access control - integra group...clearpass onguard 9 • automate health checks and posture...
TRANSCRIPT
![Page 1: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/1.jpg)
ClearPassAccess Control
Marko UgrinDirektor Razvoja, Integra Group d.o.o.
![Page 2: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/2.jpg)
ClearPass – kontrola pristupa
Defines WHO and WHAT DEVICES can connect to:
WhichDEVICES
WhichDATA
WhichINFRASTRUCTURE
WhichAPPLICATIONS
Profile – Control – Attack Response
![Page 3: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/3.jpg)
Aruba Clearpass
3
The most comprehensive BYOD and IoT management platform
• Role-based network access enforcement for Wi-Fi, wired and VPN
• Supports NAC and Microsoft NAP posture and health checks• Advanced reporting of all user activity, authentications and
failures• Device onboarding, profiling, guest access, and compliance
reporting• Enterprise-grade AAA, including RADIUS/TACACS+, 802.1X and
non-802.1X services.
![Page 4: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/4.jpg)
ClearPass politike
Text
user/role device type / health
locationtime / day
ClearPass
ENFORCEIDENTIFY PROTECT
![Page 5: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/5.jpg)
ClearPass
Internet of
Things (IoT)
BYOD and
corporate owned
Security monitoring and threat prevention
Multi-vendor
switching
Multi-vendor
WLANs
Aruba ClearPass with
Exchange EcoSystem
Device Management and multi-factor auth
Helpdesk and voice/SMS services in the cloud
REST API / Syslog
![Page 6: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/6.jpg)
ClearPass
• Automated device fingerprinting
• Enhanced security for BYOD and guests
• Automating workflows
• Device health checks
Onboard Guest OnGuard
![Page 7: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/7.jpg)
Profiling - Know the Unknowns
DHCP
SNMP
SSH
TCPWMI
CDP, LLDP
OnGuard
NMAP
Mac OUI
Profile
AfterBefore
Temperature Sensor
Lighting Sensor
• Know everything• On-demand or pre-scheduled scans• Granular visibility for like devices
![Page 8: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/8.jpg)
ClearPass Onboard - BYOD
• Automate device provisioning for secure BYOD (Data about devices fromActive Directory and LDAP)
• Issue unique certificates for every mobile device - SCEP and EST (RFC 7030)
![Page 9: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/9.jpg)
ClearPass OnGuard
9
• Automate health checks and posture assessments before the device connects
• System-wide per-session NAC protection
• Allow or deny peer-to-peer applications or USB storage devices – no access if notencripted
• No access if not with latest patches and hot fixes.
• Quarantine endpoints that are not in compliance with corporate posture policies
• Detailed administrator dashboard
• Access based on the status of a certificate or credentials and user location data
![Page 10: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/10.jpg)
10
![Page 11: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/11.jpg)
Guest Management
11
• Create a customized guest access portal.
• Self-registration, social logins and sponsor options
• In-browser advertising.
![Page 12: Access Control - Integra group...ClearPass OnGuard 9 • Automate health checks and posture assessments before the device connects • System-wide per-session NAC protection • Allow](https://reader035.vdocuments.us/reader035/viewer/2022071606/614264abd9e4dc11f47f05e9/html5/thumbnails/12.jpg)
www.integragroup.hr