Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Sponsor Approval

This thread has been viewed 10 times

  • 1.  Guest Sponsor Approval

    Posted Jul 12, 2017 06:42 PM

    Hi guys,

     

    I have read and tested the guest sponsor approval feature in ClearPass. It seems a nice feature but I see a shortcoming. When the client enter their name and email address in the registration window and click on Register, these parameters along others are sent to the sponsor for approval, but the sponsor can't be sure the client is who he says it is, and the sponsor could approve an account for a not desired person. Is there a way to authenticate the client?

     

    Regards,

    Julián



  • 2.  RE: Guest Sponsor Approval
    Best Answer

    EMPLOYEE
    Posted Jul 12, 2017 06:48 PM

    I don't think this is intended to be a high security mechanism; I think it is to provide some protection from totally open guest access. The sponsor does not have to answer if he does not know the user, or does not know the email address of the user.



  • 3.  RE: Guest Sponsor Approval

    Posted Jul 12, 2017 06:57 PM

    That is what I refer to, a bad client could enter an email address of a known user to the sponsor (supposing he knows that email), but the client isn't actually that user. The sponsor would approve and give access to the bad client.

     

    Regards,

    Julián



  • 4.  RE: Guest Sponsor Approval
    Best Answer

    EMPLOYEE
    Posted Jul 12, 2017 06:59 PM

    Yes. The sponsor is usually expecting the guest. There's nothing really you can do about this. Not a technical issue. It's just guest access.



  • 5.  RE: Guest Sponsor Approval

    Posted Jul 13, 2017 10:00 AM

    Hi Colin and Tim,

     

    Yeah, I totally agree with both that the feature is intended for give some protection from totally open guest access and is not a technical issue, just wondering if there is a way to authenticate the user. It makes sense.

    On the other hand, just a little question, do you know where I can find the guest user repository in ClearPass where all the guest created accounts are? I can't find this page.

     

    Regards,

    Julián



  • 6.  RE: Guest Sponsor Approval

    EMPLOYEE
    Posted Jul 13, 2017 10:21 AM

    Guest > Guest > Manage Accounts



  • 7.  RE: Guest Sponsor Approval

    Posted Jul 13, 2017 10:40 AM

    Pretty simple, many thanks!

     

    Regards,

    Julián



  • 8.  RE: Guest Sponsor Approval

    Posted Jul 14, 2017 08:12 AM
    hi julian.
    in my opinion, i believe that same logic same goes to email address signups because it is meant for public use. the only thing mail domains like Yahoo can do is to make sure that there are no bots or AI registering and that is thru Captcha or sms verifications.

    same goes to your clearpass guest which uses email or sms for verification

    am i right?

    let me know your thoughts


  • 9.  RE: Guest Sponsor Approval

    Posted Jul 14, 2017 09:33 AM

    Hi harveyysip,

     

    Yes, the same would apply to the self-registration flavor, the visitor can enter an invalid email address. ClearPass also have the option to include Captcha to avoid robots.

     

    Regards,

    Julián