insightscentos6.0

centos6.0  时间:2021-03-27  阅读:()
ClearPassIntegrationGuideClarotyClearPassandClaroty–IntegrationGuide2ChangeLogVersionDateModifiedByComments1.
0May2019ArpitBhattFirstPublishedVersion–Phase1CopyrightCopyright2019HewlettPackardEnterpriseDevelopmentLP.
OpenSourceCodeThisproductincludescodelicensedundertheGNUGeneralPublicLicense,theGNULesserGeneralPublicLicense,and/orcertainotheropensourcelicenses.
Acompletemachine-readablecopyofthesourcecodecorrespondingtosuchcodeisavailableuponrequest.
ThisofferisvalidtoanyoneinreceiptofthisinformationandshallexpirethreeyearsfollowingthedateofthefinaldistributionofthisproductversionbyHewlett-PackardCompany.
Toobtainsuchsourcecode,sendacheckormoneyorderintheamountofUS$10.
00to:Hewlett-PackardCompanyAttn:GeneralCounsel3000HanoverStreetPaloAlto,CA94304USAPleasespecifytheproductandversionforwhichyouarerequestingsourcecode.
YoumayalsorequestacopyofthissourcecodefreeofchargeatHPE-Aruba-gplquery@hpe.
com.
www.
arubanetworks.
com3333ScottBlvdSantaClara,CA95054Phone:1-800-WIFI-LAN(+800-943-4526)2019HewlettPackardEnterpriseDevelopmentLP.
AllRightsReserved.
Fax408.
227.
4550ClearPassandClaroty3ContentsIntroduction.
5SoftwareRequirements.
5InstallationandDeploymentGuide5PictorialviewoftheIntegration6Configuration.
7ClearPassConfiguration.
7CreateaClearPassUser.
7CreateanOperatorProfile.
7CreateanAPIClient.
9ClarotyConfiguration10IntegrationResults.
12Monitoring/ReviewingClearPassandClarotycommunications14ClearPassandClaroty–IntegrationGuide4FiguresFigure1:PictorialviewofClearPassPolicyManagerintegrationwithClaroty.
6Figure2:CreateanAPIlevelaccountinClearPass.
7Figure3:OperatorProfile-Accessrestrictions1.
8Figure4:OperatorProfile-Accessrestrictions2.
8Figure5:OperatorProfile-Accessrestrictions3.
9Figure6:CreateanAPIClient9Figure7:ClarotyConfigurationConsole.
10Figure8:EndpointDictionaryAttributescreatedbyClaroty.
12Figure9:ExampleofEndpointscreatedbyClaroty12Figure10:NormalizedEndpointdatacreatedbyClaroty.
13Figure11:CustomEndpointdatacreatedbyClaroty.
13Figure12:Reviewing'LastSync'timetoClearPass.
14Figure13:ExampleofAPIlogsbetweenClarotyandClearPass14ClearPassandClaroty–IntegrationGuide5IntroductionThisIntegrationGuidecoverstheconfigurationanduseoftheintegrationbetweenClarotyandClearPassPolicyManager(CPPM).
Claroty'sContinuousThreatDetectionproductprovidesextremevisibility,continuousthreatandvulnerabilitymonitoringanddeepinsightsintoIndustrialControlSystems(ICS)networks.
ThisinitialintegrationbetweenClarotyandClearPassPolicyManagerfocusesontheabilityofClarotytodetect,discoverandclassifyOT/ICSendpointsandsharethisclassificationdirectlywithClearPassviatheClearPassSecurityExchangeframeworkandtheopenAPIsweexpose.
ClarotywillautomaticallyupdatetheClearPassPolicyManagerendpointdatabasewithendpointclassificationdataandavarietyofcustomsecurityattributes.
ThisguideiswrittenbasedonPhase1ofourplannedintegrationwithClaroty,whichprovidescentralizedvisibilityofnetworkassetsandendpointsacrossITandOTinfrastructure.
Fromhereacentralizedendpointandedgesecuritypolicycanbedefinedandadministered.
Checkbackforupdatestothisintegrationframework.
SoftwareRequirementsAtthetimeofwriting,ClearPassPolicyManagerversion6.
8.
0isavailableandtherecommendedrelease.
CPPMrunsonhardwareapplianceswithpre-installedsoftwareorasaVirtualMachineunderthefollowinghypervisors.
HypervisorsthatrunonaclientcomputersuchasVMwarePlayerarenotsupported.
VMwareESXi6.
0,6.
5,6.
6orhigherMicrosoftHyper-VServer2012R2or2016R2Hyper-VonMicrosoftWindowsServer2012R2or2016R2KVMonCentOS7.
5orlater.
TheversionofClarotythatwasusedforwritingthisintegrationguideis3.
2.
2.
9734.
InstallationandDeploymentGuideThegenericClearPassinstallationanddeploymentguideislocatedhere:https://www.
arubanetworks.
com/techdocs/ClearPass/6.
7/Aruba_DeployGd_HTML/Default.
htm#About%20ClearPass/Intro_ClearPass.
htmClearPassandClaroty–IntegrationGuide6PictorialviewoftheIntegrationThediagrambelowshowsapictorialoverviewofthecomponentsandhowtheyinteractwitheachother.
Figure1:PictorialviewofClearPassPolicyManagerintegrationwithClarotyClearPassandClaroty–IntegrationGuide7ConfigurationClearPassConfigurationPriortocreatingandenablingtheintegrationinClarotyanumberofconfigurationelementsneedtobepre-createdinClearPassPolicyManager.
Followthebelowconfigurationstepscarefully,collectingdataashighlightedwhichwillbeneededinthefollowingsectionwhenconfiguringClarotytoestablishanintegrationwithCPPM.
CreateaClearPassUserAspartofthecommunicationschannelbetweenthetwoproducts,ClarotywilluseanumberofAPIs.
AccesstotheTIPSAPIisvalidatedviaUsername/Passwordcombinationcredentials.
Thisuserneedstohaveminimumlevelsofaccess,donotuseaSuperAdministratorprofile.
CreateauserfromAdministration->UsersandPrivileges->+ADD->{Createauser,ensurethatyouuseaprivilegelevelofAPIAdministrator}MakeanoteoftheUserIDandPasswordthatwasconfigured,ensurePrivilegelevelisAPIAdministratorFigure2:CreateanAPIlevelaccountinClearPassCreateanOperatorProfileTosecurelyaccesstheRESTAPIsfortheAPIClient,createarestrictedaccessOperatorProfile.
NavigatetoClearPassGuest>Administration>OperatorLogins>Profiles.
Clickon"Createanewoperatorprofile"onthetoprightcornerofthepageanddefineanoperatorprofileasshownbelow.
PickandchoosethenecessaryaccessforClarotytoupdateCPPMendpointdatabasewiththedevicecontext.
Insummaryalloptionsaresetas'NoAccess'exceptforthefollowing.
ForAPIServices,selectcustomandthengrantthefollowingaccessAllowAPIAccess=AllowAccessClearPassandClaroty–IntegrationGuide8ForPolicyManager,selectcustomandthengrantthefollowingaccessDictionary–Attributes=Read,Write,DeleteDictionary–Fingerprints=Read,Write,DeleteIdentity–Endpoints=Read,Write,DeleteFigure3:OperatorProfile-Accessrestrictions1Figure4:OperatorProfile-Accessrestrictions2ClearPassandClaroty–IntegrationGuide9Figure5:OperatorProfile-Accessrestrictions3CreateanAPIClientClarotyusestheRESTAPIsforthisintegration,RESTAPIsareauthenticatedunderanOAuth2framework.
CreateanAPIClientunderGuest>Administration>APIServices>APIClients>{CreateAPIClient}EnsuretheOperatorProfilepreviouslycreatedisusedheretorestrictthecapabilitiesoftheAPIClient.
Noticethehighlightedconfigurationoptionsneeded,andsetasappropriateOperatingMode=ClearPassRESTAPI–ClientwillbeusedforAPIcallstoClearPassOperatorProfile=UsetheOperatorProfilecreatedpreviouslyGrantType=Clientcredentials(grant_type=client_credentails)RecordtheClientSecretandtheACTUALAPIClientIDi.
e.
ClarOTyasbelowFigure6:CreateanAPIClientClearPassandClaroty–IntegrationGuide10AtthistimeallofthenecessaryconfighasbeencreatedinPolicyManager,ensureyouhavethebelowlistofinformationcollectedbeforeproceedingtothenextsection.
CPPMAPIAdministratorUserIDCPPMAPIAdministratorUserPasswordCPPMOAuth2APIClientNAMECPPMOAuth2APIClientSecretClarotyConfigurationForthisinitialintegrationbetweenthetwoproducts,thereislimitedconfigurationnecessaryonClaroty.
AftertheconfigurationiscompletetheClarotyplatformwillcontinuetoupdatetheClearPassPolicyManagerendpointdatabaseasitdiscoversnewendpointsataperiodicschedule.
Followthestepsbelowtoconfigureandenablethisintegration.
LoginasanadministratorintoCalrotyusingport5000(https://:5000).
FromtheClarotymainconsole,navigatetoConfiguration>Integrations>ArubaClearPass.
Afterclickingon'ArubaClearPass'thefollowingscreenisshown,allfieldsarerequiredfortheconfiguration.
UsethevaluescollectedduringClearPassPolicyManagerconfiguration.
Onceconfigured,clickonConnect.
Amessageisdisplayedatthebottomofthescreeninagreenboxsaying"AddedIntegrationConfiguration".
Thisiseasytomiss.
ThebuttonforConnectchangestoUpdatewhichindicatestheconfigurationissaved.
Figure7:ClarotyConfigurationConsoleClearPassandClaroty–IntegrationGuide11Belowtableexplainsthefieldsusedforconfigurationindetail.
FieldNameValue/NotesServerAddressThisshouldbetheClearPassPublisher'sIPaddressPortThisshouldbe443ClientIDOAuth2clientIDcreatedintheprevioussectionAPIAdminUsernameAPIAdministratorUserIDcreatedintheprevioussectionAPIAdminPasswordAPIAdministratorPasswordcreatedintheprevioussectionClientSecretOAuth2ClientSecretcopiedintheprevioussectionClearPassandClaroty–IntegrationGuide12IntegrationResultsAspartofenablingtheaboveintegration,ClarotywillcreateanumberofcustomEndpointDictionaryattributesusingtheClearPassRESTAPIs.
ThisisarecordoftheDictionaryAttributescreatedbyClaroty.
CheckunderAdministration>Dictionaries>DictionaryAttributes.
Figure8:EndpointDictionaryAttributescreatedbyClarotyTheEndpointdataissentbyClaroty,itcreatestheEndpoints,setstheendpointclassificationandalsoconfiguressomecustomendpointattributes.
Anexampleoftheendpointscreatedareshownbelow.
Figure9:ExampleofEndpointscreatedbyClarotyClearPassandClaroty–IntegrationGuide13Lookingcloserattheendpointdatawecanseeseveralimportantthings,themac-address,mac-vendor,andsomedeviceclassificationasdeterminedbyClaroty,othervaluabledatasuchasthedatetheendpointwasaddedandprofiled,saidanotherwaythetimeClarotyupdatedClearPasswiththedevicesdata.
Figure10:NormalizedEndpointdatacreatedbyClarotyInadditiontothestandarddata,Clarotyalsosuppliesothercustomattributes.
ClickontheAttributestabtoseethem.
AnyoftheseattributescouldbeusedinaPolicy.
Figure11:CustomEndpointdatacreatedbyClarotyClaroty_Criticality,Claroty_Firmware,Claroty_Risk_Level,Claroty_CVE_Scorearesomeoftheveryusefulattributesthatcanbeusedwithintheenforcementpolicy.
Forexample,aknownvulnerableFirmwareforadevicecategorycanbeblocked.
IftheCriticalityisHigh,anendpointcanbequarantined.
ClearPassandClaroty–IntegrationGuide14Monitoring/ReviewingClearPassandClarotycommunicationsOncethesynchasstartedendpointdatawillbepopulateddirectedlyintothePolicyManagerendpointdatabase,viewthelastupdatetimefromtheintegrationconfigurationscreen,seebelowforanexample.
Figure12:Reviewing'LastUpdate'timetoClearPassIfthesyncisnotworkingorshowsanerrorthenit'slikelyyou'vemissedcapturingtheinformationcorrectly,recheckthedatarecorded,additionallyyoucanviewtheAPIcallsbetweenClarotyandClearPassfromClearPassGuest>Administration>Support>ApplicationLog.
BelowisanexampleoflogsfromClarotytoClearPass.
FilterusingtheIPaddressofClaroty.
Figure13:ExampleofAPIlogsbetweenClarotyandClearPassNoticethereareafewerrorlogs.
TheseerrorsindicatethatthemacaddressdidnotexisthenceanewonewascreatedbyClaroty.
Ifitexists,itwillbeupdatedifnecessaryandtheerrorswillnotbeseen.

racknerd:美国大硬盘服务器(双路e5-2640v2/64g内存/256gSSD+160T SAS)$389/月

racknerd在促销美国洛杉矶multacom数据中心的一款大硬盘服务器,用来做存储、数据备份等是非常划算的,而且线路还是针对亚洲有特别优化处理的。双路e5+64G内存,配一个256G的SSD做系统盘,160T SAS做数据盘,200T流量每个月,1Gbps带宽,5个IPv4,这一切才389美元...洛杉矶大硬盘服务器CPU:2 * e5-2640v2内存:64G(可扩展至128G,+$64)硬...

搬瓦工VPS:高端线路,助力企业运营,10Gbps美国 cn2 gia,1Gbps香港cn2 gia,10Gbps日本软银

搬瓦工vps(bandwagonhost)现在面向中国大陆有3条顶级线路:美国 cn2 gia,香港 cn2 gia,日本软银(softbank)。详细带宽是:美国cn2 gia、日本软银,都是2.5Gbps~10Gbps带宽,香港 cn2 gia为1Gbps带宽,搬瓦工是目前为止,全球所有提供这三种带宽的VPS(云服务器)商家里面带宽最大的,成本最高的,没有第二家了! 官方网站:https...

rfchost:洛杉矶vps/双向CN2 GIA,1核/1G/10G SSD/500G流量/100Mbps/季付$23.9

rfchost怎么样?rfchost是一家开办了近六年的国人主机商,一般能挺过三年的国人商家,还是值得入手的,商家主要销售VPS,机房有美国洛杉矶/堪萨斯、中国香港,三年前本站分享过他家堪萨斯机房的套餐。目前rfchost商家的洛杉矶机房还是非常不错的,采用CN2优化线路,电信双程CN2 GIA,联通去程CN2 GIA,回程AS4837,移动走自己的直连线路,目前季付套餐还是比较划算的,有需要的可...

centos6.0为你推荐
嘉兴商标注册如何注册商标怎样商标注册22zizi.com福利彩双色球22号开奖号336.com求那个网站 你懂得 1552517773@qq广告法中华人民共和国广告法中,有哪些广告不得发布?ww.66bobo.com这个www.中国应急救援网.com查询证件是真是假?www.1100.com诺亚洲1100怎么下电影查看源代码怎样查看程序的源代码恋战千年关于苏打绿的《迟到千年》买春楼这是哪里?黑泽亚美黑木美紗 Kuroki Meisa完全资料
本网站服务器在美国维护 t楼 windows主机 免费主机 美国主机论坛 directadmin xen 搜狗12306抢票助手 主机合租 新天域互联 web服务器的架设 常州联通宽带 服务器是干什么用的 网页提速 阿里云官方网站 上海电信测速 restart 海外加速 美国vpn代理 gotoassist 更多