• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 24 subscribers
  • Views 689 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

UDT and Port Security options

young1361

We have not started using UDT on our network but plan to very soon. My question is with port security at the user/device switch port level.  Once UDT have the AD information to include Host name, MAC, and IP address, how does it use that for what seems like, port security?  Tech briefs and Sales Demos show the help desk able to find a users device with one of those 3 items and drill down to the switch and port that device is/was connected to. Then the Help Desk Tech can reset or disable that user port. With MAB and 802.1X out there, port security is a # 1 need for us. Knowing what devices are connecting to our user switch ports is paramount to our security posture. We are using MAB currently with a CISCO ISE server for policy of what is allowed to connect. We are just wondering how UDT can interface with CISCO ISE and shut and/or open a port based on whether a device is authorized on the network by way of being in AD (Active Directory). Just can't get my head around this process with UDT. So we are running Orion 2019.2 with NPM, NCM, NTA, VNQM, and soon to be UDT. Thanks in advance for any insight or help.

  • 0

    UDT doesn't have any native tie in to ISE or any other similar systems.  There is a concept of a white list in the tool and you can trigger an alert to trigger when new devices are on the network.  It is possible with the API to build your own automation to interface with whatever sources you want to populate the white lists, and its also possible to script up an alert action to shut down interfaces based on whatever logic you come up with, but OOTB it's not set up to do any of that automatically.  

    The other factor I feel the need to point out is that the default intervals for collecting data about the connected endpoints and AD user info are all at least 30 minutes, so if you envision UDT as a mechanism for kicking unauthorized users off the network then people often find those intervals unacceptably slow.  You can speed up the intervals but in many cases a strict secure posture requires something much more aggressive.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.