7 Replies Latest reply on Feb 19, 2015 10:50 AM by ansarias

    ePO Question about Firewall

    jdh05

      Hello All,

       

      I want to know if there is a way to allow certain devices with certain naming conventions onto the network ONLY? I would like the devices who don't match our naming conventions to be restricted with the higest restrictions. As well as not allow the intruders not to input a DNS entry. I've done a lot of reading on the firewall function. I just don't know how to impliment this solution or am I even looking at the right solution. I just don't know where to start.

       

      Thanks!

        • 1. Re: ePO Question about Firewall
          Peter M

          I think this is best answered in ePO so have moved it there.

          ---

          Peter

          Moderator

          • 2. Re: ePO Question about Firewall
            Troja

            Sounds like 802.1x should be implemented in your envirionment.
            With network authentication only well authenticated devices are able to connect to the network. Without authentication only limited network access features are available.

            Cheers

            • 3. Re: ePO Question about Firewall
              jdh05

              Troja,

               

              Thank you very much for the reply. I do understand what you are saying. What would you recommend if lets say someone plugs a wireless router into out network? We found a few devices which would have to be manually plugged in. When it does get plugged in the DNS records and then inputs. My company has multiple sites. About 80 or so. I need a solution for the whole network. Any Suggestions?

               

              Thanks!

              • 4. Re: ePO Question about Firewall
                Troja

                Hi,

                from my side the only reasonable thing is implementing network authentication with 802.1x. This prevents connecting unauthorized "things" from your network.

                 

                Another solution could be.

                1) implementing RSD sensors on the DNS servers (If windows systems)

                2) registering a executeable in EPO which can be used to take a switch port offline.

                3) If RSD detects an unwanted device an automatic response is triggered where the application with specific parameters is startet.

                 

                But, this could be very tricky.

                 

                But in fact, the only way to prevent unauthorized connections to your network is a 802.1x solution.

                 

                Cheers

                • 5. Re: ePO Question about Firewall
                  ansarias

                  In actual in Firewall there is no option for naming conventions, but you can do it through IP range and IP subnet where with those IP you can mark as allow. So it will automatically block all network devices which is not match.

                   

                  Could you please let me know which McAfee firewall product are you refereeing ?

                  • 6. Re: ePO Question about Firewall
                    jdh05

                    ePolicy Orch 5.1.0 is what we are using to implement policies. We do have physical firewalls in place.

                     

                    To clarify for everyone... I do understand the wireless authentication and it is in affect. We only have a small amount of wireless devices throughout the company. Hense why I have this problem. >> We have had people at other sites plug in Linksys wireless routers to create their own wireless. So the problem is that they hard wire into our network and the network doesn't see it as a problem and goes ahead and assigns it an IP off the DHCP and gives full access.

                     

                    Also for the wireless. When someone who knows the WEP to our wireless and connects their iPAD or other peripherals on to our network. Eventually it creates an entry into our DNS. Which then makes our DNS unorganized and not standardized. Or the simple fact that it's happening is unacceptable.

                     

                    So the two Key points:

                    What security parameters can I implement through ePO to prevent unauthorized devices from even communicating with our network. If they don't follow our naming conventions. ( Do understand about the IP ranges) Don't know if it feasiblee because of the size of our network. GP or Active Directory rules perhaps.

                    How to prevent DNS entries from being created. If the above can not be accomplished.

                     

                    I greatly appreciate both of you assisting me with this. My manager wants a solution and he wants it yesterday.

                     

                    Thanks!

                     

                    Edit - *UPDATE*

                    • 7. Re: ePO Question about Firewall
                      ansarias

                      I have one suggestion if its works.

                      1. Create a ePO query with give result of all authorized devices (Where put filter as system name and use naming convention).
                      2. Create a policy which allow to work in network.
                      3. Now go to ePO server task and run the query where sub action as assign the policy which is created in step 2.
                      4. So all unauthorized devices will be blocked by firewall.


                      Hope this will help you to resolve the issue.