AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

How do I create custom scans for peer-to-peer clients? 

Jun 30, 2014 08:55 PM

Product and Software: This article applies to all ECS product and software versions.

As popular as P2P software is, it raises ethical and legal concerns about copyright infringement with illegal downloads and also causes havoc with your network.

This solution describes how to block P2P (Windows) clients from connecting to your network by installing scripts developed to perform custom scans for the following popular P2P clients. This solution describes installation of eight custom scans for:

  • Azureus Vuze 3.0.3.4 (uses BitTorrent protocol)
  • BitComet 0.93 (uses BitTorrent protocol)
  • RevConnect 0.67p (regular P2P filesharing)
  • LimeWire 4.14.10 (regular P2P filesharing)

Note: This solution includes templates to start off the detection process. They are not all inclusive. They work for what they've been designed to work on. (Windows Vista) They can be further altered to cover other OS'es.

For each of these programs there are two scans (one listed under "Registry-Keys" and the other under "Prohibited Processes") that check the Window registry:

  • Is the program installed?
  • Is the program is running?

Requirements

  • AgentCustomScans.tar.gz file (attached file containing the scan configuration files)
  • ssh software (such as PuTTY)

Procedure
1) Download the attached file to your PC: 'AgentCustomScans.tar.gz'

2)  SCP the 'AgentCustomScans.tar.gz' file into the '/bsc/campusMgr/agent/customScans' directory on the NCS/NCAS appliance.

3) Access the NAC appliance CLI and log in.

4)  Navigate to the '/bsc/campusMgr/agent/customScans' directory and extract the attached tar file as follows:

cd /bsc/campusMgr/agent/customScans
tar -xzvf AgentCustomScans.tar.gz

5)  Log off from the NAC appliance CLI.

Validation
1) Log into CampusMgr.

2) Access the Security Management view.

3) From the Client-Validation-Assessment section, select Custom Scans.

4) Verify that there are four scans listed under "Prohibited Processes" and four scans under "Registry-Keys."

5) Modify settings so they are appropriate to your environment. (Example: Add Windows XP and any other options that are not currently set up.) These examples were written for Vista Only but can be extended to include other OS's.

Assign Custom Scans to a Security Policy

1) To go Security Management > Policy Configuration to display the Security Policies.

2) Select the policy to which you want to apply the customer scans and click Modify.

3) Click the Windows tab.

4) Click Custom from on the left-hand menu.

5) Select the custom scans to be performed.

6) Click Apply.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.