1 Reply Latest reply on Jul 21, 2019 11:23 AM by mesverrum

    UDT and Port Security options

    young1361

      We have not started using UDT on our network but plan to very soon. My question is with port security at the user/device switch port level.  Once UDT have the AD information to include Host name, MAC, and IP address, how does it use that for what seems like, port security?  Tech briefs and Sales Demos show the help desk able to find a users device with one of those 3 items and drill down to the switch and port that device is/was connected to. Then the Help Desk Tech can reset or disable that user port. With MAB and 802.1X out there, port security is a # 1 need for us. Knowing what devices are connecting to our user switch ports is paramount to our security posture. We are using MAB currently with a CISCO ISE server for policy of what is allowed to connect. We are just wondering how UDT can interface with CISCO ISE and shut and/or open a port based on whether a device is authorized on the network by way of being in AD (Active Directory). Just can't get my head around this process with UDT. So we are running Orion 2019.2 with NPM, NCM, NTA, VNQM, and soon to be UDT. Thanks in advance for any insight or help.

        • Re: UDT and Port Security options
          mesverrum

          UDT doesn't have any native tie in to ISE or any other similar systems.  There is a concept of a white list in the tool and you can trigger an alert to trigger when new devices are on the network.  It is possible with the API to build your own automation to interface with whatever sources you want to populate the white lists, and its also possible to script up an alert action to shut down interfaces based on whatever logic you come up with, but OOTB it's not set up to do any of that automatically.  

           

          The other factor I feel the need to point out is that the default intervals for collecting data about the connected endpoints and AD user info are all at least 30 minutes, so if you envision UDT as a mechanism for kicking unauthorized users off the network then people often find those intervals unacceptably slow.  You can speed up the intervals but in many cases a strict secure posture requires something much more aggressive.

          1 of 1 people found this helpful