An IDPS must have a level of trust with any node wanting to connect to it. Device authentication prevents an authorized user from connecting to perform privileged functions using a device which may contain security issues which may provide a vector for compromising the IDPS.
Communications to the IDPS components must be carefully restricted. Today's devices may need to communicate with the firewall, router, SYSLOG server, other IDPS components, and management clients. This control requires the organization to define these devices specifically and to identify these approved devices by type (e.g., firewall, router, remote PC, etc.). Thus, the authentication decision must take the device type, not just the user's authorization into account when allowing access. For example, a system administrator may be authorized access; however, access must also be from an authorized device. |