Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How PPS can prevent a spoofed identity?

OudMaster
Occasional Contributor
‎12-26-2018 11:49:PM
‎12-26-2018 11:49:PM

How PPS can prevent a spoofed identity?

Hi,

 

We usually configure MAC Realm with profiler attributes inorder to allow un-managed devices such as IP Phones, Printers ,,, etc to access the network.

 

but if an attacker used his laptop and managed to spoof the identity of these un-managed devices and let PPS thinks that it is a valid un-managed device, then it will send a RAIDUS message to the switch allow it to open the port.

Note that the attacker is agentless.

 

Can PPS detect such spoofing and do action? 

 

 

0 Kudos
1 REPLY 1
cbrauckmiller
Frequent Contributor
‎01-09-2019 06:24:AM
‎01-09-2019 06:24:AM

Re: How PPS can prevent a spoofed identity?

Profiler can detect MAC spoofing if the device profile changes.

 

In your example, if an attacker used his laptop to spoof the MAC of a printer, Profiler would detect this due to the fact that the OS changed or the DHCP fingerprint changed or other profilable data had changed. 

 

Refer to https://www.pulsesecure.net/download/techpubs/current/1468/pulse-policy-secure/pps/9.0rx/ps-pps-9.0r... Go to Page 20 under the Access Control heading for more information.

 

Thanks

 

Craig Brauckmiller

Escalation Manager

Pulse Secure

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.