Furniture manufacturing Industry- network security project case study
About the company
This furniture manufacturing corporation designs, manufactures, and distributes seating solutions for business, healthcare, government, and education markets. The company serves customers through commercial furniture dealers and boasts six locations, including warehouses and corporate offices in Cypress, Tech Center, Olympus, Buena Park, Mexico,,to and La Mirada. The company was founded in 1996 and is based in Cypress, California.
CHALLENGES
Bring Your Own Devices (BYOD)
For the furniture services that they provide, the company wanted to allow employees to bring their own devices in order to work from anywhere. The company also wanted their guests and authorized contractors to be able to log into their network with their own devices. The inherent risk with BYOD, however, means that it becomes increasingly difficult to manage the endpoints on the network and to protect the company’s valuable assets. Despite the benefits of BYOD for the enterprise (ie. enhanced employee satisfaction, increased production and collaboration), the company needed a solution to eliminating the inherent risks.
enDpoint compliance
With endpoint security threats constantly evolving, it becomes evident that a cybersecurity solution that could account for any evolutions in the threat landscape should be implemented for any enterprise. Specific endpoints, such as personal laptops, phones, and tablets, could contain malicious elements such as viruses or malware that could threaten the contents of their enterprise network.
visibility for wired and wireless threats
With the management of four locations, warehouses, and corporate offices, it becomes increasingly difficult for the company to detect and manage any threats to its networks. They needed a management tool to not only detect intrusions to their enterprise networks but to manage them well.
ASsessment and solution
With the security needs that the company was facing, the company reached out to PM2NET for an assessment of their current network infrastructure, which involved Cisco wireless LAN controllers. Their main focus was to improve security and control and increase the expandability of their security solutions. PM2NET recognized this need and introduced the Cisco Identity Service Engine (Cisco ISE). PM2NET came in for a design session to fit ISE into their infrastructure’s needs: including the gathering of information about their infrastructure, what network systems they have already, and how PM2NET could integrate Cisco ISE within their system.
After a walkthrough of their environment, PM2NET’s expert engineering staff proposed setting up two ISE nodes (for high availability in case one node fails) with the incorporation of three personas (administration, monitoring, and policy). PM2NET first deployed Cisco ISE in monitoring mode. Once PM2NET engineers received a better idea of incoming traffic, PM2NET then proceeded with the tuning period, preparing the environment and seeing which networks should be segregated, such as the guest VLAN accessing the internet only, without access to the enterprise database. PM2NET engineers then configured Cisco ISE into enforcement mode, which enforced the network policies, such as setting up guest credentials, logging onto the guest SSID, and the guest network.
In total, four SSIDs were incorporated, including one for corporate users (full network access to all internal resources); guests (internet access only and no internal resources); devices (for agentless devices such as scanners and printers that do not have 802.1x supplicant configured); and contractors (internet access and some internal resources such as printers and scanners).
Wired devices, also need to protect themselves whenever individuals connect to the network through a switch. PM2NET’s push for Cisco ISE was put into play because of the TACACS+ protocol, which manages authentication, authorization, and accounting for wired devices.
Advantages
The company's decision to choose this solution was due to their need for improved endpoint and network security and enhanced visibility. They also took into account their need to scale to their multiple locations as well as ease of management. What they realized was that Cisco ISE contained the aspects of a robust network security solution, ranging from its versatility, effortlessness, and functionality.
Identity service for the network
By incorporating Cisco ISE, the IT staff can track and trace specific identities that log onto the network. This includes those that log in through using an ID and password when connecting to the WiFi. Through siphoning off the network into distinct areas, they would then benefit from less concern for insider threats and threats from customers that log onto the network. Employees, through 802.1x authentication, could then get into the internal network, while guests who want to use the network would not be exposed to any of the internal networks. Cisco ISE also allowed the profiling of company devices that were not capable of 802.1x authentication, such as printers, through media access control address bypass (MAB).
Network Management
One other advantage of Cisco ISE was visibility through the management console to see all devices and the ability to authenticate, authorize, and administer users. Cisco ISE enabled the company to see all wired and wireless devices on their network. The powerful solution also allowed the network staff to observe which members log in, the location from where they log in, which machine or operating system the device had, its patch level, and more. This simplicity of network management increases visibility and helps the staff determine whether there are any endpoint threats.
Endpoint Compliance
One of the biggest concerns for BYOD is the evolution of threats. The company was pleased to learn that Cisco ISE’s robust platform allows for the assurance of endpoint compliance for all devices. This allows the network solution to distribute the latest patches to contain known threats. Having Cisco ISE gives them the benefits of BYOD, giving its employees, guests, and authorized contractors the flexibility to work from anywhere - in a secure manner.