In a large intranet with thousands (or mroe) devices the primary goal is to maintain a decent security level. It's quite hard to find an unauthorized (rogue) device connected in case the administrative policy is of permissive type.
In another words, if it is assumed that any device online is a legitimate ones and belongs to someone authorized, it's hard to maintain security, even if all the data access attempts are properly logged and checked.
It is advised to have a complete map of network activity; all the MAC addresses, IP addresses assigned etc. must be regularly gathered and studied for unknown entries. All the devices must be registered and there should be an easy way to detect whether a given MAC address belongs to a legitimate device.
And, finally, the default administrator's policy towards new or unknown devices must be to forbid access to intranet resources. Although it could require slightly more work to check every such a case, it would prevent serious security issues in the long run.
Constant network monitoring within intranet is also a must to keep an acceptable level of security.
In another words, if it is assumed that any device online is a legitimate ones and belongs to someone authorized, it's hard to maintain security, even if all the data access attempts are properly logged and checked.
It is advised to have a complete map of network activity; all the MAC addresses, IP addresses assigned etc. must be regularly gathered and studied for unknown entries. All the devices must be registered and there should be an easy way to detect whether a given MAC address belongs to a legitimate device.
And, finally, the default administrator's policy towards new or unknown devices must be to forbid access to intranet resources. Although it could require slightly more work to check every such a case, it would prevent serious security issues in the long run.
Constant network monitoring within intranet is also a must to keep an acceptable level of security.
