Control Wireless Networks

Similar documents
Ensure Instant Messaging and Peer to Peer Compliance

Ensure Antivirus Compliance

Classify Assets. How-to Guide. CounterACT Version 7.0.0

Manage External Devices

Prevent Network Attacks

Control Network Vulnerabilities

Classify Mobile Assets

ForeScout CounterACT. Configuration Guide. Version 1.8

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

CounterACT Wireless Plugin

ForeScout CounterACT. Ensure Antivirus Compliance. How-to Guide. Version 8.0

ForeScout CounterACT. Ensure Instant Messaging and Peer to Peer Compliance. How-to Guide. Version 8.0

CounterACT Aruba ClearPass Plugin

ForeScout Extended Module for Qualys VM

Use the Executive Dashboard

CounterACT Wireless Plugin

CounterACT User Directory Plugin

ForeScout Extended Module for ServiceNow

CounterACT NetFlow Plugin

CounterACT Microsoft System Management Server (SMS) System Center Configuration Manager (SCCM) Plugin

ForeScout CounterACT. Classify Devices. How-to Guide. Version 8.0

CounterACT Check Point Threat Prevention Module

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

CounterACT External Classifier Plugin

ForeScout CounterACT. Windows Vulnerability DB. Configuration Guide. Updated February 2018

CounterACT Afaria MDM Plugin

Forescout. Control Network Vulnerabilities. How-to Guide. Forescout version 8.1

ForeScout Extended Module for Bromium Secure Platform

CounterACT CEF Plugin

CounterACT Advanced Tools Plugin

CounterACT Reports Plugin

ForeScout CounterACT. Configuration Guide. Version 1.1

ForeScout CounterACT. Configuration Guide. Version 4.1

CounterACT Syslog Plugin

ForeScout App for IBM QRadar

ForeScout Extended Module for Advanced Compliance

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

CounterACT DNS Enforce Plugin

ForeScout Amazon Web Services (AWS) Plugin

Forescout. Configuration Guide. Version 4.2

CounterACT Security Policy Templates

ForeScout Extended Module for VMware AirWatch MDM

CounterACT Hardware Inventory Plugin

Forescout. Configuration Guide. Version 2.4

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

ForeScout CounterACT. Configuration Guide. Version 8.12

ForeScout Extended Module for MaaS360

ForeScout App for Splunk

CounterACT Switch Plugin

Forescout. Configuration Guide. Version 4.4

ForeScout Extended Module for MobileIron

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Enterprise Manager/Appliance Communication

ForeScout CounterACT. Configuration Guide. Version 5.0

ForeScout CounterACT. Cisco PIX/ASA Firewall Integration Module. Configuration Guide. Version 2.1

ForeScout Extended Module for IBM BigFix

CounterACT VMware vsphere Plugin

ForeScout Extended Module for HPE ArcSight

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

CounterACT Switch Plugin

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.2.4

ForeScout Extended Module for ArcSight

CounterACT 802.1X Plugin

ForeScout Extended Module for ServiceNow

ForeScout CounterACT. ARF Reports Module. Configuration Guide. Version 1.0.3

ForeScout CounterACT. Configuration Guide. Version 4.3

ForeScout CounterACT. Configuration Guide. Version 1.4

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

ForeScout Extended Module for IBM BigFix

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

ForeScout CounterACT. Configuration Guide. Version 1.2

Forescout. eyeextend for ServiceNow. Configuration Guide. Version 2.0

ForeScout CounterACT Linux Plugin

ForeScout Extended Module for Web API

ForeScout CounterACT. Work with IPv6 Addressable Endpoints. How-to Guide. Version 8.0

ForeScout Extended Module for Carbon Black

Forescout. Asset Reporting Format (ARF) Reports Module. Configuration Guide. Version 1.0.3

Forescout. Engine. Configuration Guide. Version 1.3

CounterACT DHCP Classifier Plugin

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

ForeScout Extended Module for Symantec Endpoint Protection

Manage Your Inventory

Forescout. Configuration Guide. Version 3.5

CounterACT Macintosh/Linux Property Scanner Plugin

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Forescout. Work with IPv6 Addressable Endpoints. How-to Guide. Forescout version 8.1

ForeScout CounterACT. Security Policy Templates. Configuration Guide. Version

Forescout. Plugin. Configuration Guide. Version 2.2.4

CounterACT HPS Applications Plugin

ForeScout CounterACT. Deploying SecureConnector as a Service as Part of a Machine Image. How-to Guide. Version 8.0

CounterACT VMware vsphere Plugin

ForeScout CounterACT. Configuration Guide. Version 6.3

ForeScout Extended Module for Tenable Vulnerability Management

ForeScout CounterACT Resiliency Solutions

Transcription:

How-to Guide CounterACT Version 7.0.0

Table of Contents About Wireless Endpoints... 3 Prerequisites... 3 Setup... 3 Create a Policy to Detect All Hosts Connected to Wireless Devices... 11 Evaluate Your Wireless Policy... 14 Generate Reports... 15 CounterACT Version 7.0.0 2

About Wireless Endpoints CounterACT provides powerful tools that let you quickly and effectively take control of wireless endpoints in your networks. You can continuously track and control wireless devices, view information about wireless network connections, and prevent unauthorized connections. Follow the step-by-step procedures in this guide to: Configure CounterACT communication wireless controllers or access points Create policies to detect hosts connected via wireless devices This How-to guide provides basic configuration instructions designed for a quick setup. For more information on the extended configuration options, refer to the Console User Manual or the Console Online Help. Prerequisites Verify that your system is equipped with the following hardware and software: CounterACT Appliance and Console version 6.3.4.0 or above. CounterACT Wireless plugin version 1.4.0 or above. Network connectivity between the Appliance and the wireless management device. Verify that your CounterACT system was set up using the Initial Setup Wizard. Refer to the Console Online Help for details. Setup Follow these steps to set up and configure wireless detection and classify your network assets using a policy template. Install the Plugin 1. Download the CounterACT Wireless plugin from the ForeScout web site www.forescout.com and save it to the machine on which the CounterACT Console is installed. 2. Log into the CounterACT Console and select Options from the Tools menu. 3. Navigate to the Plugins folder. The Plugins pane opens. 4. Select Install. The Open dialog box opens. 5. Browse to and select the saved plugin.fpi file, and select Install. 6. Complete the plugin installation accordingly. CounterACT Version 7.0.0 3

Configure Connection to a Wireless Controller or Access Point This section describes configuration for a single wireless controller. Often, controllers in a network share the same basic configuration. To simplify configuration of controllers, use the Duplicate option to apply a configuration to other instances of the same controller. Similarly, you can use the Export and Import options to download, modify, and upload configuration settings between Appliances. See the Wireless Plugin Configuration Guide for details. 1. Select Options from the Console Tools menu. The Options dialog box opens. 2. Select Wireless in the Options tree. The Wireless pane opens. 3. Select Add. The Add Wireless Device wizard opens. 4. In the Address field, type the IP address of the wireless management device that you are adding. 5. From the Connecting Appliance drop-down list, select a CounterACT device. If your CounterACT solution includes multiple Appliances connected to an Enterprise Manager, it is recommended to select an Appliance that is physically close to the controller. 6. From the Product drop-down list, select a wireless management device vendor. If you select Aruba or Motorola, extra fields are displayed. CounterACT Version 7.0.0 4

In the Read Connection Method section, specify how to connect to the controller. If you want to disable CounterACT blocking capabilities, in the Write Permission section, clear Block Using Command Line. If the option is disabled, CounterACT does not perform wireless blocking actions. See Create Policies that Manage Wireless Endpoints for more information about blocking wireless endpoints. 7. (Optional) Enter comments about this controller or the configuration. 8. Select Next. The SNMP page (Aruba, Cisco, Motorola, Xirrus) or Read page (Aerohive, Cisco Aironet, Meru) opens. The information defined here is used by the plugin to retrieve information about endpoints connected to the wireless management device, for example the wireless network to which the endpoint is connected. For Aerohive, Aruba, Cisco, and Motorola wireless management devices, there is an extra field. 9. (Aerohive/Aruba/Motorola/Cisco) Specify whether to enable support for notification traps. CounterACT Version 7.0.0 5

Working with notification traps requires CounterACT Switch Plugin version 8.5.2 or higher. The Wireless Plugin includes SNMP support for notification traps from several controllers. This means that notification of newly-connected endpoints is received from these wireless management devices in near real-time. Each trap includes the MAC address and the IP address of the endpoint, and the plugin can then query the wireless management device for all other endpoint information. 10. Specify the wireless management device query interval. For Aerohive, Aruba, Motorola, and Cisco controllers, the default value is 10 minutes because they support SNMP traps. For all other wireless management devices, the default value is 1 minute. 11. Configure the SNMP parameters: select an SNMP version from the SNMP Version drop-down list. For Aruba controllers, if you selected Command Line in the Read Connection Method section, the SNMP parameters are disabled. For SNMPv1 or SNMPv2c, in the Community field, enter a community relevant to the SNMP version that you selected. For SNMPv3, the parameters shown below appear. Enter a user name, and enable authentication and privacy options as required. Supported Authentication Protocols: HMAC-MD5 and HMAC-SHA Supported Encryption Protocols: DES and AES SNMPv3 is supported by CounterACT 7.0.0 only, These configuration settings should match SNMP configurations on the controller. CounterACT Version 7.0.0 6

12. In SNMP v3 communication, the Engine ID uniquely identifies each SNMP agent for queries and trap handling. When wireless controllers in the network use default engine IDs, the plugin automatically discovers the engine ID value. In this case, clear the Use Explicit Engine ID option. When wireless controllers use operator-assigned engine ID values, autodiscovery of engine IDs may not succeed. To explicitly specify an engine ID value, select the Use Explicit Engine ID option and specify the Engine ID Value. For example, an explicit engine ID must be specified to define CounterACT as a Trap Receiver in Aruba 620 controllers. 13. Select Next. The next page of the wizard opens: Permissions page (Cisco, Xirrus) Write page (Aerohive, Cisco Aironet, Meru) Command Line (Aruba, Motorola) The information defined here is used by the plugin to request wireless endpoint blocking via the controller. Blocking is based on the endpoint s MAC address. Detected MAC addresses are blocked on all wireless management devices that are configured to communicate with the plugin. See Wireless Management Device Read/Write Settings for details. Permissions page (Cisco, Xirrus) (Optional) Select Enable host block to enable CounterACT blocking capabilities. If you leave the option disabled, CounterACT does not perform wireless blocking actions. See Create Policies that Manage Wireless Endpoints for more information about blocking wireless endpoints. CounterACT Version 7.0.0 7

Write page (Cisco Aironet, Meru) (Optional) Select Enable host block to enable the WLAN Host Block action. If you leave the option disabled, CounterACT does not block endpoints connected through this controller. (If Enable host block is selected) In the Login Parameters section, enter controller login credentials. These credentials are used to login using SSH or Telnet. When enabling host blocking on Meru devices, you can indicate if a privileged password is required and enter one when necessary. CounterACT Version 7.0.0 8

Command Line (Aruba) If, in the General page of the wizard, the Read Connection Method is SNMP and you cleared Block Using Command Line, all the fields in this page are disabled. In the Login Parameters section, enter controller login credentials. These credentials are used to login using SSH or Telnet. In the Miscellaneous section, specify whether CounterACT sends wireless endpoint MAC addresses to each Aruba device with or without colons. Colons are used by default. Command line (Motorola) In the Login Parameters section, enter controller login credentials. These credentials are used to login using SSH or Telnet. 14. Do one of the following: If the CounterACT 802.1X Plugin is not installed, select Finish. CounterACT Version 7.0.0 9

If the CounterACT 802.1X Plugin is installed, select Next and continue with the following section. 802.1X Integration If you are working with 802.1X authentication and authorization and you have installed the 802.1X CounterACT Plugin on the CounterACT device, an extra page is displayed in the Add Wireless Device wizard. Options here let you: Ensure communication between the wireless management device and the CounterACT RADIUS server in 802.1X environments Determine how to roll out network access assignments It is recommended to review information about 802.1X and wireless integration before working with these options. See the 802.1X Plugin Configuration Guide. Test the Wireless Configuration Testing the wireless configuration lets you verify the connectivity between CounterACT and the wireless management device, and determine how many hosts are connected to the configured wireless device. 1. Select Options from the Console Tools menu. The Options dialog box opens. 2. Select Wireless in the Options tree. The Wireless pane opens. 3. Select one or more wireless devices, and select Test. A message is displayed indicating if the test passed. If the test failed, the cause of the failure is displayed. CounterACT Version 7.0.0 10

Set Up Wireless Detection Display at the Console 4. On the Console toolbar, select the NAC tab. 5. Right-click a table header in the Detections pane and select Add/Remove Columns. 6. Expand the Properties folder, and expand Wireless. 7. Select one or more listings related to the Wireless plugin, and then select Add and Apply. You can also reorder how the columns are displayed. 8. Select OK. Create a Policy to Detect All Hosts Connected to Wireless Devices You can create CounterACT policies that detect and manage hosts connected to wireless devices. This section describes one commonly used policy to detect all hosts that are connected to your Internal Network through wireless devices. For more sample policies, see the Wireless Plugin Configuration Guide. To create a wireless network policy: 1. Log into the CounterACT Console. 2. On the Console toolbar select the Policy tab. The Policy Manager opens. 3. In the Policy Manager, select Add. The Policy Wizard opens, guiding you through policy creation. CounterACT Version 7.0.0 11

4. Under Templates, select Custom, and then select Next. 5. In the Name pane, enter a policy name and a description (optional). 6. Select Next. The Scope pane and the IP Address Range dialog box open. 7. Use the IP Address Range dialog box to define the IP addresses you want to inspect. The following options are available: All IPs lets you inspect all addresses in the Internal Network range, initially defined when CounterACT was set up. Segment lets you select a previously defined segment of the network. To specify multiple segments, select Cancel to close the IP address range dialog box, and select Segments from the Scope pane. IP Range lets you define a range of IP addresses. These addresses must be within the Internal Network. CounterACT Version 7.0.0 12

Unknown IP addresses applies the policy to hosts whose IP addresses are not known. Not applicable for this policy template. Viewing or modifying the Internal Network is performed separately. Select Tools>Options>Internal Network. 8. Select OK. The added range appears in the Scope list. 9. Select Next. The Main Rule pane opens. Each policy rule contains at least one Condition and at least one Action. Conditions specify matching criteria based on host property values of an endpoint. Actions are applied to endpoints that match the Conditions of the rule. 10. Select Add in the Condition section. The Condition dialog box opens. 11. In the Properties tree, expand the Wireless folder. CounterACT Version 7.0.0 13

12. Select a host property, define matching criteria, and then select OK. The condition criterion is displayed in the Condition list in the Main Rule pane. 13. Select Add in the Actions section. The Action dialog box opens. 14. Expand the Restrict folder. 15. Select a WLAN action, configure settings for the action, and then select OK. The selected action is displayed in the Action list in the Main Rule pane. 16. Select Finish in the Main Rule pane and select Apply in the Policy Manager. Evaluate Your Wireless Policy After activating the policy, you can view details about wireless endpoints that did or did not match the policy. To evaluate details about wireless endpoints: 1. On the Console toolbar, select the NAC tab. CounterACT Version 7.0.0 14

2. In the Views pane, expand the Policy folder and scroll to the wireless policy you created. 3. In the Detections pane, select an entry. The wireless information is displayed in the Details pane. Generate Reports After the policy runs, you can generate reports with real-time and trend information about wireless endpoints. You can generate and view the reports immediately, or schedule automatic report generation. The Reports tool provides tools to customize reports and schedule automatic report generation. For more information about the Reports tool, see the CounterACT Console User Guide. To generate a report: 1. Select Web Reports from the Console Reports menu. 2. In the Reports Portal, select Add. The Add Report Template dialog box opens. 3. Select a report template, and select Next. A report configuration page opens. 4. Define the report specifications in each field. 5. Schedule report generation (optional). 6. Select Save (optional) to save the report settings and assign them a name. The report name appears in the Reports list for future use. 7. Select Run to generate and display the report. In the following example, the Policy Compliance Details report was selected for a wireless host with malicious intent policy. This report gives you a pie chart breakdown of allowed and blocked wireless devices, and provides details depending on the information fields you selected to view. CounterACT Version 7.0.0 15

CounterACT Version 7.0.0 16

Legal Notice Copyright ForeScout Technologies, 2000-2015. All rights reserved. The copyright and proprietary rights in this guide belong to ForeScout Technologies. It is strictly forbidden to copy, duplicate, sell, lend or otherwise use this guide in any way, shape or form without the prior written consent of ForeScout Technologies. This product is based on software developed by ForeScout Technologies. The products described in this document are protected by U.S. patents #6,363,489, #8,254,286, #8,590,004 and #8,639,800 and may be protected by other U.S. patents and foreign patents. Redistribution and use in source and binary forms are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials and other materials related to such distribution and use, acknowledge that the software was developed by ForeScout Technologies. THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. All other trademarks used in this document are the property of their respective owners. Send comments and questions about this document to: documentation@forescout.com January 2015 CounterACT Version 7.0.0 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback