联邦吧：你知道有什么有线网络连接吗？

在一个意想不到的扭曲，即使有了所有仔细的基础工作，许多机构都在一个令人惊讶的地方留下了一个令人不安的洞 - 有线网络。事实证明，设备漫步通过与员工或访客的前门漫步，并轻松插入网络。报告说明，只有70％到80％的时间都没有阻止相机，平板电脑甚至可以轻松加入网络，一旦他们超越驻防保安。

To get answers on how to identify these devices, tune into the webcast“Overcoming the Challenges of Wired Network Security for the Federal Government.”

While the network has post-connection and firewall policies to restrict what the devices can do, there’s nothing preventing them from plugging in to the Wi-Fi through a wired port. So much of the security depends on segmenting VLANs with, for example, a printer traffic allocated to one port, voice traffic to another port, and guest traffic to yet another port—and each port having its own policies.

These are proven security best practices, but they don’t prevent the network from being vulnerable to rogue devices that appear to be behaving. While a lone PlayStation may not create a network alert, you can expect a tsunami of IoT devices to start joining networks. These devices can—and will—be exploited by hackers. Successful attacks stand a good chance of having an even larger impact if mission operations are disrupted or confidential information is stolen.

Preventing attacks calls for quickly identifying the rogue devices and making sure they behave appropriately. A recently added iPad that is used for reserving a meeting room or a visiting colonel’s laptop presents little danger, but other devices could be there to make trouble.

4 Steps to Creating Safe Zones
What we’re seeing is that these tainted devices lurking in the network for as many as 100 days. Once identified, mitigating the threat takes up to 30 days. That timeline is much too long and dangerous for federal agencies.

Aruba has assembled a set of certified solutions that will keep potentially dangerous devices in quarantine until they are deemed safe and allow harmless ones to check-in safely and be acknowledged. Working together, agencies can create a safe zone by taking these four steps:

• 确定网络上的内容
• 在边缘应用“最佳拟合”动态控制
• Orchestrate security and experience
• Analyze behaviors and react to threats

阿鲁巴360安全面料，遇到了FIPS和常见标准标准，解决这些有线挑战，以创建集成的有线和无线安全环境。对于这个博客，我会专注于Aruba ClearPassnetwork access control. Smarter and more powerful than an asset manager, ClearPass has built-in discovery and profiling to ensure that users and devices are granted appropriate access privileges. It applies a unique combination of deep packet inspection (DPI), advanced machine learning and crowdsourcing device fingerprints to make smart decisions about what a device is doing and if it poses a threat to the network.

您可以依靠清除通道：

• Visibility throughout the network that discovers devices and profiles them with custom fingerprinting
• Authorization that validates network access privileges based on identity and context
• Enforcement of security guidelines with timely attack responses after event-triggered actions
• Authentication of users for one role and one network resulting from AAA and non-AAA options

Security with More Smarts and Less Effort
我觉得特别引人注目的是清晰度如何改善机构员工和它的安全体验。在IT团队之外，大多数员工认为安全是一个刺激性的麻烦。使用Quillpass，安全团队可以设置帮助人们导航其网络问题的流程。Clearpass有许多漂亮的自助工具，可以确切地提供帮助一个沮丧的用户，令人沮丧的用户实际上，他的笔记本电脑可能不合规。

总而言之，清除通道和Aruba安全面料加强您已经合理的网络和支持合规性。他们一起降低流氓设备向联邦机构介绍的总体风险，同时改善了较少的帮助台呼叫和安全变化请求的操作。

Realistically, the network will always have some level of vulnerability. Attackers get smarter every day, and new projects spinning up leave holes in dynamic environments. ClearPass helps you stay ahead and close the gaps.

Related Content
Wired network challenges create real and dangerous problems for federal agencies. For more in-depth information about closing the gaps with Aruba ClearPass, watch the webcastOvercoming the Challenges of Wired Network Security for the Federal Government.

Learn more about Aruba solutions for government.