SSL throughout the network, with access control enforced using certificates is certainly a good idea.
But most of the problem you face is metrics and inventory control of authorized devices. Commercial WIPS gear does a lot of this heavy lifting without your having to script it all yourself. On Monday, October 15, 2012, Jimmy Hess wrote: > A NAT device is one example..... > another example of an unauthorized device could be an unauthorized > hardware keylogger/ network backdoor, with unauthorized connectivity to > the LAN, and > possible covert channels/backdoors/firewall bypasses. > > -- Suresh Ramasubramanian (ops.li...@gmail.com)
