Security

Reply
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Configure NAC

Hi,

 

One Question Please.

 

Is possible configured NAC for Smart device?

 

Thanks!!!

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Configure NAC

To clarify, what do you mean by NAC?  What would you like to accomplish with the mobile device?  I've found not everyone has the same definition of NAC...

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Configure NAC

i need to enforce posture to mobil devices like ipad, android, etc etc (onguard)
 or, what can you suggest, because it is not clear NAC concept for me

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Configure NAC

[ Edited ]

Sorry for the seemingly stupid questions, but can you also define posture for us? This term is also used in different ways.

 

NAC and Posture on mobile devices is very different than their desktop OS counterparts for the following reasons:

    - Most mobile devices won't have antivirus

    - Most mobile devices don't get frequent "patches"

    - Most mobile devices don't have a user accessible firewall

    - Applications are much more controlled on a mobile device because of app store restrictions

 

What posture assessments are you looking to do? The only one I can think of off the top of my head is a root/jailbreak check.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Configure NAC

I understand, but in your experience could you give a advice or a tip for a configuration in BYOD with Clear Pass to a large corporation? (5k users)

We're considereing the double factor authentication(token).

Thanks in advance,

 

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Configure NAC

Is this a true BYOD deployment where the devices are not owned by the company, or are they company owned devices?

Would you like to OnBoard these devices so they can use EAP-TLS instead of tokens?

Do you need to guarantee that only certain devices are able to authenticate?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Configure NAC

So this comes down to what type of device you are looking to posture check.

 

 

OnGuard:

 

Windows: PC, Laptops, Servers

 

Mac: PC, Laptops

 

MDM/Workspace:

 

Mobile device: iPad, iPod, phones etc...

 

 

You will need to either have a third party MDM or the built in MDM/Workspace (only IOS is supported as of today). You can integrate your MDM vendor with clearpass where it can pull down the information the MDM vendor publishes.

 

In 6.3 we now have a new feature where we can do a http put and be able to send commands to a few MDM vendors. This also opens up the ability to helpdesk ticket integration. 

 

The Endpoint Context Server Actions form now includes the ability to specify the HTTP enforcement actions (headers, content, and so on).
Typical RESTful API HTTP Methods are supported:
–POST, PUT, DELETE and GET
Designed to be used for policy actions or enforcement beyond the network
–Marketing referring to this as ‘Rules Exchange’
–POST, PUT and DELETE make most sense as actions
Some default actions will be provided for our MDM partners
 
Picture1.png
 

 

 

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Configure NAC

Thanks.

 

The information is good!!!

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: