If you’ve read any of my previous blog posts, you have probably noticed that I make an effort to confine my posts to vendor-neutral topics. However, every now and then I come across vendor-specific technology implementations that are so cool that I just have to say something about them. In this case, it is DHCP fingerprinting by Aruba Networks.
Without getting into too much technical detail, this technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address. This feature is really cool because it means you can allow a user to connect to the same ESSID (read: wireless network), using the same username/password, with a variety of different devices, and get different levels of access depending on the specific device type. For example, if the user connects to the WLAN with a company issued laptop then they get access to the internal network. However, if they connect using an iPad they get Internet access only. Didn’t I say this was cool?
Enough typing, I recorded a little demonstration of DHCP fingerprinting for your viewing enjoyment:
As BYOD becomes more prevalent, I think we are going to start seeing technologies like this popping up all over the place. This is a good thing since it gives administrators the ability to allow BYODs onto the network without having to give up on security and control.
How do you deal with BYODs in your environment? If you have thoughts or comments regarding the proper way of dealing with BYODs please share them in the comments section. Also, as usual, please share this post with others if you found it useful or interesting.