Security

 View Only
last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

How to check client remote desktop attribute on clearpass service

This thread has been viewed 16 times
  • 1.  How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 04:38 AM

    Can we check client  remote desktop attribute on clearpass and assign role mapping to client or not?



  • 2.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 04:43 AM

    Hi

    Can you please describe your question in more detail. It's a bit hard to understand exactly what you are asking about.
    Is the question if it's possible to detect if a user is logged in via remote desktop on a Windows machine?



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 05:00 AM

    Ok. Sorry,

    I mean need to check client authen(or some attribute for tell us ) when client 2 remote to client 1 for use that device




  • 4.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 05:10 AM

    Ok, I see.

    The RDP session will not trigger any network authentication event on the remote host. Even if you enable both user and computer authentication the authentication status will still be the computer after the user has logged in via RDP.

    I have not seen any third party tools that can change the behavior.
    One idea, never tested so maybe it doesn't work, is to send an event from the client or a monitoring system when an RDP login takes place to ClearPass as an ingress event. When this happens trigger ClearPass can trigger a CoA and reauthenticate the computer. But also potentially disconnect the RDP session...

    The question have been asked several times in the forum, but I can't remeber any that I have seen any solution presented.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 05:29 AM

    Thank you for your answer.




  • 6.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 05:36 AM
    Hi Jonas,

    If we enable TCP Fingerprinting in one of the clearpass (one of the profiling method), can we 
    see from clearpass that the client is trying to communicate via TCP 3389, and then use it as rule condition to be able to connect to remote client ?






  • 7.  RE: How to check client remote desktop attribute on clearpass service

    Posted May 31, 2023 06:32 AM

    No I don't think so.
    As the RDP port 3389 will always be open on the machine the state will not change if you open a session to the port.
    If you have a firewall between the two clients maybe the firewall can trigger on the session and send the information to ClearPass.

    Still I think there may be a high risk that the RDP session doesn't survive the dynamic authorization required to change role on the switch.

    If you have to solve this issue I think you need to work together with a local Aruba partner or direct with Aruba. Either a local SE or the TAC.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------