They won't help much/at all with BYOD or IoT, but for University owned/managed devices you could look at something like Guardicore (L7), Illumio (L4), or Cisco Tetration (L4) to do per device firewalling/micro segmentation. And they will all scale to the limits of your wallet.
Michael Davis Network Architect University IT Services http://directory.uark.edu/people/michaeld -----Original Message----- From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of William Green Sent: Tuesday, January 26, 2021 6:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless Segmentation and NAC EXTERNAL MESSAGE I've long been a proponent of Zero Trust (before it was called that). To flip the concern around, however, what about the connecting end device (e.g. Internet Of Trash)? I don't expect end device security postures to improve in the foreseeable. The network can't fix their postures, but it can ameliorate somewhat; at cost. I observe that for many devices a university network is more hostile than they typically experience in home environments-- where so many problems are avoided with simple stateful inspection within those very small home perimeters. I long for n=1 options that scale well. The architects run when they see me saunter towards their offices with that n=1 look in my eyes. I even have a theme song that plays for those watching on TV (Greenbaum's "Spirit in the Sky", where I want all the tunnels to terminate for inspection). Crazy in yesteryear, but technology has progressed to where I think it is coming into reach. Simple stateful inspection or full-cone. If someone wants more, they can take that up in software on the end devices and tunnel through perdition's flame. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichaeld%40UARK.EDU%7Cbc0f2cd16a2a48fe4d0908d8c25bf8f7%7C79c742c4e61c4fa5be89a3cb566a80d1%7C0%7C0%7C637473047571034457%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CbkqJrw3dKJWHio9XNiG1IAvcpi00A8Cy7ng2r7nrBM%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
