Multi-Homed / Ad hoc Network
A Genian Agent can immediately detect a multi-homed configuration and Ad hoc network connections in a variety of ways. If a computer having more than one IP address configured connects to more than one network and one of them is not on the trusted network, then Genian NAC designates the Node as a critical one.
This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy.
See: Controlling Network Interface.
Configure Settings for Multi-Homed / Ad hoc Network in Anomaly Definition
- Go to Policy in the top panel.
- Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.
- Click Multi-Homed / Ad hoc Network.
- Find Anomaly Event: section to configure more options
- For Trusted Network Scope: (An option may be configurable in Policy > Object > Network.)
- For Sensor Network as Trusted: (This prevents from not being on the trusted network if a Sensor changes its management scope.)
- For Agent Control select Yes to configure more options and you may
specify the followings:
- Response: Disabling Device or Generating Logs.
- Interface Disabled Notification: Yes or No.
- External Device Exceptions: optional setting to specify the device to be an exception to this Anomaly. (The name must be the exact match, therefore, you had better configure Interface Type Exception instead)
- Interface Type Exception: Wired, Wireless or Virtual.
- Click Update.
Create Node Group For Multi-Homed / Ad hoc Network Connected
- Go to Policy in the top panel.
- Go to Policy > Group > Node in the left Policy panel.
- Click on Tasks > Create
- For ID: Multi-Homed / Ad hoc Network Connected.
- For Status: Enabled.
- For Boolean Operator select OR.
- Find and click on Add in Condition section.
- For each Anomaly you want to add use the followings:
- Options: Anomaly.
- Operator: Detected is one of:
- Value: Multi-Homed / Ad hoc Network.
- Click Add.
- Keep adding Conditions as needed.
- Click Save.