Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Configure NAC

This thread has been viewed 9 times

  • 1.  Configure NAC

    Posted Feb 04, 2014 03:47 PM

    Hi,

     

    One Question Please.

     

    Is possible configured NAC for Smart device?

     

    Thanks!!!



  • 2.  RE: Configure NAC

    Posted Feb 04, 2014 06:27 PM

    To clarify, what do you mean by NAC?  What would you like to accomplish with the mobile device?  I've found not everyone has the same definition of NAC...



  • 3.  RE: Configure NAC

    Posted Feb 04, 2014 06:51 PM

    i need to enforce posture to mobil devices like ipad, android, etc etc (onguard)
     or, what can you suggest, because it is not clear NAC concept for me



  • 4.  RE: Configure NAC

    EMPLOYEE
    Posted Feb 04, 2014 07:06 PM

    Sorry for the seemingly stupid questions, but can you also define posture for us? This term is also used in different ways.

     

    NAC and Posture on mobile devices is very different than their desktop OS counterparts for the following reasons:

        - Most mobile devices won't have antivirus

        - Most mobile devices don't get frequent "patches"

        - Most mobile devices don't have a user accessible firewall

        - Applications are much more controlled on a mobile device because of app store restrictions

     

    What posture assessments are you looking to do? The only one I can think of off the top of my head is a root/jailbreak check.



  • 5.  RE: Configure NAC

    Posted Feb 04, 2014 07:28 PM

    I understand, but in your experience could you give a advice or a tip for a configuration in BYOD with Clear Pass to a large corporation? (5k users)

    We're considereing the double factor authentication(token).

    Thanks in advance,

     



  • 6.  RE: Configure NAC

    Posted Feb 04, 2014 11:03 PM

    Is this a true BYOD deployment where the devices are not owned by the company, or are they company owned devices?

    Would you like to OnBoard these devices so they can use EAP-TLS instead of tokens?

    Do you need to guarantee that only certain devices are able to authenticate?



  • 7.  RE: Configure NAC
    Best Answer

    EMPLOYEE
    Posted Feb 05, 2014 01:35 AM

    So this comes down to what type of device you are looking to posture check.

     

     

    OnGuard:

     

    Windows: PC, Laptops, Servers

     

    Mac: PC, Laptops

     

    MDM/Workspace:

     

    Mobile device: iPad, iPod, phones etc...

     

     

    You will need to either have a third party MDM or the built in MDM/Workspace (only IOS is supported as of today). You can integrate your MDM vendor with clearpass where it can pull down the information the MDM vendor publishes.

     

    In 6.3 we now have a new feature where we can do a http put and be able to send commands to a few MDM vendors. This also opens up the ability to helpdesk ticket integration. 

     

    The Endpoint Context Server Actions form now includes the ability to specify the HTTP enforcement actions (headers, content, and so on).
    Typical RESTful API HTTP Methods are supported:
    –POST, PUT, DELETE and GET
    Designed to be used for policy actions or enforcement beyond the network
    –Marketing referring to this as ‘Rules Exchange’
    –POST, PUT and DELETE make most sense as actions
    Some default actions will be provided for our MDM partners
     
    Picture1.png
     

     

     

     

     



  • 8.  RE: Configure NAC

    Posted Feb 05, 2014 03:26 PM

    Thanks.

     

    The information is good!!!