As a result of the COVID-19 pandemic, many organizations have been forced to rapidly shift to a work from home model. This distributed network model, and many of the increasingly used applications associated with it pose new security challenges. Recently, the popular web conferencing app Zoom came under scrutiny for alleged security issues, prompting many companies to prohibit the app from all employee devices. As organizations adapt to what may be the new norm, it is imperative that they maintain the ability to isolate and remove non-compliant applications, and devices from their networks.
Genian NAC has several features that can empower network administrators to accomplish this, even in a distributed network environment, where not all devices are company assets.
For Organization Owned Endpoints
For devices belonging to an organization, the Genian NAC agent can control which processes can run, which programs can be installed, and even manage the windows firewall remotely.
Find or configure a Node Policy that will contain the devices you wish to manage. For example, this can be accomplished by using the MAC address of any endpoint that you are managing with the agent as a grouping criteria. Configure the agent policy update interval and failsafe settings of the Node Policy to your desired settings. It is possible to configure the agent to run continually, even when disconnected from the Policy Server. Then add the agent actions desired to the Policy using the instructions below.
Use Case 1: Terminating Unauthorized Processes
- Add an agent action using the “Terminate Process” plugin.
- Enter the Process(es) you want to terminate in the conditions section. If you want to terminate any of the processes listed individually, make sure to use the OR operator.
- Configure an optional notification message to send to the device’s user upon program termination.
- Whenever the process is detected as running, it will be terminated, and your message will be displayed.
Use Case 2: Uninstalling Programs
- Add an agent action using the “Uninstall Programs” plugin.
- Enter the Program you want to uninstall.
- Configure an optional notification message, which account permissions to run the operation with, and what to do after the uninstall is completed.
- Set the execution interval to always.
- Whenever the process is detected as installed, it will be removed, and your message will be displayed.
Use Case 3: Blocking Application Traffic with Windows Firewall
- Add an agent action using the “Control Windows Firewall” plugin.
- Select if you would like enforcement policy permissions to be applied to the firewall (optional)
- Enter in the necessary port, protocol and address restrictions to block applications or features.
For BYOD Endpoints
For devices belonging to an individual, the Genian NAC agent can scan for prohibited software that may pose a security risk when the user is connected to the organization’s VPN. Instead of removing the software, or enforcing against a users private device, Genial NAC and use a sensor deployed in mirror mode to prevent communication with resources that should not be accessed by an endpoint with prohibited applications.
Find or configure a Node Policy that will contain the devices you wish to manage. For example, this can be accomplished by using the MAC address of any endpoint that you are managing with the agent as a grouping criteria. Configure the agent policy update interval and failsafe settings of the Node Policy to your desired settings. It is possible to configure the agent to run continually, even when disconnected from the Policy Server. Then configure the settings of an enforcement policy as shown below.
Use Case 4: Controlling BYOD at Risk
- Ensure the VPN subnet has a network sensor that is configured to operate in mirror mode.
- Add the “Collect Software” Plugin to the Node Policy.
- Create a Node group for nodes that have the prohibited software installed.
- Add the node group to a new or existing Enforcement Policy.
- Configure the permissions to select which resources the device can access, when, and with which protocols.
- If you wish to redirect the user to a captive portal for remediation, allow DNS. All DNS lookups will resolve to the Genians portal, and all non DNS traffic will be blocked using TCP Reset and ICMP Unreachable responses.