insightscentos6.0

centos6.0  时间:2021-03-27  阅读:()
ClearPassIntegrationGuideClarotyClearPassandClaroty–IntegrationGuide2ChangeLogVersionDateModifiedByComments1.
0May2019ArpitBhattFirstPublishedVersion–Phase1CopyrightCopyright2019HewlettPackardEnterpriseDevelopmentLP.
OpenSourceCodeThisproductincludescodelicensedundertheGNUGeneralPublicLicense,theGNULesserGeneralPublicLicense,and/orcertainotheropensourcelicenses.
Acompletemachine-readablecopyofthesourcecodecorrespondingtosuchcodeisavailableuponrequest.
ThisofferisvalidtoanyoneinreceiptofthisinformationandshallexpirethreeyearsfollowingthedateofthefinaldistributionofthisproductversionbyHewlett-PackardCompany.
Toobtainsuchsourcecode,sendacheckormoneyorderintheamountofUS$10.
00to:Hewlett-PackardCompanyAttn:GeneralCounsel3000HanoverStreetPaloAlto,CA94304USAPleasespecifytheproductandversionforwhichyouarerequestingsourcecode.
YoumayalsorequestacopyofthissourcecodefreeofchargeatHPE-Aruba-gplquery@hpe.
com.
www.
arubanetworks.
com3333ScottBlvdSantaClara,CA95054Phone:1-800-WIFI-LAN(+800-943-4526)2019HewlettPackardEnterpriseDevelopmentLP.
AllRightsReserved.
Fax408.
227.
4550ClearPassandClaroty3ContentsIntroduction.
5SoftwareRequirements.
5InstallationandDeploymentGuide5PictorialviewoftheIntegration6Configuration.
7ClearPassConfiguration.
7CreateaClearPassUser.
7CreateanOperatorProfile.
7CreateanAPIClient.
9ClarotyConfiguration10IntegrationResults.
12Monitoring/ReviewingClearPassandClarotycommunications14ClearPassandClaroty–IntegrationGuide4FiguresFigure1:PictorialviewofClearPassPolicyManagerintegrationwithClaroty.
6Figure2:CreateanAPIlevelaccountinClearPass.
7Figure3:OperatorProfile-Accessrestrictions1.
8Figure4:OperatorProfile-Accessrestrictions2.
8Figure5:OperatorProfile-Accessrestrictions3.
9Figure6:CreateanAPIClient9Figure7:ClarotyConfigurationConsole.
10Figure8:EndpointDictionaryAttributescreatedbyClaroty.
12Figure9:ExampleofEndpointscreatedbyClaroty12Figure10:NormalizedEndpointdatacreatedbyClaroty.
13Figure11:CustomEndpointdatacreatedbyClaroty.
13Figure12:Reviewing'LastSync'timetoClearPass.
14Figure13:ExampleofAPIlogsbetweenClarotyandClearPass14ClearPassandClaroty–IntegrationGuide5IntroductionThisIntegrationGuidecoverstheconfigurationanduseoftheintegrationbetweenClarotyandClearPassPolicyManager(CPPM).
Claroty'sContinuousThreatDetectionproductprovidesextremevisibility,continuousthreatandvulnerabilitymonitoringanddeepinsightsintoIndustrialControlSystems(ICS)networks.
ThisinitialintegrationbetweenClarotyandClearPassPolicyManagerfocusesontheabilityofClarotytodetect,discoverandclassifyOT/ICSendpointsandsharethisclassificationdirectlywithClearPassviatheClearPassSecurityExchangeframeworkandtheopenAPIsweexpose.
ClarotywillautomaticallyupdatetheClearPassPolicyManagerendpointdatabasewithendpointclassificationdataandavarietyofcustomsecurityattributes.
ThisguideiswrittenbasedonPhase1ofourplannedintegrationwithClaroty,whichprovidescentralizedvisibilityofnetworkassetsandendpointsacrossITandOTinfrastructure.
Fromhereacentralizedendpointandedgesecuritypolicycanbedefinedandadministered.
Checkbackforupdatestothisintegrationframework.
SoftwareRequirementsAtthetimeofwriting,ClearPassPolicyManagerversion6.
8.
0isavailableandtherecommendedrelease.
CPPMrunsonhardwareapplianceswithpre-installedsoftwareorasaVirtualMachineunderthefollowinghypervisors.
HypervisorsthatrunonaclientcomputersuchasVMwarePlayerarenotsupported.
VMwareESXi6.
0,6.
5,6.
6orhigherMicrosoftHyper-VServer2012R2or2016R2Hyper-VonMicrosoftWindowsServer2012R2or2016R2KVMonCentOS7.
5orlater.
TheversionofClarotythatwasusedforwritingthisintegrationguideis3.
2.
2.
9734.
InstallationandDeploymentGuideThegenericClearPassinstallationanddeploymentguideislocatedhere:https://www.
arubanetworks.
com/techdocs/ClearPass/6.
7/Aruba_DeployGd_HTML/Default.
htm#About%20ClearPass/Intro_ClearPass.
htmClearPassandClaroty–IntegrationGuide6PictorialviewoftheIntegrationThediagrambelowshowsapictorialoverviewofthecomponentsandhowtheyinteractwitheachother.
Figure1:PictorialviewofClearPassPolicyManagerintegrationwithClarotyClearPassandClaroty–IntegrationGuide7ConfigurationClearPassConfigurationPriortocreatingandenablingtheintegrationinClarotyanumberofconfigurationelementsneedtobepre-createdinClearPassPolicyManager.
Followthebelowconfigurationstepscarefully,collectingdataashighlightedwhichwillbeneededinthefollowingsectionwhenconfiguringClarotytoestablishanintegrationwithCPPM.
CreateaClearPassUserAspartofthecommunicationschannelbetweenthetwoproducts,ClarotywilluseanumberofAPIs.
AccesstotheTIPSAPIisvalidatedviaUsername/Passwordcombinationcredentials.
Thisuserneedstohaveminimumlevelsofaccess,donotuseaSuperAdministratorprofile.
CreateauserfromAdministration->UsersandPrivileges->+ADD->{Createauser,ensurethatyouuseaprivilegelevelofAPIAdministrator}MakeanoteoftheUserIDandPasswordthatwasconfigured,ensurePrivilegelevelisAPIAdministratorFigure2:CreateanAPIlevelaccountinClearPassCreateanOperatorProfileTosecurelyaccesstheRESTAPIsfortheAPIClient,createarestrictedaccessOperatorProfile.
NavigatetoClearPassGuest>Administration>OperatorLogins>Profiles.
Clickon"Createanewoperatorprofile"onthetoprightcornerofthepageanddefineanoperatorprofileasshownbelow.
PickandchoosethenecessaryaccessforClarotytoupdateCPPMendpointdatabasewiththedevicecontext.
Insummaryalloptionsaresetas'NoAccess'exceptforthefollowing.
ForAPIServices,selectcustomandthengrantthefollowingaccessAllowAPIAccess=AllowAccessClearPassandClaroty–IntegrationGuide8ForPolicyManager,selectcustomandthengrantthefollowingaccessDictionary–Attributes=Read,Write,DeleteDictionary–Fingerprints=Read,Write,DeleteIdentity–Endpoints=Read,Write,DeleteFigure3:OperatorProfile-Accessrestrictions1Figure4:OperatorProfile-Accessrestrictions2ClearPassandClaroty–IntegrationGuide9Figure5:OperatorProfile-Accessrestrictions3CreateanAPIClientClarotyusestheRESTAPIsforthisintegration,RESTAPIsareauthenticatedunderanOAuth2framework.
CreateanAPIClientunderGuest>Administration>APIServices>APIClients>{CreateAPIClient}EnsuretheOperatorProfilepreviouslycreatedisusedheretorestrictthecapabilitiesoftheAPIClient.
Noticethehighlightedconfigurationoptionsneeded,andsetasappropriateOperatingMode=ClearPassRESTAPI–ClientwillbeusedforAPIcallstoClearPassOperatorProfile=UsetheOperatorProfilecreatedpreviouslyGrantType=Clientcredentials(grant_type=client_credentails)RecordtheClientSecretandtheACTUALAPIClientIDi.
e.
ClarOTyasbelowFigure6:CreateanAPIClientClearPassandClaroty–IntegrationGuide10AtthistimeallofthenecessaryconfighasbeencreatedinPolicyManager,ensureyouhavethebelowlistofinformationcollectedbeforeproceedingtothenextsection.
CPPMAPIAdministratorUserIDCPPMAPIAdministratorUserPasswordCPPMOAuth2APIClientNAMECPPMOAuth2APIClientSecretClarotyConfigurationForthisinitialintegrationbetweenthetwoproducts,thereislimitedconfigurationnecessaryonClaroty.
AftertheconfigurationiscompletetheClarotyplatformwillcontinuetoupdatetheClearPassPolicyManagerendpointdatabaseasitdiscoversnewendpointsataperiodicschedule.
Followthestepsbelowtoconfigureandenablethisintegration.
LoginasanadministratorintoCalrotyusingport5000(https://:5000).
FromtheClarotymainconsole,navigatetoConfiguration>Integrations>ArubaClearPass.
Afterclickingon'ArubaClearPass'thefollowingscreenisshown,allfieldsarerequiredfortheconfiguration.
UsethevaluescollectedduringClearPassPolicyManagerconfiguration.
Onceconfigured,clickonConnect.
Amessageisdisplayedatthebottomofthescreeninagreenboxsaying"AddedIntegrationConfiguration".
Thisiseasytomiss.
ThebuttonforConnectchangestoUpdatewhichindicatestheconfigurationissaved.
Figure7:ClarotyConfigurationConsoleClearPassandClaroty–IntegrationGuide11Belowtableexplainsthefieldsusedforconfigurationindetail.
FieldNameValue/NotesServerAddressThisshouldbetheClearPassPublisher'sIPaddressPortThisshouldbe443ClientIDOAuth2clientIDcreatedintheprevioussectionAPIAdminUsernameAPIAdministratorUserIDcreatedintheprevioussectionAPIAdminPasswordAPIAdministratorPasswordcreatedintheprevioussectionClientSecretOAuth2ClientSecretcopiedintheprevioussectionClearPassandClaroty–IntegrationGuide12IntegrationResultsAspartofenablingtheaboveintegration,ClarotywillcreateanumberofcustomEndpointDictionaryattributesusingtheClearPassRESTAPIs.
ThisisarecordoftheDictionaryAttributescreatedbyClaroty.
CheckunderAdministration>Dictionaries>DictionaryAttributes.
Figure8:EndpointDictionaryAttributescreatedbyClarotyTheEndpointdataissentbyClaroty,itcreatestheEndpoints,setstheendpointclassificationandalsoconfiguressomecustomendpointattributes.
Anexampleoftheendpointscreatedareshownbelow.
Figure9:ExampleofEndpointscreatedbyClarotyClearPassandClaroty–IntegrationGuide13Lookingcloserattheendpointdatawecanseeseveralimportantthings,themac-address,mac-vendor,andsomedeviceclassificationasdeterminedbyClaroty,othervaluabledatasuchasthedatetheendpointwasaddedandprofiled,saidanotherwaythetimeClarotyupdatedClearPasswiththedevicesdata.
Figure10:NormalizedEndpointdatacreatedbyClarotyInadditiontothestandarddata,Clarotyalsosuppliesothercustomattributes.
ClickontheAttributestabtoseethem.
AnyoftheseattributescouldbeusedinaPolicy.
Figure11:CustomEndpointdatacreatedbyClarotyClaroty_Criticality,Claroty_Firmware,Claroty_Risk_Level,Claroty_CVE_Scorearesomeoftheveryusefulattributesthatcanbeusedwithintheenforcementpolicy.
Forexample,aknownvulnerableFirmwareforadevicecategorycanbeblocked.
IftheCriticalityisHigh,anendpointcanbequarantined.
ClearPassandClaroty–IntegrationGuide14Monitoring/ReviewingClearPassandClarotycommunicationsOncethesynchasstartedendpointdatawillbepopulateddirectedlyintothePolicyManagerendpointdatabase,viewthelastupdatetimefromtheintegrationconfigurationscreen,seebelowforanexample.
Figure12:Reviewing'LastUpdate'timetoClearPassIfthesyncisnotworkingorshowsanerrorthenit'slikelyyou'vemissedcapturingtheinformationcorrectly,recheckthedatarecorded,additionallyyoucanviewtheAPIcallsbetweenClarotyandClearPassfromClearPassGuest>Administration>Support>ApplicationLog.
BelowisanexampleoflogsfromClarotytoClearPass.
FilterusingtheIPaddressofClaroty.
Figure13:ExampleofAPIlogsbetweenClarotyandClearPassNoticethereareafewerrorlogs.
TheseerrorsindicatethatthemacaddressdidnotexisthenceanewonewascreatedbyClaroty.
Ifitexists,itwillbeupdatedifnecessaryandtheerrorswillnotbeseen.

棉花云1折起(49元), 国内BGP 美国 香港 日本

棉花云官网棉花云隶属于江西乐网科技有限公司,前身是2014年就运营的2014IDC,专注海外线路已有7年有余,是国内较早从事海外专线的互联网基础服务提供商。公司专注为用户提供低价高性能云计算产品,致力于云计算应用的易用性开发,并引导云计算在国内普及。目前公司研发以及运营云服务基础设施服务平台(IaaS),面向全球客户提供基于云计算的IT解决方案与客户服务(SaaS),拥有丰富的国内BGP、双线高防...

提速啦:美国多IP站群云服务器 8核8G 10M带宽 7IP 88元/月

提速啦(www.tisula.com)是赣州王成璟网络科技有限公司旗下云服务器品牌,目前拥有在籍员工40人左右,社保在籍员工30人+,是正规的国内拥有IDC ICP ISP CDN 云牌照资质商家,2018-2021年连续4年获得CTG机房顶级金牌代理商荣誉 2021年赣州市于都县创业大赛三等奖,2020年于都电子商务示范企业,2021年于都县电子商务融合推广大使。资源优势介绍:Ceranetwo...

如何低价香港服务器购买?有没有便宜的香港服务器推荐?

如何低价香港服务器购买?想要做一个个人博客,想用香港服务器,避免繁琐备案,性能不需要多高,只是记录一些日常而已,也没啥视频之类的东西,想问问各位大佬有没有低价的香港服务器推荐?香港距大陆近,相比美国服务器最大的优势在于延迟低,ping值低,但是带宽紧张,普遍都是1M,一般戏称其为“毛细血管”。同时价格普遍高,优质稳定的一般价格不菲。大厂云梯队阿里云、腾讯云两家都有香港服务器,要注意的是尽量不要选择...

centos6.0为你推荐
1头牛168万人民币1头700千克的牛多少钱金评媒朱江雷克萨斯中国朱江简历access数据库access数据库的组成是什么甲骨文不满赔偿公司倒闭员工不满一年怎么赔偿杰景新特杰德特这个英雄怎么样网站检测如何进行网站全面诊断www.e12.com.cn有什么好的高中学习网?www.765.com有没好的学习网站m.kan84.net电视剧海派甜心全集海派甜心在线观看海派甜心全集高清dvd快播迅雷下载www.15job.com广州天河区的南方人才市场
vps虚拟主机 猫咪永久域名收藏地址 俄罗斯vps vps动态ip 国内免备案主机 好看的留言 win8升级win10正式版 炎黄盛世 php空间推荐 可外链网盘 阿里校园 昆明蜗牛家 cloudlink phpwind论坛 新浪轻博客 免费网络电视直播 大容量存储模式 护卫神主机管理系统 灵动鬼影实录4 北京摇号申请网站 更多