SK infosec Eagleye

This guide provides the configuration method for performing the user authentication integration function between SK infosec's Eagleye, a personal information detection and management product, and Genian NAC, a network access control system.

Guide Overview

When configuring integration between SK infosec's Eagleye and Genian NAC, the login process consists of Genian NAC authentication > Eagleye authentication program auto-execution > Eagleye authentication.

(This is explained using the agent authentication plugin, which Genian NAC commonly utilizes for integration with third-party devices on user endpoints.)

Recommended Versions

Product Name (Component) Version Notes
Genian NAC (Policy Server) V5.0 or higher Release version after 2018.8
Genian NAC (Agent) V5.0.6 or higher Release version after 2018.8
Eagleye 3.0 or higher (1.x, 2.x discontinued (2015)) Release version after 2016.1

Purpose of Integration

The integration of Genian NAC and SK infosec Eagleye provides the following effects.

SSO Environment Configuration

  • When a user requests network access, the user's authentication status is checked. If unauthenticated, NAC authentication is requested via CWP. If Genian NAC authentication is successful, SK infosec Eagleye authentication is automatically performed, making additional authentication unnecessary for the user.

    If Genian NAC user authentication fails, network access is blocked and the CWP screen is displayed.

Actions such as Network Blocking for Unauthenticated SK infosec Eagleye Users
  • Even if a personal information handler performs Genian NAC authentication, if the personal information management product necessary for business operations is not functioning normally, network access is disallowed to protect personal information.

Prerequisites

Confirm Genian NAC Agent Plugin for Integration

Genian NAC utilizes the Agent Authentication Window plugin provided in the product's basic package for implementing user authentication integration to achieve SSO with SK infosec Eagleye.

(It is provided by default, so you do not need to upload it separately.)

Genian NAC Agent Plugin File Name Notes
NAC-GeniAuth-R-59378-1.1.0.gpf (detailed version may vary) Genian NAC Agent V5.0 or higher (Release version after 2018.8)

If the version of the basic agent plugin provided is equal to or higher than the recommended version in the guide, you do not need to upload it separately.

Confirm SK infosec Eagleye Authentication Integration File, File Execution Path, Execution Options

The SK infosec Eagleye authentication execution file must be obtained and installed from SK infosec. The path and execution options used for integration are as follows:

Note) Each setting value may vary depending on the SK infosec Eagleye authentication integration execution file.

  1. SK infosec Eagleye authentication execution file (e.g., EYNAC.EXE)
  2. Execution Path: C:IECEYNAC.EXE
  3. Execution Options: cmd=–nac “–authid:{AUTH_ID}”

Genian NAC Configuration for Integration

This section covers only the minimum necessary Genian NAC settings for integration with SK infosec Eagleye. Perform this operation only once; it will be automatically applied thereafter.

Step 1: Confirm Agent Plugin Version for Integration

Go to System > Update > Genian Software > Agent Plugins, then compare the Agent Authentication Window plugin version.

If the version is lower than NAC-GeniAuth-R-59378-1.1.0.gpf, execute Step2.

Step 2: Upload Agent Plugin for Integration

If the version is NAC-GeniAuth-R-59378-1.1.0.gpf or higher, skip Step2.

  1. In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugins menu.
  2. Select Select Tasks > Plugin Upload > File Select, then choose NAC-GeniAuth-R-59378-1.1.X.gpf plugin
  3. Click Upload button
Step 3: Agent Node Action Configuration 1) In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu
  1. Click Agent Authentication Window plugin
  2. In Plugin Settings > Other > Run After Authentication, click Add button to add setting values as follows
Configuration Item Setting Value Notes
Execution Path Select Direct Path Input Refer to 'Execution Path Settings' below
Path Input Window C:IECEYNAC.EXE May vary by customer; confirmation and recommended application
Execution Options -nac '-authid:{AUTH_ID}'  
Encryption Method None input Encryption not supported
Encryption Key No input  

Note

  • Execution Path Settings: Besides Direct Path Input, 8 additional options are provided, but for relative paths, there is a possibility of changes due to OS patch updates, etc., so setting Direct Path Input is recommended
Step 4: Configure Node Policy for Agent Authentication Window Plugin Application

This process is for applying the agent authentication window plugin to node policies. If you are already utilizing the agent authentication window plugin, this can be omitted.

  1. In Genian NAC Web Console, go to Policy > Node Policy menu
  2. Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group)
  3. Go to Agent Action at the bottom and click Assign button
  4. Move Agent Authentication Window node action to the right and click Add button
  5. Click Update button at the bottom
  6. Click Apply Change Policy button at the top right to apply policy