Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Overview and System Design Guide


2.8.9 Managing network access using a blacklist

You can take a blacklist approach to managing network access, whereby a list is kept of devices for which you want to deny network access. We recommend this approach when there are specific devices, such as computers that must operate on a standalone basis or personal computers employees bring from home, whose network access might present a security risk.

Tip

When you first begin to monitor the network, you need to permit network access for a large number of devices. In this type of scenario, a blacklist can save you time by allowing you to permit network access for all devices, and then identify computers that should not have access to the network as time permits.

The following figure shows an overview of network access control using a blacklist approach.

[Figure]

1. Register devices for which you want to deny network access.

In the Network Access Control - Network Filter Settings view of the Settings module, register devices that should not have network access. For details about how to manage the network control list, see 2.8.8 Managing the network control list.

2. Permit network access by all devices.

In the Network Access Control - Assign Network Access Control Settings view of the Settings module, assign a network monitor setting to all network segments that permits network access. For details about network monitor settings, see 2.8.7 Managing network monitor settings.

As a result, only the devices you registered in step 1 are blocked from the network.

When one of these devices attempts to connect to the network, it is blocked and an event is generated.