve bugs associated with older code
  3. Working with customer’s server team to push the proper settings through Group Policy Object (GPO).

 

s4nets took on a six months project working on a Cisco ISE implementation for a local health care provider. In this project, the client was experiencing issues with 802.1x authentication for wireless networks. Since the client’s environment is mostly an open, public place, where anyone can connect to the client’s network with their own devices, it becomes a security concern. On top of that, the current switches were running on older version of IOS which had bugs that produced inconsistent 802.1x behavior while some domain-joined Windows workstations did not have the proper 802.1x settings. Another security risk occurs when an employee with knowledge of the pre-shared keys leaves, they can still connect to the client’s network.

 

To resolve these challenges, s4nets used Cisco Identity Services Engine (ISE) to authenticate the wired and wireless devices when the devices attempt to connect to the client’s network. The design and implementation of ISE was easier since s4nets had done previous ISE deployments and had the knowledge of how all the network components fit together. s4nets engineers worked together with the client’s server team to meticulously push the proper settings through Group Policy Object (GPO). The success factors include not only a more secure local network but also a proper authentication for most wired and wireless devices that can connect to the client’s network. ISE also provided endpoint visibility, giving the client knowledge on what devices are on its network.

 

Impact

  1. Most of the wired and wireless devices now have to authenticate to be able to connect to the Hospital network
  2. Since authentication is now in place, the local network is much more secure from the internal perspective
  3. ISE also provides endpoint visibility, allowing the client to know wha devices are connected to its network
Category:  

Network Security

Date:   

June 23, 2017