.. _dpi: Genian Device Platform Intelligence (GDPI) ========================================== What is GDPI ------------ BYOD, which uses a personal device in a business network, or IoT, in which all IT devices are connected to a network, makes todays networks more sophisticated and versatile than before. This puts a heavy burden on administrators responsible for IT security. IT managers need to protect the network from vulnerable devices by allowing only authorized devices to connect to the network. However, it is not easy to identify and manage the various devices that are connected between many access points in an organization. Genian NAC provides Device Platform Intelligence to make this task easier for administrators. First, Device Platform Intelligence identifies the manufacturer, product name, and model name of devices connected to the network through various intelligent methods. Through the identified Device Platform, the administrator can inquire various information possessed by the device such as: - Photos of the device - Type of device connection (wired, wireless) - End of Sale (EOS) status of the device. - End of Life (EOL) status of the device - Manufacturer - Country of manufacturer - Manufacturer Business Continuity Status - Acquisition of manufacturer This additional information makes it easier for administrators to manage IT by providing greater visibility into devices on their network. Device Platform and CVE ----------------------- Common Vulnerabilities and Exposures (CVE) is a database of vulnerabilities in IT equipment and software provided by `MITER`_. More than 1,000 new vulnerabilities are released each month. IT managers must identify vulnerabilities associated with IT devices they manage. Genian NAC can identify the IT devices in the network and show their CVEs to make network management easier. .. _MITER: https://cve.mitre.org/ How to Detect Device Platform ----------------------------- Genian NAC will detect connected device platforms using various information collected by the **Network Sensor**. When a device connects to the network, packets are sent out and the device responds with one or more protocols. Genian NAC uses the following protocols to detect devices platform information Active Method: - HTTP / HTTPS header and body - Web Browser User-Agent - TELNET / SSH / SMTP banners - Open Port - SNMP OID / Description - SIP - and more Passive Method: - Web Browser User-Agent (using SPAN port) - MAC Address - Hostname - DHCP Request - UPNP - HPSLP - and more Genian NAC is using our own, highly advanced platform database (GPDB) for detecting device platforms. GPDB has various patterns for matching against device information to ensure that platforms are accurately detected. To provide paramount accuracy, the GPDB is updated weekly so that the newest devices on the market can be quickly identified within the network. (*Weekly GPDB updates are for the Paid Edition Only. The Free Edition’s GPDB is updated monthly*) Node Types ---------- Each Device Platform has a Node Type, such as: - Policy Server - Network Sensor - Virtual Sensor - Agent Sensor - Switch Port - Sensor Alias - Virtual IP - Wireless Sensor - Undefined - PC - Mobile Device - Server - Network Appliance - Wireless Device - Router - Switch - Security Device - Printer - VOIP - Other You can browse or make policy based on this node type information. Genian Platform Database (GPDB) ------------------------------- GPDB is a database that stores device platform detection pattern and device platform information related to GDPI. This GPDB is constantly updated via Genians' device platform engineers. This makes it possible to detect new devices quickly without any additional work. To check the time of the last updated GPDB #. Go to **System > Genian Data** #. See time of **Platform Information** See Device Platform Intelligence -------------------------------- You can see additional device platform information through `Device Platform Intelligence`_ page. .. _Device Platform Intelligence: https://www.genians.com/device-platform-intelligence/ To see individual nodes information, #. Go to **Management > Node** in the top panel #. Find and click a desired **Platform** name of **Node** Define a Node Platform Manually ------------------------------- #. Go to **Management > Node** in the top panel #. Select the desired node’s **IP Address** Under **General** tab #. For **Platform**, click **Checkbox** to **Manually define** #. Manually enter **Platform Name** #. Click **Update** .. note:: In Node View you will now see a Icon next to name in the Platform Column. This Icon will indicate this has been manually defined. Create a User-defined Node Type ------------------------------- #. Go to **Preferences** in the top panel #. Go to **Properties > Node Type** in the left Preferences panel #. Click **Tasks > Create** #. Enter a **Name** and select an **Icon** (*Click **Add** to upload your own icon*) #. Click **Save** .. note:: A User-defined Node Type must be defined manually and added to the node. #. Go to **Management > Node** in the top panel #. Click on desired node **IP Address** Under **General** tab #. For **Node Type**, click **Checkbox** to **Manually define** #. Select **Node Type** #. Click Update Report Unknown/Wrong Platform Detection --------------------------------------- If for some reason Genian NAC cannot detect the Platform of a device, one of the following could be the underlying reason: - **Not enough information**: A device is not sending packets or is not responding to any request. This is possible if the OS has a Firewall active - **No matching pattern in GPDB**: Node information has some evidence of a specific Platform, but the GPDB does not have that matching pattern yet. In case there is no matching pattern in our GPDB, you can send that Nodes information to the Genian Cloud using the Report Wrong Platform dialog. Once Genians has received the report, our engineers will investigate the Platform pattern and update it to the GPDB. Disable Reporting Unknown Platform ---------------------------------- By default, Genian NAC sends a Report Wrong Platform for unknown Platform Nodes every day. All sent information is readable from outside of the device. To deactivate sending a Report Wrong Platform to the Genian Cloud, follow these steps: #. Go to **Preferences** in the top panel #. Go to **General > Node** in the left Preferences panel Under **Detection** #. For **Reporting Unknown Platform**, select **Off** #. Click **Update**