Captive Portal Quick
Deployment
Guide
This document is a
summary of the quick deployment of the Captive Portal component of NetCyte NAC solution
from pre-configured virtual appliances.
The objective of the
quick deployment guide is to demonstrate the Captive Portal’s integration with
NetCyte NAC Solution and how DNS based filtering works. Please send a request
to demo@cybercyte.com for a more detailed POC.
For quick
installation, Captive Portal is available with pre-configured VMWare or Hyper-V
images.
Component |
System Requirement |
Software Version |
Remarks |
Captive Portal |
4 Virtual
Cores 8 GB RAM 150 GB HDD |
All Required
software is installed |
Given for 100 users |
Table 1 System Requirement
Please use the below links to
download predefined Virtual Machine according to your virtualisation
environment
For VMWare ESX Environment
http://download.netcyte.com/NetCyte/NetCyte-Captive-ESX.zip
For Hyper-V Environment:
http://download.netcyte.com/NetCyte/Netcyte-Captive-HyperV.zip
For deployment of the virtual
machine, please refer to your virtualisation platform guide. Once you finish
deployment, you can access the Captive Portal through the console.
To log in to Captive Portal use:
Username: root
Password: Password12345
Once you log in to the system, run the initialize_captive command on the console to set initial system configuration.
Figure 1 Captive Initialisation
Settings |
Explanation |
e0 settings |
Eth0, e0 is used for inline
deployment, and you can set any IP address |
e1 settings |
Eth1, e1 is the interface used
for communication with external systems. Captive Portal will communicate
NetCyte NAC System, goes through the Internet and answer Client DNS request
via this IP. |
Database Used |
Type of database used. For the NetCyte
NAC Integration always select option 2. |
MS-SQL Remote IP |
Remote IP address of MSSQL
Database server. |
MS-SQL Database |
NetCyte NAC Server main database
name. Default is netcyte. |
MS-SQL Username |
MSSQL User name to access
netcyte database. This user should have Read/Write/Delete privileges on netcyte
database. If you are using NetCyte Preconfigured NAC Virtual Machine, use "sa"
as a user. |
MS-SQL
Password |
The password of MSSQL user. If
you are using NetCyte Preconfigured NAC Virtual Machine uses
"Password12345!!" |
Connection Interval |
Define how often Captive Portal will check configuration
changes on NAC Database. |
LDAP/Domain |
Enter
your Active Directory IP address and FQDN of your domain |
Table 2 Captive Portal Initial Settings
Once you finish your settings, you can access Captive Portal using SSH via e1 IP Address. Also, you can check your Captive Installation on NetCyte Management interface using menu Captive Portalà Captive Portal Settings under Captive monitoring.
Figure 2 Captive Portal Monitoring
For DNS filtering
configuration, the first step is to configure dnsmasq service.
Open dnsmasq
configuration file /etc/dnsmasq.conf and and set listen-address = 127.0.0.1, <eth1
IP address> and go to end of the file and change address= /#/<eth1
ipaddress>. You can use nano. e.g.
nano /etc/dnsmasq.conf
Before proceeding with
DNSCyte integration, you need to create an account on the DNSCyte Cloud. Please
flow instructions on https://docs.dnscyte.com/registration to create an account. Your captive Portal will
be registered under this account.
After Creating your
account under DNSCyte Cloud, log in to your Captive Portal again and execute /etc/dnscyte/dnssenseregister.bash
script to register and start DnsCyte Docker image on the Captive Portal. The
script will ask your DNSCyte Cloud user information that you created
previously.
If your script is successfully executed, you can see your device on DNSCyte Cloud. Go to https://portal.dnscyte.com and log in to your account. Goto Deployment à Devices and you will see your device under Local DNS Relay Servers section. You can assign a different profile to your device for filtering client requests.
Figure 3 DnsCyte Device Registration
There are two modes of
operation in Captive Portal, Guest Mode and Corporate Mode. The basic operations
are:
Guest Mode: Always requires
authentication before allowing access. Once access is granted, i.e. the user is
authenticated, allow to access the Internet and start to monitor user activity.
If the user creates malicious traffic and exceeds threshold levels, then block
user.
To enable the guest
mode, execute: /netcyte/script/
initialise_dnscyte_guest.sh command
Corporate Mode: Always allow access and monitor user traffic.
If the user creates malicious traffic and exceeds threshold levels, then block
user.
To enable the
corporate mode, execute: /netcyte/script/
initialise_dnscyte_corporate.sh command
After enabling any of
the modes to go to NetCyte Management console navigate to SettingsàEngine Settings
and Goto Captive Portal Settings, your captive Portal will be seen here with
DNSCyte Box ID.
You can search detailed client access logs using this box id on the DnsCyte Cloud.
Figure 4 DNSCyte Filtering Activated.
Note: For testing and monitoring purpose enable corporate
mode and set DNS Server of your Client Device pointing to your Captive Portal
eth1 or e1 interface IP address.
After successful configuration, registering and filtering mode setting you can enable DNS based filtering on NetCyte NAC Management console. Go to Inventory ManagementàInventory Rules and Click Add New Rule. On the Rule Types section Filter DNSCyte Thread Analysis and double click on the rule to configure your policy.
Figure 5 Rule Type Filtering
Figure 6 Rule Settings
Rule Setting |
Explanation |
Blocked
Categories |
Monitored
Categories. Hit counts will be retrieved from DnsCyte Cloud for a given
Interval |
Blocking
Hit Count |
Number
of total access in monitored categories for a client for blocking |
Interval |
Hit
Count calculation interval. The system calculates total hit count for last
interval minutes |
Redirect
to Captive Portal |
Enable/Disable
Blocking on Captive Portal |
Notification
Message |
Notification
Message that will be shown by Captive Portal |
Track
Blocking History |
Enable excessive
blocking on client devices. Default is y |
Table 3 DnsCyte Rule Settings
After finishing your
settings, click save button to return rule definition page. On the Rule
definition page give a name to your rule, select Tag Query Mapping as
All-Devices and enable the “Status” for activating rule. The rule is
immediately activated in the background.
Figure 7 DnsSyte Rule Definition
Even Inventory Rule
takes effect immediately after creation retrieving logs may take a little time
because of your time interval settings.
Figure 8 DnsCyte Detailed Logs
To view, the graphical representation of your log data
go to Visualisation and Analysis àDNS Threat Analysis
Figure 9 DNSCyte Visual Analysis