Automated Client Registration and Remediation - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Automated Client Registration and Remediation

Description:

... and Remediation. Introductions. Josh Ballard, Network Security Analyst, bal_at_k-state.edu ... Provide a user-friendly, scalable, automated network client ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 22
Provided by: pep29
Category:

less

Transcript and Presenter's Notes

Title: Automated Client Registration and Remediation


1
Automated Client Registration and Remediation
2
Introductions
  • Josh Ballard, Network Security Analyst,
    bal_at_k-state.edu
  • Richard Becker, Network Technology Manager,
    rlb_at_k-state.edu

3
Agenda
  • Business Problem
  • Requirements
  • Vendors
  • How Bradford Campus Manager Works
  • Implementation
  • Experiences Fall 2006
  • Experiences Spring 2007
  • Demonstration

4
Business Problem
  • Provide a user-friendly, scalable, automated
    network client registration and remediation
    service to enforce security policies for the
    residence halls
  • In past years, process was very staff intensive
    and frustrating and inconvenient for students

5
Requirements
  • Out-of-band policy enforcement
  • Support for high-availability
  • Vendor agnostic
  • Appliance based
  • Use existing LDAP / radius authentication
    infrastructure
  • Offer differing levels of administrative access

6
Requirements (continued)
  • Support wired and wireless clients
  • Support Cisco and 3Com switches, and Aironet
    access points
  • Enforce policy on clients attached via hubs or
    unmanaged switches
  • Allow for client remediation
  • Allow students to perform a system pre-check
    before arriving on campus

7
Requirements (continued)
  • Be scalable (up to 20,000 clients)
  • Support Windows 2K and above,
  • Mac OS X, and Linux

8
Vendors
  • Cisco - Clean Access
  • Client Assessment Tool
  • Bradford Campus Manager

9
Cisco Clean Access
  • Supported in or out-of-band policy enforcement
  • Solution did not fit well with our environment

10
Client Assessment Tool
  • Would have been used with existing registration
    infrastructure
  • Existing registration infrastructure would need
    significant modification to incorporate support

11
Bradford Campus Manager (BCM)
  • Supported most requirements
  • Each set of appliances supports up to 6,000
    clients
  • Java based GUI

12
BCM - How it Works
  • Operates using VLAN switching
  • snmp traps used to detect new clients
  • Captive portal
  • Provides DHCP and DNS for clients in
    registration, remediation, and dead-end
  • Dead-end VLAN for manually removing a client from
    the network
  • Agent installation

13
BCM Agent Installation
  • Windows systems install persistent agent
  • OS X and Linux clients use run once client

14
BCM Policy Compliance Verification
  • After agent installed, system is checked for
    policy compliance
  • If compliant, client placed on production VLAN
  • If non-compliant, client is informed of
    violations and switched to remediation VLAN

15
Implementation
  • Deployed 2 sets of appliances
  • Used persistent agent for Windows
  • Used run-once client for OS X and Linux
  • Configured ResHall network devices
  • Initially, did not support PDAs, game devices, or
    wireless clients
  • Performed rollout across all residence halls Fall
    2006

16
Experiences The Good, Bad, and Ugly
  • 3Com switches 1100s and 3300s were very slow to
    respond
  • 3Com switches would lock-up after a short period
    of time
  • Significant delays in switching clients from one
    VLAN to another
  • Issues when client computers went into suspend

17
Experiences (continued)
  • IE Browser caching issues
  • Java issues with management GUI
  • Backed out forced registration / remediation

18
Spring 2007 Rollout
  • Performed a staged rollout one residence hall at
    a time
  • Wireless infrastructure was put under BCM control
  • Worked much better than the fall semester
  • Less security incidents, but user decisions still
    result in compromises

19
Current Status
  • Automatic failover is supported - Test
  • Adding Jardine complex (30 buildings and 1,200
    more clients)
  • Working with Bradford to support new switch
    vendor

20
Demo
21
Questions?
  • Thanks for attending
Write a Comment
User Comments (0)
About PowerShow.com