This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
7. - Key terms for the MDM world and beyond: Read more in this section
- application sandboxing
- COPE (corporate-owned, personally-enabled)
- dual persona (mobile device management)
Explore other sections in this guide:
- 1. - Mobile device management strategy and policy
- 2. - MDM tools, training and software
- 3. - Focusing on the endpoints
Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks. Such endpoints are sometimes referred to as "dumb devices."
Endpoint fingerprinting is especially useful for controlling access to networked dumb devices. Because dumb devices do not interact with the network in the same way as a computer would, they have typically been difficult to track. Often, an enterprise has no inventory of non-traditional endpoints on the network, let alone a method of controlling access to them. Although the traditional view of network security has been to trust all devices on the network, the fluid nature of network peripheries and increasing mobility mean that approach is no longer tenable.
When networked devices are not monitored, they may enable unauthorized access to the enterprise's network and its resources. According to Usman Sindhu, an analyst at Forrester Research, networked dumb devices present a perfect opportunity for a hacker to perpetrate a man-in-the-middle attack: "If you are able to spoof the IP address of a device, you're essentially getting into the network environment."
Endpoint fingerprinting gathers IP and MAC addresses from endpoint devices and checks them against a list of approved addresses to confirm that each address is authentic and the corresponding device is authorized to access the network. IP and MAC addresses are monitored constantly to decrease the risk of unauthorized access.