Unauthorized device detection in a computing environment

What is claimed is: 1 . A non-transitory machine-readable storage medium comprising instructions that upon execution cause a system to: receive information from electronic devices comprising network devices and computing devices in a computing environment that are subject to attestations of interfaces of the network devices and the computing devices; for each interface of a given computing device being attested, verify that the interface of the given computing device is connected to an interface of a corresponding network device that is being attested; for each interface of a given network device being attested, verify that the interface of the given network device is connected to an interface of a corresponding computing device that is being attested or an interface of another network device that is being attested; detect a presence of an unauthorized electronic device in the computing environment in response to determining that an interface of a computing device being attested or an interface of a network device being attested is not connected to a corresponding interface of an electronic device being attested. 2 . The non-transitory machine-readable storage medium of claim 1 , wherein the received information comprises network addresses of the interfaces of the network devices and the computing devices. 3 . The non-transitory machine-readable storage medium of claim 1 , wherein an attestation of an interface of a network device comprises verifying a configuration of a port of the network device. 4 . The non-transitory machine-readable storage medium of claim 1 , wherein an attestation of an interface of a computing device comprises verifying a configuration of a network interface controller of the computing device. 5 . The non-transitory machine-readable storage medium of claim 1 , wherein the verifying that the interface of the given computing device is connected to the interface of the corresponding network device that is being attested comprises confirming that network address information of the interface of the given computing device corresponds to network address information stored at the corresponding network device. 6 . The non-transitory machine-readable storage medium of claim 5 , wherein the network address information of the interface of the given computing device comprises a computing device Medium Access Control (MAC) address, or a computing device Internet Protocol (IP) address, or a pair of the computing device MAC address and the computing device IP address. 7 . The non-transitory machine-readable storage medium of claim 6 , wherein the verifying that the interface of the given computing device is connected to the interface of the corresponding network device that is being attested comprises comparing a network address of the interface of the given computing device to a network address stored in configuration information maintained at the corresponding network device, the configuration information comprising network addresses of interfaces of computing devices connected to the interface of the corresponding network device. 8 . The non-transitory machine-readable storage medium of claim 5 , wherein the instructions upon execution cause the system to: indicate the presence of the unauthorized electronic device in response to detecting that network address information of an interface of an electronic device is not unique, wherein the electronic device is a computing device or a network device. 9 . The non-transitory machine-readable storage medium of claim 1 , wherein the detecting of the unauthorized electronic device in the computing environment comprises detecting that configuration information in a network device or a computing device contains a network address for an electronic device that has not been attested. 10 . The non-transitory machine-readable storage medium of claim 1 , wherein the verifying that the interface of the given network device is connected to the interface of the corresponding computing device that is being attested comprises confirming that network address information of the interface of the given network device corresponds to network address information stored at the corresponding computing device. 11 . The non-transitory machine-readable storage medium of claim 1 , wherein the verifying that the interface of the given network device is connected to the interface of another network device that is being attested comprises confirming that network address information of the interface of the given network device corresponds to network address information stored at the other network device. 12 . The non-transitory machine-readable storage medium of claim 1 , wherein the instructions upon execution cause the system to: verify that each computing device and each network device in the computing environment has been successfully attested; and indicate the presence of the unauthorized electronic device if any of the computing devices and the network devices has not been successfully attested. 13 . The non-transitory machine-readable storage medium of claim 1 , wherein the instructions upon execution cause the system to: verify that an identifier of a computing device is an authorized identifier; and indicate the presence of the unauthorized electronic device if the identifier of the computing device is not an authorized identifier. 14 . A system comprising: a hardware processor; and a non-transitory storage medium storing instructions executable on the hardware processor to: receive information from network devices and computing devices in a computing environment, wherein each network device of the network devices is to forward data units received at the network device along a network path based on identifiers in the data units; for each interface of a given network device of the network devices, determine whether a network address of an interface of a connected computing device or an interface of a connected network device contained in configuration information stored in the given network device has not been attested; and detect that the connected computing device or the connected network device is an unauthorized device in response to the network address of the interface of the connected computing device or an interface of the connected network device contained in the configuration information not having been attested. 15 . The system of claim 14 , wherein the instructions are executable on the hardware processor to: build a topology of the network devices and the computing devices based on the received information; and using the topology, confirm that the network address of the interface of the computing device corresponds to a network address stored at a corresponding network device. 16 . The system of claim 14 , wherein the instructions are executable on the hardware processor to: check that each of the network devices and the computing devices has been successfully attested; and indicate that any network device or computing device is unauthorized if the network device or computing device has not been successfully attested. 17 . The system of claim 14 , wherein the instructions are executable on the hardware processor to: for each interface of a given computing device of the computing devices, determine whether a network address of an interface of a first network device contained in configuration information stored in the given computing device has not been attested; and detect that the first network device is an unauthorized network device in response to the network address of the interf