NAC Bypass

NAC is designed to interrogate endpoints before they connect to a network. A network switch or AP can be configured to authenticate users and perform a security posture assessment to enforce policy. NAC-enabled devices intercept DHCP traffic from endpoints using a broadcast listener to find ARP requests and DHCP requests generated by endpoints.

NAC implementations allow certain nodes like printers, phones or conference equipment to join the network by using a a MAC address whitelist. This can be bypassed via MAC Address spoofing, for example, an attacker could spot an authorised MAC address belonging to an IP phone and spoof this to gain access.

Last updated 1 month ago

NAC Bypass

Last updated 1 month ago