Organizations have all types of visitors from contractors, traveling employees, vendors and even customers. Regardless of who they are, business doesn’t stop and neither do the guests wanting access to the network. Whether these guests want to access internal resources, share a presentation, look up an email or simply want to access the Internet, a solution that automatically enables and secures guest access should be implemented.
Allowing a guest to join the network without the proper security solutions could prove costly. For example, the guest’s device could infect the network with all kinds of malware. An infection of the network could lead to a leakage of sensitive data or a take down of your network.
Risk management is about protecting your users, and your data. How can you authorize access while ensuring the guest device is not hostile to the network? Implement a network security solution, such as ForeScout CounterACT, that offers visibility and control of the network. This will allow you to build endpoint security policies around guest registration.
The policies can allow an administrator to determine how guest users and their devices enter the network. For example, administrators could set up a policy that would allow users onto the organizations guest WiFi on a verify-then-connect basis. In this case, guests who access the WiFi network are placed in an open VLAN that may provide exposure to the Internet or it may restrict the guest device from accessing it. Domain users who pass this policy check would automatically trigger CounterACT to grant the device permission by moving it into a secure VLAN.
Setting up access for guest users with CounterACT is a matter of deciding how a guest device should comply with security policies. For networks with more rigid security concerns, guest users can be pre-registered with a password that they can enter at the captive portal. Alternatively, a business might have a policy that allows all users to connect after asking for their names and email addresses. Either way, CounterACT can be set up to notify the security team via the console, email or text message when a guest enters the network.
For more information on granting and securing guest access, visit our Guest Network page.
Photo credit Freedigitalphotos.net/stockimages