Security

Reply
New Contributor
Posts: 2
Registered: ‎04-15-2013

ClearPass Audit NMAP Question

Hi,

 

I'm new to CPPM and would like some assistance with Device Auditing through NMAP.

 

I would like to use auditing configuration in conjunction with MAB in order to further increase the veracity of device 'fingerprinting'.

I'm intending to use the built in NMAP server to profile Cisco VoIP devices, along with various manufacturer printers.

 

I'm concerned that DHCP fingerprints could be faked, and MAC (OUI) spoofed, so I'm hoping NMAP can do its own device fingerprinting, and I can also do another level on top, like matching specific known open ports to be almost 100% sure the device that is connecting is what it says it is.

 

Could anyone point me in the direction of any information resources that would assist?

 

For my testing I have created a NMAP audit server (local to CPPM) and selected 'Detect Host Operating System', 'Service Scan', 'UDP Scan', and 'TCP Syn Scan', however when I enable the Audit in my wired 802.1x service my access tracker has the following alert:

 


Alerts for this Request

Policy serverMissing required inputs to perform audit

 

And prior to this under Output > Posture Reponse I saw:

 

Avenda:Audit:Audit-Status

AUDIT_INPROGRESS

 

 

So it seems as if it can't successfully run on the target host.

 

Any ideas how I could troubleshoot?

 

Thanks,

 

Ward

 

Guru Elite
Posts: 20,981
Registered: ‎03-29-2007

Re: ClearPass Audit NMAP Question

Please examine the "Prevent MAC Spoofing" document here:  http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Default.aspx?EntryId=7962



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎04-15-2013

Re: ClearPass Audit NMAP Question

Thanks for the reply!

 

What I am interested in however is any configuration examples, or troubleshooting advice. I understand roughly how I should be configuring the NMAP policy, however an example of a best-practice configuration for auditing a phone or printer would be nice. Likewise, generic error messages and potential causes.

 

Is anyone able to assist?

Guru Elite
Posts: 20,981
Registered: ‎03-29-2007

Re: ClearPass Audit NMAP Question

[ Edited ]

Ward,

 

I think I know what you want.  Let me see if I can get someone to help.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎01-06-2012

Re: ClearPass Audit NMAP Question

CJoseph - Would you be able to forward me the information as well?  I came across this thread while searching for the same information.

 

Thanks,
Robert

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: ClearPass Audit NMAP Question

[ Edited ]

One thing to remember is that most people don't realize or forget that when you are on a page you can click the help link in the top right corner and it will give you definitions and examples

 

nmap1.png

nmap2.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: