This disclosure describes techniques for transparent inspection of a new device that connects to a network prior to providing the device with full network access. A device that is newly connected to a network is temporarily and transparently isolated from the rest of the network. Traffic to and from the isolated device is redirected through an inspection service, which analyzes the traffic and security state of the device. Devices placed in the inspection VLAN are permitted to communicate with only the inspection service, and no two such devices are permitted to communicate with each other. All traffic from a device placed under inspection VLAN is tunneled to the inspection service using a layer 2 tunneling protocol. If the inspection service deems the device compliant, the device is authorized to be placed directly on the network. The inspection system can be configured in a cloud computing setup to improve efficiency and scalability of inspection.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.