Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Fingerprinting Windows on Clearpass

This thread has been viewed 2 times

  • 1.  Fingerprinting Windows on Clearpass

    Posted Sep 14, 2017 08:24 AM

    Hello!

    I have a problem with mis-identification of devices connecting to our clear pass system. For example:

    90-fb-a6-86-5e-ff
    (SmartDevice / Windows / Windows 7 Phone)

    is actually a computer. Most windows computers are being detected as smartdevices - on wired and wifi.

    If I click on one in the endpoint respository the fingerprints they are mostly blank, but some are:

    Endpoint Fingerprint Details
    CDP Device Description:
    SNMP Device Name: 90:fb:a6:e4:bf:4e
    SNMP System Description:
    SNMP Device Type: Unknown
    LLDP System Description:
    DHCP Option60: MSFT 5.0
    DHCP Options: 53,61,50,54,12,81,60,55
    DHCP Option55: 1,15,3,6,44,46,47,31,33,121,249,252,43
    Whats the best pay to proceed. I have profling turned on the devices.



  • 2.  RE: Fingerprinting Windows on Clearpass

    Posted Sep 14, 2017 03:12 PM
    You can always open a case with support and submit a fingerprint with your description of what the device is. They will validate that and then add it to the weekly update that gets downloaded by the rest of the Clearpass customers. In newer versions you can change what the device is classified as and even create your own fingerprint. If you doing anything fancy you may want to do custom attributes instead of relying on the. I would guess it's not being classified wrong it's just was found that that was a smart device because that Mac address and especially Windows 10 and a windows phone are getting harder to differentiate between.


  • 3.  RE: Fingerprinting Windows on Clearpass

    Posted Sep 14, 2017 04:54 PM
    Hi

    Thanks for that. Is it a weekly update? I looked on my clearpass server and it says it updated those 44 days ago. It does not offer anything newer?


  • 4.  RE: Fingerprinting Windows on Clearpass

    Posted Sep 14, 2017 04:57 PM
    Do you have a valid subscription? Can cppm get out to the internet?


  • 5.  RE: Fingerprinting Windows on Clearpass

    Posted Sep 14, 2017 05:26 PM

    Yes I  believe so, this is my update status:

     

    AntiVirus & AntiSpyware Updates 1.48111 2017/09/14 22:00:04 Online 2017/09/14 22:22:05 Latest
    Windows Hotfixes Updates 1.2134 2017/09/14 12:19:32 Online 2017/09/14 12:22:34 Latest
    Endpoint Profile Fingerprints 2.533 2017/06/07 12:27:25 Online 2017/07/31 17:25:20 Updated 45 days ago
    User-Agents Updates 1483988351 2017/01/09 18:59:11 Online 2017/07/31 17:25:21 Updated 45 days ago

     

    is that incorrect do you know?



  • 6.  RE: Fingerprinting Windows on Clearpass

    EMPLOYEE
    Posted Sep 15, 2017 03:13 AM

    I see the same fingerprint version [Jun 7] in my ClearPass server, so what might be possible is that there were no (relevant) updates in the fingerprints, so the bi-weekly publishing was skipped.

     

    If you find misclassified devices, please open an Aruba TAC case to get the fingerprints updated.



  • 7.  RE: Fingerprinting Windows on Clearpass
    Best Answer

    Posted Sep 15, 2017 07:38 AM

    Yes, I thought it was quite out of date and then today there is an update!

     

    I talked to our partner.  On the UWW controller we have, I had to enable dhcp relay - to forward on the DHCP information to clearpass.  It is working well now.  It wasn't really documentated in the Clearpass UWW guide, unless I missed it.

     

    I guess the message is, if fingerprinting isn't working well, check your dhcp relay/helper.

     

    Thanks for your time