Lab Minutes Forum
Technical Discussion => Security => Topic started by: adecisco on November 22, 2013, 06:51:26 AM
-
A quick question here:
At what value is certainty factor believable?
Is the higher the certainty factor the more believable or the low the certainty factor the more believable like in Administrative distance under routing.
Just need more clarification.
Thanks.
-
Certainty factor is cumulative and it increments for every profiling rules it passes so the higher the number, the more ISE believe what the device really is.
-
Thanks my think as well I just need to be double sure.
Can you share ideal about what to go about profiling some non-user endpoint that has mac addresses provided.
1. Should I allow ISE to profile them before modifying the result of the profile to suite my need.
2. Or should I create the profile from from the mac-address I already have
The drawback to the second option is could be mac-address spoofing.
Thanks.
-
Thanks my think as well I just need to be double sure.
Can you share ideal about what to go about profiling some non-user endpoint that has mac addresses provided.
1. Should I allow ISE to profile them before modifying the result of the profile to suite my need.
2. Or should I create the profile from from the mac-address I already have
The drawback to the second option is could be mac-address spoofing.
Thanks.
If you have an exact list of MAC addresses, you might as well create an Endpoint Group and add MAC addresses to the group and just use that in your auth policies without having to bother with profiling. Of course, MAC spoofing is always as issue when using a static list of MAC addresses
You use profiling when you only have partial information of the device, like MAC OUI or certain strings in HTTP request etc. and collectively create a device profile from them.
-
Yeah really I go with the option of mac address and profiling it is the only solution that will meet some of this my client..Their demands are sometime funny.
-
Coming up with device check yourself can get tricky since you need to know the exact characteristic of the device. I would only use it as a last resort.