Classify Mobile Assets

Similar documents
Classify Assets. How-to Guide. CounterACT Version 7.0.0

Manage External Devices

Ensure Antivirus Compliance

Ensure Instant Messaging and Peer to Peer Compliance

Control Network Vulnerabilities

Prevent Network Attacks

Control Wireless Networks

ForeScout CounterACT. Ensure Antivirus Compliance. How-to Guide. Version 8.0

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

ForeScout CounterACT. Classify Devices. How-to Guide. Version 8.0

ForeScout CounterACT. Ensure Instant Messaging and Peer to Peer Compliance. How-to Guide. Version 8.0

Use the Executive Dashboard

ForeScout CounterACT. Windows Vulnerability DB. Configuration Guide. Updated February 2018

CounterACT Aruba ClearPass Plugin

Forescout. Control Network Vulnerabilities. How-to Guide. Forescout version 8.1

CounterACT NetFlow Plugin

CounterACT Reports Plugin

CounterACT External Classifier Plugin

ForeScout Extended Module for Bromium Secure Platform

ForeScout Extended Module for Qualys VM

CounterACT Check Point Threat Prevention Module

CounterACT Afaria MDM Plugin

ForeScout Extended Module for ServiceNow

ForeScout CounterACT. Configuration Guide. Version 1.1

CounterACT CEF Plugin

CounterACT Microsoft System Management Server (SMS) System Center Configuration Manager (SCCM) Plugin

CounterACT DNS Enforce Plugin

ForeScout App for IBM QRadar

CounterACT Hardware Inventory Plugin

CounterACT User Directory Plugin

CounterACT Security Policy Templates

CounterACT Advanced Tools Plugin

CounterACT Syslog Plugin

ForeScout Amazon Web Services (AWS) Plugin

ForeScout Extended Module for Advanced Compliance

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

ForeScout CounterACT. Configuration Guide. Version 5.0

Forescout. Configuration Guide. Version 2.4

ForeScout Extended Module for MaaS360

ForeScout CounterACT. Work with IPv6 Addressable Endpoints. How-to Guide. Version 8.0

ForeScout App for Splunk

Forescout. Work with IPv6 Addressable Endpoints. How-to Guide. Forescout version 8.1

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

ForeScout CounterACT. ARF Reports Module. Configuration Guide. Version 1.0.3

CounterACT Wireless Plugin

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Forescout. Engine. Configuration Guide. Version 1.3

ForeScout Extended Module for VMware AirWatch MDM

ForeScout Extended Module for MobileIron

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Network Function Property Algorithm. CounterACT Technical Note

Forescout. Asset Reporting Format (ARF) Reports Module. Configuration Guide. Version 1.0.3

ForeScout Extended Module for Web API

CounterACT HPS Applications Plugin

CounterACT VMware vsphere Plugin

ForeScout CounterACT. Configuration Guide. Version 1.2

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

ForeScout CounterACT Linux Plugin

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

CounterACT DHCP Classifier Plugin

SecureConnector Advanced Features

ForeScout CounterACT. Configuration Guide. Version 1.4

Forescout. Configuration Guide. Version 4.4

Forescout. eyeextend for ServiceNow. Configuration Guide. Version 2.0

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

ForeScout Extended Module for IBM BigFix

Forescout. Plugin. Configuration Guide. Version 2.2.4

Easy-to-Use PCI Kit to Enable PCI Compliance Audits

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

ForeScout Extended Module for ServiceNow

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for IBM BigFix

ForeScout CounterACT. Security Policy Templates. Configuration Guide. Version

ForeScout Extended Module for Tenable Vulnerability Management

CounterACT Macintosh/Linux Property Scanner Plugin

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Forescout. Configuration Guide. Version 2.2

ForeScout CounterACT. Deploying SecureConnector as a Service as Part of a Machine Image. How-to Guide. Version 8.0

CounterACT VMware vsphere Plugin

ForeScout CounterACT. Cisco PIX/ASA Firewall Integration Module. Configuration Guide. Version 2.1

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

ForeScout Extended Module for ArcSight

[ Getting Started with Analyzer, Interactive Reports, and Dashboards ] ]

ZENworks 2017 Patch Management Airgap Solution. 1 About the Airgap Solution. 2 Prerequisites. December 2017

ForeScout CounterACT. Configuration Guide. Version 4.3

ForeScout CounterACT. Plugin. Configuration Guide. Version 1.2

ForeScout Extended Module for Symantec Endpoint Protection

Forescout. Controller Plugin. Configuration Guide. Version 1.1

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

ForeScout CounterACT. Hardware Inventory Plugin. Configuration Guide. Version 1.0.3

Forescout. Configuration Guide. Version 1.3

Dealing with Event Viewer

ImageNow Interact for ESRI ArcGIS Server Installation and Setup Guide

One Identity Active Roles 7.2. User's Guide

Transcription:

How-to Guide CounterACT Version 7.0.0

Table of Contents About Mobile Device Classification... 3 Prerequisites... 3 Create a Mobile Classification Policy... 4 Evaluate Mobile Assets... 8 Generate Reports... 9 Classification Tips... 10 CounterACT Version 7.0.0 2

About Mobile Device Classification CounterACT provides powerful tools that let you continuously track and control your network mobile assets. Follow the step-by-step procedures in this guide to: Use a wizard-based CounterACT template to create a policy to classify mobile assets in your network into the following groups: ios Kindle Fire Android Kindle Windows Mobile Blackberry Symbian Palm Other Review an extensive range of information about each device, including IP, MAC Address, vendor, model, OS version, user directory information, and more. Generate real-time and trend reports about mobile assets. This How-to guide provides basic configuration instructions designed for a quick setup. For more information on the extended configuration options, refer to the Console User Manual or the Console Online Help. Prerequisites Verify that your CounterACT system was set up using the Initial Setup Wizard. Refer to the Console Online Help for details. Verify that the Mobile or Hand held group appears in the Console, Filters pane. These groups are used by this policy template to further classify mobile devices. If one of these groups does not appear, run the Asset Classification template policy to create them and other asset groups. Refer to the Console Online Help for details. CounterACT Version 7.0.0 3

Create a Mobile Classification Policy Follow these steps to detect and classify your network s mobile assets using a policy template. Select the Mobile Classification Template 1. Log into the CounterACT Console. 2. On the Console toolbar, select the Policy tab. The Policy Manager opens. 3. In the Policy Manager pane select Add. The Policy Wizard opens, guiding you through policy creation. 4. Under Templates, expand the Classification folder and select Mobile Classification. CounterACT Version 7.0.0 4

5. Select Next. The Name pane opens. Name the Policy 1. In the Name pane, a default policy name appears in the Name field. 2. Accept the default name or create a new name, and add a description. 3. Select Next. The Scope pane and the IP Address Range dialog box open. CounterACT Version 7.0.0 5

Choose the Hosts to Inspect 1. Use the IP Address Range dialog box to specify the hosts you want to inspect. The following options are available: All IPs lets you inspect all addresses in the Internal Network range, initially defined when CounterACT was set up. Segment lets you select a previously defined segment of the network. To specify multiple segments, select Cancel to close the IP address range dialog box, and select Segments from the Scope pane. IP Range lets you define a range of IP addresses. These addresses must be within the Internal Network. Unknown IP addresses applies the policy to hosts whose IP addresses are not known. Not applicable for this policy template. Viewing or modifying the Internal Network is performed separately. Select Tools>Options>Internal Network. 2. Select OK. The added range appears in the Scope list. 3. Select Next. The Sub-Rules pane opens. Finish Policy Creation The policy sub-rules are displayed in the Sub-Rules pane. Rules instruct CounterACT how to detect hosts (Conditions) and handle hosts (Actions). All actions are defined by default to sort all of your assets into their respective device groups. CounterACT Version 7.0.0 6

1. Select Finish. The policy automatically appears highlighted in the Policy Manager, where it can be activated. Activate the Policy 1. On the Console toolbar, select the Policy tab. 2. In the Policy Manager, select the policy you created. 3. Select Apply. The policy is activated. CounterACT detects mobile assets at the addresses you specified in the Scope pane, and adds the assets to their appropriate groups. 4. On the Console toolbar, select the NAC tab. CounterACT Version 7.0.0 7

5. In the Filters pane, expand the Groups folder and scroll to view the groups. Evaluate Mobile Assets After activating the policy, you can view an extensive range of details about mobile devices and the users connected to them. To evaluate mobile devices: 1. On the Console toolbar, select the NAC tab. 2. In the Views pane, expand the Policy folder and select the Mobile policy containing your mobile asset classification policy. 3. In the Detections pane, select a host. Host information is displayed in the Details pane. CounterACT Version 7.0.0 8

4. To customize the information displayed about mobile devices, right-click a column heading, select Add/Remove Columns, and select the information of interest to you. You can also reorder the columns. Generate Reports After the policy runs, you can generate reports with real-time and trend information about your network assets. You can generate and view the reports immediately, or generate schedules to ensure that your assets are automatically and consistently reported. The Reports tool provides tools to customize reports and schedule automatic report generation. For more information about the Reports tool, see the CounterACT Console User Guide. To generate a report: 1. Select Web Reports from the Console Reports menu. The Reports portal opens. 2. Select Add. The Add Report Template dialog box opens. 3. Select a report template, and select Next. A report configuration page opens. 4. Define the report specifications in each field. 5. Schedule report generation (optional). 6. Select Save (optional) to save the report settings and assign them a name. The report name appears in the Reports list for future use. 7. Select Run to generate and display the report. CounterACT Version 7.0.0 9

In the following example, the NAC Policy Compliance report was selected. Classification Tips To ensure that all mobile devices are identified, you may need to fine-tune the conditions in the Mobile Classification template or the Asset Classification template as follows: By default, CounterACT must detect HTTP traffic (browsing) on the device to classify it. Alternatively, you can add the NIC Vendor condition to device subrules, with the names of mobile NIC vendors. The devices are detected based on the vendor name, without the need to wait for browsing. For example, if you add the RIM, NIC Vendor condition to your Asset Classification> Hand Held Devices sub-rule, the BlackBerry devices will be classified based on the vendor name. Mobile devices are detected when the access point is configured as a bridge. By default, the template does not detect mobile devices when their access point is configured as a gateway or router. You can use the Device is NAT condition to detect mobile devices that use gateway or router access points. CounterACT Version 7.0.0 10

Legal Notice Copyright ForeScout Technologies, 2000-2015. All rights reserved. The copyright and proprietary rights in this guide belong to ForeScout Technologies. It is strictly forbidden to copy, duplicate, sell, lend or otherwise use this guide in any way, shape or form without the prior written consent of ForeScout Technologies. This product is based on software developed by ForeScout Technologies. The products described in this document are protected by U.S. patents #6,363,489, #8,254,286, #8,590,004 and #8,639,800 and may be protected by other U.S. patents and foreign patents. Redistribution and use in source and binary forms are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials and other materials related to such distribution and use, acknowledge that the software was developed by ForeScout Technologies. THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. All other trademarks used in this document are the property of their respective owners. Send comments and questions about this document to: documentation@forescout.com January 2015 CounterACT Version 7.0.0 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback