Federal Subagency Tasked with Gathering Data to Inform Mission-Critical Military Endeavors
Comprised of civilian and military personnel—including leading experts in meteorology, oceanography, computer science and military operations—this federal client conducts real-time data-gathering to inform a range of mission-critical military endeavors. Accessed by the wrong hands, that data could also expose military forces to significant risk. This agency needed an access control solution that would keep unauthorized users at bay.
Until recently, however, this client’s network lacked appropriate access control. Any user onsite could gain network access by plugging into a wall-jack. Still more concerning, should the wrong individuals gain access, they could potentially use it to compromise the networks of and steal sensitive data from other Department of Defense (DoD) agencies. To protect its network and satisfy DoD Security Technical Implementation Guides (STIG), this client needed to implement port-based authentication requiring login credentials for anyone onsite.
The Solution: Cisco ISE
Upon recommending Cisco Identity Services Engine (ISE) as the best access control solution to meet the client’s needs, multiple engineers from Force 3 went onsite with the client, assessing a variety of factors, including:
- • Network size
- • Number of users and devices
- • Types of devices on the network
- • Scale and redundancy
- • Fail-over viability
After completing the requirements gathering process, Force 3 also assisted with implementation: deploying necessary environmentwide changes, configuring network access devices, creating certificate templates, performing endpoint configurations, and testing and trouble-shooting specific devices.
Adding an additional layer of complexity beyond IP phones, printers and standard Windows machines, many of the client’s machines run on Linux, thus requiring extra configuration. For the engineers, this created the challenge of ensuring the solution was easily deployed to each machine without individually touching each one. Ultimately, each network device—Linux and Windows alike—needed the ability to access the network and authenticate with minimal effort, but in the most secure possible fashion.
Because organization-wide adoption is critical to a solution’s success, Force 3 also collaborated with the client to establish the proper training and resources to ensure the organization continues using and benefiting from Cisco ISE. That includes providing ongoing support and education to help the client use their access control solution to its fullest capabilities.
Between the group’s modestly sized network and the fact that it already operated in a Cisco network environment, ISE offered an easy integration. With Cisco ISE, Force 3 provided multiple functionalities for device authentication, network administrators and certificate authentication, all from one platform and with centralized management capabilities (i.e., a single pane of glass). Further still, through ongoing support and collaboration, the client’s IT team can continue maximizing its use and adoption of Cisco ISE and all the benefits it offers.
Ultimately, the client can move forward confident that the only people accessing and using its network are actually authorized to do so, thus meeting DoD STIG requirements and securing the client’s network, protecting its data and better serving the mission that its data supports.
Want to see ISE in action?