Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Overview and System Design Guide

4.6.6 Analysis of network monitoring requirements

To prevent information leaks and virus infections caused by unauthorized devices brought into the network, use network monitoring to prevent unauthorized devices from being connected to the organization's network.

You must determine the network monitoring methods, the networks to be monitored, and the devices permitted for network connection.

Determining the network monitoring method

There are two network monitoring methods as described below. Decide which method you should use.

Blacklist method

This method specifies the devices that are prohibited from connecting to the network. This blocks network connection of the registered devices. Other devices are permitted to connect to the network. Use this method if you want to generally permit network connection and prohibit network connection only when an unauthorized device is found.

When using the blacklist method, we recommend that you enable all automatic updates of the network control list. By doing so, you can ensure that no superfluous information remains on the network control list. If you enable automatic updates only for add operations, superfluous information remains in the network control list, creating a need for manual maintenance by the system administrator.

For details about how to configure automatic update of the network control list, see the description of editing the automatic update of the network filter list in the JP1/IT Desktop Management 2 Administration Guide.

Whitelist method

This method specifies the devices permitted for network connection in advance. The registered devices can connect to the network. Network connection attempted from any other devices is automatically blocked. Use this method if you want to ensure robust security for network connection of devices.

When using the whitelist method, by enabling all automatic updates of the network control list, you can automatically prevent sharing of NICs (including wireless LAN cards). However, depending on exactly when automatic updates are enabled, devices might be prevented from accessing the network. If you enable automatic updates only for add operations, you can prevent NIC sharing by making maintenance of the network control list the responsibility of the system administrator.

For details about how to configure automatic update of the network control list, see the description of editing automatic update settings in the JP1/IT Desktop Management 2 Administration Guide.

Tip

You can specify the monitoring method for each network segment.

Deciding the network segments to be monitored

Because a network monitor is installed in each network segment, you must decide which network segments in the organization will be monitored.

To monitor the network, you must install computers with the network monitor enabled in the target network segments. A single computer with the network monitor enabled can monitor multiple network segments if that computer can use multiple network cards to connect to multiple networks. Network monitoring takes effect as long as the network monitor is running. Therefore, ensure that the network monitor is enabled on a computer that runs 24 hours a day and on which an agent can be installed.

Deciding the devices subject to network connection control

Devices you should decide vary depending on the network monitoring method.

For the blacklist method:

Determine the devices that are to be prohibited from connecting to the network. Check the IP addresses and MAC addresses used for registering the devices manually.

For the whitelist method:

Use the network search function or install agents to discover all devices to be permitted for network connection. Note that if the network monitor is enabled on a computer, devices that exist in that network segment will automatically be discovered.

Tip

Use one of the following methods to register the devices subject to network connection control.

  • Use the network search function or network monitor to discover devices (devices are automatically registered).

  • Connect a computer with an agent installed (devices are automatically registered).

  • An administrator registers devices manually.

Tip

Because the whitelist method requires you to extract all devices that will be permitted for network connection, operation is difficult at the beginning. You can also use the blacklist method to monitor the network in an early stage of operation, and then change the method to the whitelist method after all devices have been extracted.

Tip

When you use the network monitor, all computers permitted for network connection must be registered as management targets. Devices other than computers need not be management targets.

Quarantine communication

You can set up a device to which devices blocked from the network can connect. Consider the devices appropriate for the operation methods of the organization.

For example, you might set up a security measurement server. This allows computers that have been automatically blocked due to insufficient security measures to connect to the management server and security measurement server. You can also configure the computers to use a troubleshooting tool from the security measurement server and then automatically connect to the network when the security is ensured.

To Page Top

Copyright (C) 2019, 2022, Hitachi, Ltd.

Copyright (C) 2019, 2022, Hitachi Solutions, Ltd.

Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.