Captive Portal Quick Deployment

Guide

1.      Summary

This document is a summary of the quick deployment of the Captive Portal component of NetCyte NAC solution from pre-configured virtual appliances.

2.      Objective

The objective of the quick deployment guide is to demonstrate the Captive Portal’s integration with NetCyte NAC Solution and how DNS based filtering works. Please send a request to demo@cybercyte.com for a more detailed POC.

3.      Components

For quick installation, Captive Portal is available with pre-configured VMWare or Hyper-V images.

4.      System Requirements

Table 1 System Requirement

5.      Installation Steps

a)             Download Virtual Machine Images and Deploy Your Environment

Please use the below links to download predefined Virtual Machine according to your virtualisation environment

For VMWare ESX Environment

http://download.netcyte.com/NetCyte/NetCyte-Captive-ESX.zip

For Hyper-V Environment:

http://download.netcyte.com/NetCyte/Netcyte-Captive-HyperV.zip

For deployment of the virtual machine, please refer to your virtualisation platform guide. Once you finish deployment, you can access the Captive Portal through the console.

To log in to Captive Portal use:

Username: root

Password: Password12345

b)             Initial Settings and Integration with NetCyte NAC System

Once you log in to the system, run the initialize_captive command on the console to set initial system configuration.

Figure 1 Captive Initialisation

Table 2 Captive Portal Initial Settings

Once you finish your settings, you can access Captive Portal using SSH via e1 IP Address. Also, you can check your Captive Installation on NetCyte Management interface using menu Captive Portalà Captive Portal Settings under Captive monitoring.

Figure 2 Captive Portal Monitoring

c)              Configure DNS Filtering

For DNS filtering configuration, the first step is to configure dnsmasq service.

Open dnsmasq configuration file /etc/dnsmasq.conf and and set listen-address = 127.0.0.1, <eth1 IP address> and go to end of the file and change address= /#/<eth1 ipaddress>. You can use nano.   e.g. nano /etc/dnsmasq.conf

Before proceeding with DNSCyte integration, you need to create an account on the DNSCyte Cloud. Please flow instructions on https://docs.dnscyte.com/registration to create an account. Your captive Portal will be registered under this account.

After Creating your account under DNSCyte Cloud, log in to your Captive Portal again and execute /etc/dnscyte/dnssenseregister.bash script to register and start DnsCyte Docker image on the Captive Portal. The script will ask your DNSCyte Cloud user information that you created previously.

If your script is successfully executed, you can see your device on DNSCyte Cloud. Go to https://portal.dnscyte.com and log in to your account. Goto Deployment à Devices and you will see your device under Local DNS Relay Servers section. You can assign a different profile to your device for filtering client requests.

Figure 3 DnsCyte Device Registration

d)             Enabling Filtering Modes and Activating DNS Based Filter

There are two modes of operation in Captive Portal, Guest Mode and Corporate Mode. The basic operations are:

 Guest Mode: Always requires authentication before allowing access. Once access is granted, i.e. the user is authenticated, allow to access the Internet and start to monitor user activity. If the user creates malicious traffic and exceeds threshold levels, then block user.

To enable the guest mode, execute: /netcyte/script/ initialise_dnscyte_guest.sh command

Corporate Mode: Always allow access and monitor user traffic. If the user creates malicious traffic and exceeds threshold levels, then block user.

To enable the corporate mode, execute: /netcyte/script/ initialise_dnscyte_corporate.sh command

After enabling any of the modes to go to NetCyte Management console navigate to SettingsàEngine Settings and Goto Captive Portal Settings, your captive Portal will be seen here with DNSCyte Box ID.

You can search detailed client access logs using this box id on the DnsCyte Cloud.

Figure 4 DNSCyte Filtering Activated.

Note: For testing and monitoring purpose enable corporate mode and set DNS Server of your Client Device pointing to your Captive Portal eth1 or e1 interface IP address.

After successful configuration, registering and filtering mode setting you can enable DNS based filtering on NetCyte NAC Management console. Go to Inventory ManagementàInventory Rules and Click Add New Rule. On the Rule Types section Filter DNSCyte Thread Analysis and double click on the rule to configure your policy.

Figure 5 Rule Type Filtering

Figure 6 Rule Settings 

Table 3 DnsCyte Rule Settings

After finishing your settings, click save button to return rule definition page. On the Rule definition page give a name to your rule, select Tag Query Mapping as All-Devices and enable the “Status” for activating rule. The rule is immediately activated in the background.

 
Figure 7 DnsSyte Rule Definition

e)             Monitoring Client Activities

Even Inventory Rule takes effect immediately after creation retrieving logs may take a little time because of your time interval settings.

                       Figure 8 DnsCyte Detailed Logs

To view, the graphical representation of your log data go to Visualisation and Analysis àDNS Threat Analysis

Figure 9 DNSCyte Visual Analysis