Manage ARP Table

The ARP protocol thus makes network traffic communications a relatively simple and straightforward affair. However, ARP is also inherently vulnerable from a security perspective. ARP requires no authentication whatsoever of the addressing information it receives from any network peer. All ARP replies are cached in the ARP table as described above; existing table entries are automatically overwritten by the most recent information received. This lack of authentication makes ARP an easy target for cyber-security exploitation.

In particular, ARP is highly vulnerable to attacks such as “ARP Spoofing” and “ARP Poisoning.” The point of such attacks, the nature of which will be discussed further below, and which can be initiated from some compromised network device or from the hacker themselves if they have acquired physical access to the network in question, is to compromise the integrity of a local network’s ARP table by associating an attacker’s MAC address with the IP address of a particular target host. In this way, network traffic intended for a particular destination will instead be forwarded on to the attacker’s host location. That traffic can them be modified, stolen, or simply observed in order to support some additional cyberattack purpose in an on-demand fashion. ARP-related security breaches are very difficult to detect and defend against precisely because the ARP information is maintained and transmitted only within the L2 broadcast domain. Vigilant network administrators cannot tell, simply by looking at an ARP table, whether it’s been compromised or not, unless they have established some manual system to keep track of the expected IP-to-MAC address relationships.

NAC provides a plugin to manage ARP tables to solve these problems. Delete static ARP to prevent vulnerabilities bypassing NAC.

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy > Agent Action in the left Policy panel.
  3. Find and click Manage ARP Table in the Agent Action window.

Under General section:

  1. For CWP Message, add message to be displayed in accordance with the Policy.
  2. For Label, add labels to help categorize your plugins with custom labels that appear in the "Description" field.

Under Agent Actions section:

  1. For Boolean Operator, choose AND or OR to add optional conditions.
  2. For Settings, click Add and select your optional conditions. Criteria/Operator/Value

Under Plugin Settings section:

  1. For Deleting Static ARP Entries, To remove static ARP set by the user of the Node that Agent is installed. (Except static ARP added by AAS)
  2. For Anti ARP Spoofing (AAS), To add Conflict Prevention Nodes to ARP table as Static.
    • Node Group : To apply specific Node Group (If not selected, it applies to all Nodes to which Agent Action is assigned)
  3. Click Update.
  4. Go to Node Policy in the left Policy panel.
  5. Click the Default Policy in Node Policy window.
  6. Find Agent Action. Click Assign.
  7. Find Manage ARP Table in the Available section. Select and drag it into the Selected section.
  8. Click Add.
  9. Click Update.