cancel
Showing results for 
Search instead for 
Did you mean: 

How PPS can prevent a spoofed identity?

Highlighted
Occasional Contributor

How PPS can prevent a spoofed identity?

Hi,

 

We usually configure MAC Realm with profiler attributes inorder to allow un-managed devices such as IP Phones, Printers ,,, etc to access the network.

 

but if an attacker used his laptop and managed to spoof the identity of these un-managed devices and let PPS thinks that it is a valid un-managed device, then it will send a RAIDUS message to the switch allow it to open the port.

Note that the attacker is agentless.

 

Can PPS detect such spoofing and do action? 

 

 

1 REPLY 1
Moderator

Re: How PPS can prevent a spoofed identity?

Profiler can detect MAC spoofing if the device profile changes.

 

In your example, if an attacker used his laptop to spoof the MAC of a printer, Profiler would detect this due to the fact that the OS changed or the DHCP fingerprint changed or other profilable data had changed. 

 

Refer to https://www.pulsesecure.net/download/techpubs/current/1468/pulse-policy-secure/pps/9.0rx/ps-pps-9.0r... Go to Page 20 under the Access Control heading for more information.

 

Thanks

 

Craig Brauckmiller

Escalation Manager

Pulse Secure