Enable Enumeration

Enable Enumeration

1.      Introduction

Enumeration is a continuous and automated process that is executed to identify connected devices. The primary purpose of the enumeration is to classify the devices. Mainly, there are two modes of operation: Agent-Less and Agent.

2.      Enumeration Process:

a.     AGENT-LESS: 

Agent-less is most commonly used and easy to deploy method to identify your devices. No need to change any setting in your environment. NAC System tries to communicate each discovered device one-by-one by using a predefined credential. After successful connection to client devices, the system collects information about the client (hostname, system info e.t.c). Because user-provided credentials are used during the operation, successfully connected devices are enumerated or considered as an unclassifiable device. 

There are two steps to activate the agent-less process.

1. Define Enumeration Credential(s): You need to provide credential or username/password information to NAC System for Enumeration.

 To define your credential navigate to Settings-->Credential settings and click  button. The definition of credential is very straight forward. Sample windows credential definition is given below.


Figure 1 Credential Definition

2. Set Credential(s) and Enable Process:  You can define a different kind of credential for various functionalities. You need to set which credentials will be used for enumeration. To do this, on management interface navigate to Settings--> Global Settings and edit the setting:

ENUMERATE CLIENT CREDENTIAL NAME



Figure 2 Enumeration Credential Selection

Select the credential from the drop-down list. You can select more than one credential. Once finished, save your settings and proceed to the next setting, which is ENUMERATE CLIENT WITH REMOTE CONNECTION. 


Figure 3 Enable Agent-less Enumeration

These settings activate the enumeration process and system starts to make a connection to unidentified devices by using provided credential(s). The connection is determined based on the credential type that you provided, i.e. Windows Type of credential is used for WMI connection and SSH type of credential used only for ssh connection.

b.      AGENT:

 The agent is a small light-weight application which is installed on Client devices. NetCyte NAC provides an agent for Windows, Linux and Mac OS Operating systems. The agent runs as a service on the client devices and updates client status on the NAC system in a configured period (default is 300 second).  

Agent installer files can be downloaded from NAC Management platform using Agent Management --> Agent Packages


Figure 4 Agent Installer

Any host considered as a known device or enumerated if agent installed on it. Because agent installers created explicitly to each installation. The agent can not communicate with other NetCyte NAC environment

You can view all Agent installations by navigating to Agent Management main menu.


Figure 5 Agent Status

 



    • Related Articles

    • NetCyte Quick Deployment Guide

       NetCyte  Quick Deployment Document 1.      Summary This document is a summary of quick deployment of netCyte NAC solution from preconfigured virtual appliances 2.      Objective The objective of the quick deployment is to demonstrate discovery and ...
    • Inventory Rules

      1.      Introduction  Although granting network access only to authenticated and legitimate devices is of utmost importance, keeping the security posture at a high level is also necessary. Inventory Rules is used for continuously checking your ...
    • NetCyte DNS Security Quick Deployment Guide

        Captive Portal Quick Deployment Guide       1.      Summary This document is a summary of the quick deployment of the Captive Portal component of NetCyte NAC solution from pre-configured virtual appliances. 2.      Objective The objective of the ...
    • Alerts

      1.      Introduction Alert subsystem is an integral part of any system. NetCyte NAC supports SMTP (e-mail) and SMS (Text to Mobile Phone) based notifications. Different types of alerts can be routed, related person or team. 2.      Alert Before ...
    • NetCyte Management Main Screen

      One of the most crowded screen of NetCyte management platform is Main Screen or "All Host" screen. This part of management platform is designed to show general information about client device, system and other useful functionalities. In this article, ...