Security

Reply
Super Contributor I

Guest Sponsor Approval

Hi guys,

 

I have read and tested the guest sponsor approval feature in ClearPass. It seems a nice feature but I see a shortcoming. When the client enter their name and email address in the registration window and click on Register, these parameters along others are sent to the sponsor for approval, but the sponsor can't be sure the client is who he says it is, and the sponsor could approve an account for a not desired person. Is there a way to authenticate the client?

 

Regards,

Julián

Guru Elite

Re: Guest Sponsor Approval

I don't think this is intended to be a high security mechanism; I think it is to provide some protection from totally open guest access. The sponsor does not have to answer if he does not know the user, or does not know the email address of the user.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I

Re: Guest Sponsor Approval

That is what I refer to, a bad client could enter an email address of a known user to the sponsor (supposing he knows that email), but the client isn't actually that user. The sponsor would approve and give access to the bad client.

 

Regards,

Julián

Guru Elite

Re: Guest Sponsor Approval

Yes. The sponsor is usually expecting the guest. There's nothing really you can do about this. Not a technical issue. It's just guest access.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: Guest Sponsor Approval

Hi Colin and Tim,

 

Yeah, I totally agree with both that the feature is intended for give some protection from totally open guest access and is not a technical issue, just wondering if there is a way to authenticate the user. It makes sense.

On the other hand, just a little question, do you know where I can find the guest user repository in ClearPass where all the guest created accounts are? I can't find this page.

 

Regards,

Julián

Guru Elite

Re: Guest Sponsor Approval

Guest > Guest > Manage Accounts


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: Guest Sponsor Approval

Pretty simple, many thanks!

 

Regards,

Julián

Occasional Contributor II

Re: Guest Sponsor Approval

hi julian.
in my opinion, i believe that same logic same goes to email address signups because it is meant for public use. the only thing mail domains like Yahoo can do is to make sure that there are no bots or AI registering and that is thru Captcha or sms verifications.

same goes to your clearpass guest which uses email or sms for verification

am i right?

let me know your thoughts
Super Contributor I

Re: Guest Sponsor Approval

Hi harveyysip,

 

Yes, the same would apply to the self-registration flavor, the visitor can enter an invalid email address. ClearPass also have the option to include Captcha to avoid robots.

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: