RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Aruba ClearPass

Product
Developers: Aruba Networks
Last Release Date: 2019/05/15
Branches: Information technologies
Technology: SaaS - The software as service,  cybersecurity - Authentication,  Internet of Things of Internet of Things (IoT),  the ACS - Control and management systems for access

Content

2019

ClearPass server

ClearPass is the server of management of politicians of access for users to network and to specific network resources. It concerns as wireless users (in their case access control is always especially relevant), and wire. Through ClearPass the administrator defines who will be able to be connected to network as these or those users will be authenticated: will enter the permanent password, will receive the single password by the SMS, will address the office manager who on the special page in several clicks by a mouse will generate them the password, or the device of the user will be authenticated by the certificate without participation of the owner.

After the user was authenticated in network, ClearPass authorizes him, and rules can be configured extremely precisely: the user will have access strictly to those resources which are resolved specifically it.

According to information for November, 2019, ClearPass allows to create and to apply easily the flexible politicians combining a set of rules and parameters: for example, user authentication and machines, the used protocols, type and a status of the client device, the user's belonging to this or that group and many other things.

Other feature of ClearPass — profiling which allows to define type and the producer of the device connected to network. This information can be used and as additional parameter in politicians of access, and for work with the devices which are not supporting any means of authentication (these are, for example, many models of printers). Everything told fairly both for wireless, and for wire users.

One more important Aruba ClearPass function is support of the concept of BYOD (Bring Your Own Device) according to which employees can use the personal mobile devices for work. At the same time access to all necessary network resources is provided, and security of corporate network is not broken as access to the user is provided only after his device is checked for absence of viruses or jailbreak and existence of all relevant security updates.

As show the conducted researches, an opportunity to use for work at office and beyond its limits personal devices increases loyalty and productivity of employees and besides allows the company to save.

Release of ClearPass Device Insight

On May 15, 2019 the Aruba company announced release of the solution Aruba ClearPass Device Insight which provides to clients the uniform instrument of transparent monitoring, including automatic detection of devices, collection of information about the device and identification on the basis of machine learning. This solution allows the enterprises to fix security concerns and connections of IoT-devices to network, at the same time reducing the operating costs and difficulties connected with it.

Aruba ClearPass Device Insight

As noted in Aruba, when developing IoT-strategy of the organization works of networks around the world face security concerns also. Daily more than 14 million devices are connected to network. Explosive growth of number of absolutely different and unpredictable types of such devices does the "manual" analysis and profiling improper; automation becomes the key requirement of security of Internet of Things. There is also other problem: many IoT-devices are often connected to diverse overlay networks which usually support only one type of connection, such as Wi-Fi, Bluetooth or Zigbee.

According to the developer, in the solution ClearPass Device Insight machine learning and crowdsourcing for automation of detection and identification (fingerprinting) of all attached devices on any wired network and Wi-fi network irrespective of their producer is used. Advanced technologies from Laboratory of a research of data (Data Science Laboratory) Aruba include specially developed deep analysis of packets (DPI) for creation of the behavioural profiles providing exact identification of devices (fingerprinting). The cloud platform of ClearPass Device Insight makes use of collective experience of community for identification of new devices. Using the solution Aruba ClearPass Policy Manager and opportunities of Aruba Dynamic Segmentation technology for security, IT departments can automate authentication and application the politician up to the level of the device and the user, applying different politicians or rules of access depending on the role appointed for the device. If any device shows aberrant behavior, ClearPass is capable to place automatically it in a quarantine or to disconnect from network.

According to a research Gartner, "historically separated networks of departments of the enterprises, technology networks and networks of automation of buildings integrate in to infrastructure the enterprises, increasing both number IoT- devices, and an opportunity for attacks". The technology of a full stroke from Aruba eliminates "blind zones" and provides to IT specialists the automated and intelligent solution for security allowing to trace all huge volume and a variety of the devices connected to corporate network, often neglected from IT. Detailed data on each device, including the producer, location of the device, the used ports and protocols, the addresses of appointments and the volume of traffic are available on the uniform ClearPass panel, providing unobstructed sight and control of IoT-devices, claim in Aruba.

File:Aquote1.png
"The growing number of types of wire and wireless IoT-devices in our network is easy to distinguish an opportunity, without preventing operation of the sensitive medical equipment, is crucial for our purposes on security and compliances to requirements. We test the solution ClearPass Device Insight of Aruba company which helps us to detect and identify all attached devices. In case of integration with ClearPass Policy Manager we will have a powerful full-scale solution on use of security policies for each device".

Kevin Rothstein, network engineer, Sharp Healthcare
File:Aquote2.png

2016: Modules ClearPass

As of December 20, 2016, ClearPass does not require installation and is delivered as the ready virtual machine under all popular hypervisors though optionally a system can be purchased as the ready-made solution together with the server. Any modern web browser supporting HTML5 acts as the user interface.

For convenience of users the solution is separated into four functional modules

  • ClearPass Policy Manager;
  • ClearPass Onboard;
  • ClearPass OnGuard;
  • ClearPass Guest.

ClearPass Policy Manager allows to create politicians of access on the basis of roles or devices regardless of that, wire it is network, wireless infrastructure (Wi-fi) or VPN.

Policy Manager simplifies and automates setup of devices, creation of profiles, check for compliance to security policies. It also supports a possibility of emulation and monitoring of the created policy for check of working capacity and correctness of settings. The module provides a full support of NAC technologies (Network Access Control), NAP (Network Access Protection and TNC (Trusted Network Connect). For this purpose in ClearPass Policy Manager the built-in services RADIUS, TACACS+, CA, MDM, SSO are implemented.

The module is intended for the help to the administrator of an information network of the company in maintenance of compliance of a current status of network to the security policies announced in the company, for connection of network devices and automatic correction of discrepancies.

ClearPass Onboard is a part of Policy Manager and represents the module automating connection of the devices working running Windows, Mac OS X, iOS and Android. After connection to network provides automatic check of the device on compliance to all security policies and their observance. This tool also allows to implement the concept of BYOD in the computer network of the company.

ClearPass OnGuard is the software agent allowing to provide deep check of the device which is connected to network and at the same time to fulfill the requirements for security, for example, to check existence and the version of an antivirus, to block the agents set to Pear-to-Pear, use of external drives or connections to third-party networks, etc. Also automatically issues recommendations about observance of corporate security policies in case of negative result of check.

Basic purpose of this module – blocking or access restriction to corporate or guest network digging to devices or the users breaking security policies.

ClearPass Guest allows to automate process of receiving a guest access and at the same time to ensure safety of corporate network. Depending on the politician, the user can get temporary access only to certain time and in a certain place. Automatically creates and deletes a guest name and the password, unique for each user, delivers a name and the password by e-mail or the SMS. This scalable solution for support of tens of thousands of connections without participation of IT personnel includes adaptive Captive the portal and a possibility of a binding to payment systems. Is just irreplaceable system for Wi-Fi of networks of hotels, universities and marketplaces.

It should be noted that separation of Aruba ClearPass into modules rather conditional is more connected with a license policy. All modules work as the single solution allowing rather simply to implement broader services of an information network of the enterprise via the intuitive web interface.[1]

Notes