Configuring a client to detect unknown devices
|Article:HOWTO27421|||||Created: 2010-01-08|||||Updated: 2010-01-20|||||Article URL http://www.symantec.com/docs/HOWTO27421|
Unauthorized devices can connect to the network in many ways, such as physical access in a conference room or rogue wireless access points. To enforce policies on every endpoint, you must be able to quickly detect the presence of new devices. Unknown devices are the devices that are unmanaged and that do not run the client software. You must determine whether the devices are secure. You can enable any client as an unmanaged detector to detect the unknown devices.
When a device starts up, its operating system sends ARP traffic to the network to let other computers know of the device's presence. A client that is enabled as an unmanaged detector collects and sends the ARP packet information to the management server. The management server searches the ARP packet for the device's MAC address and the IP address. The server compares these addresses to the list of existing MAC and IP addresses in the server's database. If the server cannot find an address match, the server records the device as new. You can then decide whether the device is secure. Because the client only transmits information, it does not use additional resources.
To configure the client as an unmanaged detector, you must do the following actions:
To configure a client to detect unauthorized devices
To display the list of unauthorized devices that the client detects
Article URL http://www.symantec.com/docs/HOWTO27421