Essential Guide

Mobile endpoint security: What enterprise infosec pros must know now

A comprehensive collection of articles, videos and more, hand-picked by our editors

endpoint fingerprinting

Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks. Such endpoints are sometimes referred to as "dumb devices."

Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks. Such endpoints are sometimes referred to as "dumb devices."

Endpoint fingerprinting is especially useful for controlling access to networked dumb devices. Because dumb devices do not interact with the network in the same way as a computer would, they have typically been difficult to track. Often, an enterprise has no inventory of non-traditional endpoints on the network, let alone a method of controlling access to them. Although the traditional view of network security has been to trust all devices on the network, the fluid nature of network peripheries and increasing mobility mean that approach is no longer tenable.

When networked devices are not monitored, they may enable unauthorized access to the enterprise's network and its resources. According to Usman Sindhu, an analyst at Forrester Research, networked dumb devices present a perfect opportunity for a hacker to perpetrate a man-in-the-middle attack: "If you are able to spoof the IP address of a device, you're essentially getting into the network environment."

Endpoint fingerprinting gathers IP and MAC addresses from endpoint devices and checks them against a list of approved addresses to confirm that each address is authentic and the corresponding device is authorized to access the network. IP and MAC addresses are monitored constantly to decrease the risk of unauthorized access.

Learn More:
Shamus McGillicuddy explains 'Using NAC endpoint fingerprinting to inventory dumb devices.'

This was first published in September 2010

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Mobile endpoint security: What enterprise infosec pros must know now

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close