Re: Bulk blocking of all devices in Aruba ClearPass?

[Catherine Ullman <cende () BUFFALO EDU>]

Hi Jennifer,

 

Thank you for your insights!

 

Best,

Cathy

 

From: Jennifer Minella <jjx () cadinc com> 
Sent: Wednesday, June 9, 2021 12:16 PM
To: Catherine Ullman <cende () buffalo edu>
Cc: SECURITY () LISTSERV EDUCAUSE EDU
Subject: RE: Bulk blocking of all devices in Aruba ClearPass?

 

Hi Catherine, 

The policy someone mentioned is the mechanism within ClearPass and they may
have provided some additional info covering what you need. Outside of that,
there are a few options/ways in which to feed that information to a NAC
solutions. You can typically get posture info in a few ways:

-          From the posture agent within ClearPass (OnGuard)

-          From a supported MDM with direct integration 

-          From an API, log, or other external trigger with custom rules
(e.g. from SIEM, firewall, endpoint security platform)

 

You may also want to check on the WIRELESS group
WIRELESS-LAN () LISTSERV EDUCAUSE EDU
<mailto:WIRELESS-LAN () LISTSERV EDUCAUSE EDU> , I see a lot of ClearPass
conversations there.

 

Hope that helps! 

 

-jj

 

___________

Jennifer Minella, CISSP

VP of Engineering & Security

Carolina Advanced Digital, Inc.

 
<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cadinc
.com%2F&data=04%7C01%7Ccende%40buffalo.edu%7Cc024de1dfca54cf48c9b08d92b61ea9
1%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637588521841954648%7CUnknown%
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn
0%3D%7C1000&sdata=5bTzYkpRHIhK%2BSs49%2F32GN28BHDPc2qVpQTnpc6nEJo%3D&reserve
d=0> www.cadinc.com

 <mailto:jjx () cadinc com> jjx () cadinc com

919.460.1313 Main Office

919.539.2726 Mobile/text 



 

From: Catherine Ullman <cende () BUFFALO EDU> 
Sent: Tuesday, June 8, 2021 3:16 PM
Subject: Bulk blocking of all devices in Aruba ClearPass?

 

Greetings!

 

I've been asked to reach out and ask whether any of your institutions who
use Aruba Clearpass have a policy or procedure for bulk blocking of devices
in the event of something like a ransomware attack.  If you do any of you
have such a thing, are you willing to share?  Thank you in advance!

 

Best,

Cathy

 

 

Dr. Catherine J Ullman

Senior Information Security Forensic Analyst

Information Security Office

University at Buffalo

cende () buffalo edu <mailto:cende () buffalo edu> 

 

 

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Cc024de1dfca54cf48c9
b08d92b61ea91%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63758852184196460
3%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
wiLCJXVCI6Mn0%3D%7C1000&sdata=yzfg9DGKSNZH5zeP%2BSlps4b8DzIQDI%2B7gBX89E%2FL
zds%3D&reserved=0>  


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description: