Security

last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Using username and password for single access and Traffic analysis

This thread has been viewed 0 times

  • 1.  Using username and password for single access and Traffic analysis

    Posted Dec 01, 2012 02:09 AM

    Hello,

     

    Can I use active directory username and password for following options:

     

    1- If someone used this username/password to access the network other people are not allowed to access using the same username/password ? (in other words as long as the user using this username/password is in network other users are not allowed to use the same user/password.

     

    2- I want to map this username/password to the ip grantined to users and then make a traffic analysis using this information (maybe through AirWave?). 

     

     



  • 2.  RE: Using username and password for single access and Traffic analysis

    EMPLOYEE
    Posted Dec 01, 2012 08:04 AM

    If you are using Captive Portal on the Aruba controller, you can use the "Single Session" option in the Captive Portal authentication profile to stop users with the same username from authenticating twice.  If the user is using 802.1x, you can only prevent that with a Radius Server like Clear Pass Policy Manager.

     

    Using Airwave you can track the location of a user/device for the last 24 hours on the map, but track what access point they were on for a year, depending on if you have enough disk space.

     



  • 3.  RE: Using username and password for single access and Traffic analysis

    Posted Dec 05, 2012 09:42 AM

    Hi Colin,

     

    Do you mean tracking clints is just knowing which AP they are connected to ? we need to track their actions which server/websites/protocol/services/applications they are using and the amount of traffic and we need to match it by username to know that the guy called XYZW is visiting Facebook alot spending 10 hours connected to network and so on.



  • 4.  RE: Using username and password for single access and Traffic analysis
    Best Answer

    EMPLOYEE
    Posted Dec 05, 2012 12:41 PM

    You would need to enable the "log" parameter in the firewall policy applied to the user.  You would then also configure an external syslog server.  The output will only show the source and destination ip address and port.  It will not resolve addresses like "facebook.com".  I would consult a commercial web proxy/filtering solution to address that need.

     



  • 5.  RE: Using username and password for single access and Traffic analysis
    Best Answer

    EMPLOYEE
    Posted Dec 05, 2012 02:04 PM

    Scheduled for AMP 7.7, there will be a Firewall component in AMP.  This component will track destinations and applications, with drill down options to get to traceback to a user.  The controller PEF+NG license will be a prerequisite for this feature to work.



  • 6.  RE: Using username and password for single access and Traffic analysis

    Posted Feb 06, 2013 04:19 PM

    That is awesome news Rob!

     

    Good to hear. Any news on release date?