SK infosec Eagleye ========================================================================= This guide provides the configuration method for performing the user authentication integration function between SK infosec's Eagleye, a personal information detection and management product, and Genian NAC, a network access control system. Guide Overview ------------------------------------------------- When configuring integration between SK infosec's Eagleye and Genian NAC, the login process consists of Genian NAC authentication > Eagleye authentication program auto-execution > Eagleye authentication. (This is explained using the agent authentication plugin, which Genian NAC commonly utilizes for integration with third-party devices on user endpoints.) **Recommended Versions** .. csv-table:: :header: "Product Name (Component)", "Version", "Notes" :widths: 30 30 40 "Genian NAC (Policy Server)", "V5.0 or higher", "Release version after 2018.8" "Genian NAC (Agent)", "V5.0.6 or higher", "Release version after 2018.8" "Eagleye", "3.0 or higher (1.x, 2.x discontinued (2015))", "Release version after 2016.1" Purpose of Integration ------------------------------------------------- The integration of Genian NAC and SK infosec Eagleye provides the following effects. **SSO Environment Configuration** - When a user requests network access, the user's authentication status is checked. If unauthenticated, NAC authentication is requested via CWP. If Genian NAC authentication is successful, SK infosec Eagleye authentication is automatically performed, making additional authentication unnecessary for the user. If Genian NAC user authentication fails, network access is blocked and the CWP screen is displayed. **Actions such as Network Blocking for Unauthenticated SK infosec Eagleye Users** - Even if a personal information handler performs Genian NAC authentication, if the personal information management product necessary for business operations is not functioning normally, network access is disallowed to protect personal information. Prerequisites ------------------------------------------------- **Confirm Genian NAC Agent Plugin for Integration** Genian NAC utilizes the **Agent Authentication Window** plugin provided in the product's basic package for implementing user authentication integration to achieve SSO with SK infosec Eagleye. (It is provided by default, so you do not need to upload it separately.) .. csv-table:: :header: "Genian NAC Agent Plugin File Name", "Notes" :widths: 50 50 "NAC-GeniAuth-R-59378-1.1.0.gpf (detailed version may vary)", "Genian NAC Agent V5.0 or higher (Release version after 2018.8)" If the version of the basic agent plugin provided is equal to or higher than the recommended version in the guide, you do not need to upload it separately. **Confirm SK infosec Eagleye Authentication Integration File, File Execution Path, Execution Options** The SK infosec Eagleye authentication execution file must be obtained and installed from SK infosec. The path and execution options used for integration are as follows: Note) Each setting value may vary depending on the SK infosec Eagleye authentication integration execution file. 1) SK infosec Eagleye authentication execution file (e.g., EYNAC.EXE) 2) Execution Path: C:\IEC\EYNAC.EXE 3) Execution Options: cmd=–nac “–authid:{AUTH_ID}” Genian NAC Configuration for Integration ------------------------------------------------- This section covers only the minimum necessary Genian NAC settings for integration with SK infosec Eagleye. Perform this operation only once; it will be automatically applied thereafter. **Step 1: Confirm Agent Plugin Version for Integration** Go to **System > Update > Genian Software > Agent Plugins**, then compare the **Agent Authentication Window** plugin version. If the version is lower than **NAC-GeniAuth-R-59378-1.1.0.gpf**, execute **Step2**. **Step 2: Upload Agent Plugin for Integration** If the version is **NAC-GeniAuth-R-59378-1.1.0.gpf** or higher, skip **Step2**. 1) In Genian NAC Web Console, go to **System > Update > Genian Software > Agent Plugins** menu. 2) Select **Select Tasks > Plugin Upload > File Select**, then choose **NAC-GeniAuth-R-59378-1.1.X.gpf** plugin 3) Click **Upload** button **Step 3: Agent Node Action Configuration** 1) In Genian NAC Web Console, go to **Policy > Node Policy > Agent Action** menu 2) Click **Agent Authentication Window** plugin 3) In **Plugin Settings > Other > Run After Authentication**, click **Add** button to add setting values as follows .. csv-table:: :header: "Configuration Item", "Setting Value", "Notes" :widths: 15 35 50 "Execution Path", "Select ``Direct Path Input``", "Refer to 'Execution Path Settings' below" "Path Input Window", "*C:\IEC\EYNAC.EXE*", "May vary by customer; confirmation and recommended application" "Execution Options", "*-nac '-authid:{AUTH_ID}'*", " " "Encryption Method", "*None* input", "Encryption not supported" "Encryption Key", "No input", " " .. note:: - Execution Path Settings: Besides ``Direct Path Input``, 8 additional options are provided, but for relative paths, there is a possibility of changes due to OS patch updates, etc., so setting ``Direct Path Input`` is recommended **Step 4: Configure Node Policy for Agent Authentication Window Plugin Application** This process is for applying the agent authentication window plugin to node policies. If you are already utilizing the agent authentication window plugin, this can be omitted. 1) In Genian NAC Web Console, go to **Policy > Node Policy** menu 2) Click the **Node Policy** containing the **node group** (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group) 3) Go to **Agent Action** at the bottom and click **Assign** button 4) Move **Agent Authentication Window** node action to the right and click **Add** button 5) Click **Update** button at the bottom 6) Click **Apply Change Policy** button at the top right to apply policy