Dell One Identity Cloud Access Manager 8.0.1 - SonicWALL Integration Overview



Similar documents
Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager How to Configure for High Availability

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Dell Statistica Statistica Enterprise Installation Instructions

Dell One Identity Cloud Access Manager Installation Guide

Security Analytics Engine 1.0. Help Desk User Guide

Dell InTrust Preparing for Auditing CheckPoint Firewall

formerly Help Desk Authority Quest Free Network Tools User Manual

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Dell Statistica Document Management System (SDMS) Installation Instructions

Object Level Authentication

Introduction to Version Control in

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

New Features and Enhancements

Dell InTrust Preparing for Auditing Microsoft SQL Server

Enterprise Reporter Report Library

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

About Recovery Manager for Active

formerly Help Desk Authority Upgrade Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Quest vworkspace Virtual Desktop Extensions for Linux

formerly Help Desk Authority HDAccess Administrator Guide

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell Spotlight on Active Directory Deployment Guide

Dell NetVault Backup Plug-in for SQL Server 6.1

Dell NetVault Backup Plug-in for SQL Server

Dell One Identity Quick Connect for Cloud Services 3.6.1

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Dell One Identity Quick Connect for Cloud Services 3.6.0

How to Deploy Models using Statistica SVB Nodes

Dell InTrust 11.0 Best Practices Report Pack

Dell SonicWALL Directory Services Connector

Dell MessageStats for Lync and the MessageStats Report Pack for Lync & OCS 7.3. User Guide

Defender Delegated Administration. User Guide

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

formerly Help Desk Authority HDAccess User Manual

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Foglight Cartridge for Active Directory Installation Guide

Defender 5.7. Remote Access User Guide

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

Top 10 Most Popular Reports in Enterprise Reporter

4.0. Offline Folder Wizard. User Guide

Organized, Hybridized Network Monitoring

Quick Connect Express for Active Directory

Security Explorer 9.5. User Guide

Dell Directory Analyzer Installation Guide

Dell Client Profile Updating Utility 5.5.6

Quest Collaboration Services How it Works Guide

Quest ChangeAuditor 4.8

Toad for Apache Hadoop 1.1.0

Go beyond basic up/down monitoring

Quest Collaboration Services 3.5. How it Works Guide

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

About Dell Statistica

Dell Migration Manager for Exchange Product Overview

Quest vworkspace. System Requirements. Version 7.2 MR1

Foglight Managing Microsoft Active Directory Installation Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Desktop Authority vs. Group Policy Preferences

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Dell Recovery Manager for Active Directory 8.6.0

Understanding and Configuring Password Manager for Maximum Benefits

DATA GOVERNANCE EDITION

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Toad for Apache Hadoop 1.2.0

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Understanding Enterprise Cloud Governance

Foglight. Dashboard Support Guide

Quest Privilege Manager Console Installation and Configuration Guide

Logging and Alerting for the Cloud

Achieve Deeper Network Security

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Dell Recovery Manager for Active Directory 8.6.3

CA Spectrum and CA Embedded Entitlements Manager

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

FOR WINDOWS FILE SERVERS

Enterprise Single Sign-On 8.0.3

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Security Explorer 9.5. About Security Explorer 9.5. New features. June 2014

Web Portal Installation Guide 5.0

Types of cyber-attacks. And how to prevent them

Foglight for Active Directory User and Reference Guide

2.0. Quick Start Guide

Active Directory Auditing: What It Is, and What It Isn t

Best Practices for an Active Directory Migration

Foglight. Managing Hyper-V Systems User and Reference Guide

Spotlight on Messaging. Evaluator s Guide

Transcription:

Dell One Identity Cloud Access Manager 8.0.1 - SonicWALL Integration Overview May 2015 Overview Functional highlights Functional details Legal notices Overview Support for Dell SonicWALL malware detection in Dell s Security Analytics Engine, provided with a Dell One Identity Cloud Access Manager installation, requires coordinated configuration with SonicWALL Next Generation Firewall (NGFW), Single Sign-On (SSO), Security Analytics Engine and Cloud Access Manager user authentication. This guide describes how to implement a typical deployment highlighting the required configuration to fully enable SonicWALL malware detections for Dell s Security Analytics Engine user access evaluations, when users access Cloud Access Manager applications. 1

Functional highlights In the following example a typical corporate network is used to illustrate how Dell SonicWALL, Dell s Security Analytics Engine and Dell One Identity Cloud Access Manager products are configured to enable Security Analytics Engine risk scoring. This is for Cloud Access Manager users who may have malware detections indicated by a SonicWALL Next Generation Firewall (NGFW), this environment includes: 1 A Cloud Access Manager installation configured for internal and external corporate user access. 2 Security Analytics Engine enabled for Cloud Access Manager step-up authentication, with the following: Security Analytics Engine policy for Cloud Access Manager configured to enable the Associated w/ Malware condition. The optional Security Analytics Engine SonicWALLProcessor service installed and configured to process malware detection information from the firewall. 3 At least one SonicWALL NGFW configured to monitor user Internet access, with the following enabled: Single-Sign-On enabled for user identification Gateway. Anti-Virus, Anti-Spyware and Intrusion Prevention features enabled. AppFlow configured to send malware detection flow information to the SonicWALLProcessor service. The following is a high level overview of the user actions and information flow; this is illustrated in Figure 1 with further details provided in Functional details: 1 An internal corporate network user, User1 in the MyCorp domain accesses the internet and encounters some malware. The user is authenticated using the firewall SSO feature; the malware is detected by the NGFW, and optionally blocked. 2 The firewall forwards the malware detection information to the Security Analytics Engine installation, including the IP address and SSO-provided domain and user name, for example: IP: 10.6.100.102 User: MyCorp\User1 3 Later, User1 accesses a Cloud Access Manager application from either inside the corporate network, or from the Internet. 4 Cloud Access Manager authenticates the user, detects the IP address and evaluates if the user is authorized to access the application. 5 As part of the authorization determination, Cloud Access Manager queries Security Analytics Engine to determine the user s risk score, and forwards the user name and IP information for processing by Security Analytics Engine. During the risk score evaluation, Security Analytics Engine will search for malware records received from the firewall and match them on either a user name or IP address, for example: Or Internal Access IP: 10.6.100.102 User: MyCorp\User1 Internet Access IP: 5.24.133.6 User: MyCorp\User1 2

Figure 1. Cloud Access Manager and Dell SonicWall deployment overview. 3

Functional details The following sections provide a more detailed breakdown of functionality related to the user authentication, malware detection and risk assessment steps highlighted in Functional highlights, this includes: Dell SonicWALL Single Sign-On Dell s Security Analytics Engine SonicWALLProcessor service Dell One Identity Cloud Access Manager user authentication Using split DNS to forward internal IP addresses to the Security Analytics Engine Dell SonicWALL Single Sign-On A key component of the malware detection information that enables Dell One Identity Cloud Access Manager and Security Analytics Engine risk score evaluations to associate users with malware detections is user identification by firewall. Without this feature, only IP address matches would function, which would limit the malware association capabilities of Security Analytics Engine and prevent external Cloud Access Manager users being associated with malware detection records. Many user authentication options are available with SonicWALL firewalls, but enabling integrated Single-Sign- On (SSO) capabilities that do not prompt the user for authentication credentials include a combination of the following SonicWALL user authentication options: Browser-based NTLM authentication using RADIUS to authenticate the users. Single Sign-On agent deployments provided by installing and configuring the SonicWALL Directory Services Connector. NOTE: We recommend you review the configuration options outlined in the SonicOS Administrator Guide as each option should be evaluated for compatibility requirements and potential limitations. The following example includes a combination of NTLM and SSO Agent configurations, where NTLM is preferred but SSO Agent fallback is used to seamlessly authenticate user access to web sites. The process of authenticating the user is illustrated in Figure 2 and described as follows: 1 An internal corporate network user, User1 in the MyCorp domain for example, accesses the internet and is authenticated using the firewall SSO feature. 2 Based on the Next Generation Firewall (NGFW) SSO configuration, one or more of the following SSO authentication steps is performed to identify the user as MyCorp\User1: a. NTLM negotiation is attempted with User1 s browser. The browser supplied credentials are forwarded to a configured RADIUS server for authentication and authorization policy evaluations. b. Alternatively, the NGFW may query an installed and configured SonicWALL SSO Agent (Directory Services Connector) for information related to the authenticated user on the source computer IP address. The SSO Agent can be configured with various options for determining the authenticated user, this includes: Parsing Domain Controller logs. Querying the computer in question using NetAPI or WMI protocols. 4

Figure 2. SonicWall Single Sign-On. Dell s Security Analytics Engine SonicWALLProcessor service In order to process malware detection information forwarded by the Dell SonicWALL Next Generation Firewall (NGFW) in AppFlow details, the optional Security Analytics Engine SonicWALLProcessor Service must be installed and configured to receive AppFlow information and forward malware detection records to the Security Analytics Engine web site. Once received by the Security Analytics Engine web site, the malware detection records are stored for subsequent risk score evaluations when users access Dell One Identity Cloud Access Manager applications. The process of malware detection information flowing from the SonicWALL NGFW through the Security Analytics Engine SonicWALLProcessor Service to the Security Analytics Engine web site is illustrated in Figure 3 and described as follows: 5

1 An internal corporate network user, User1 in the MyCorp domain for example, accesses the internet and the NGFW detects malware during the browsing activity. 2 Based on the AppFlow configuration in the NGFW, the malware detection details, including the IP address and SSO user details, are sent to the Security Analytics Engine SonicWALLProcessor Service as follows: IP: 10.6.100.102 User: MyCorp\User1 3 The Security Analytics Engine SonicWALLProcessor Service receives the malware detection details and forwards malware detection records to the Security Analytics Engine web site. Figure 3. Security Analytics Engine malware detection. 6

Dell One Identity Cloud Access Manager user authentication Cloud Access Manager provides several user authentication options through configured Front-End Authenticators (FEA) that can be used to provide user identification details for Security Analytics Engine to match Dell SonicWALL malware detection records. In the following example, both Active Directory and LDAP authenticator configuration details are provided that will support Security Analytics Engine and the SonicWALL malware record provided domain\user user name format: Active Directory Authenticator - User attributes that support the domain\user user name format are retrieved automatically. LDAP Authenticator Utilize LDAP user attributes that will enable user name correlation to SonicWALL malware records by correlating to the user attributes in the directory used for SonicWALL authentication, for example: Unique Id canonicalname (Active Directory) or distinguishedname (OpenLDAP). Login Name samaccountname (Active Directory) or Uid (OpenLDAP). Mail mail (Active Directory or OpenLDAP). The process of Cloud Access Manager authenticating internal and external users and forwarding IP address and user identification information to Security Analytics Engine for risk policy evaluation, including finding records associated with malware, is depicted in Figure 4 and described below: 1 User1 accesses a Cloud Access Manager application from either inside the corporate network, or optionally from the Internet. 2 Cloud Access Manager performs evaluations to determine whether the user s access to the application is authorized. 3 When the user is authenticated using either an Active Directory or LDAP FEA, user identification attributes are retrieved that detail the user identity and are used as part of the authorization evaluation, these include: Or Active Directory FEA Upn: MyCorp\User1 UniqueId: 0A2524D3-352D-4025-B6EE-7AC868D7A3D4 Mail: user1@mycorp.com LDAP FEA Upn: User1 UniqueId: CN=Corp User1,CN=Users,DC=mycorp,DC=com Mail: user1@mycorp.com 7

4 While determining authorization, Cloud Access Manager queries Security Analytics Engine to determine the user s risk score, and forwards the IP address and user attribute information for processing by Security Analytics Engine. During the risk score evaluation, Security Analytics Engine will search for malware records received from the firewall and match on either a user name or IP address. In the case where an LDAP FEA is used, the Security Analytics Engine evaluation will correlate the LDAP provided attributes to the mycorp\user1 format and match on either a user name or IP address. In the case where an LDAP FEA is used, the Security Analytics Engine evaluation will correlate the LDAP provided attributes to the mycorp\user1 format. Figure 4. Cloud Access Manager Front-end Authenticators and user identification. 8

Using split DNS to forward internal IP addresses to the Security Analytics Engine When Dell One Identity Cloud Access Manager notifies the Security Analytics Engine of a security event, it includes, as part of the contextual information, the IP address of the end-user s machine. Since users can access Cloud Access Manager from the internal network, as well as from the Internet, Cloud Access Manager must ensure that the correct IP address (internal or external) is reported. To ensure that the internal address is reported for connections coming from the internal network, split DNS must be configured for the Cloud Access Manager proxy hostname. 9

Legal notices 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Refer to our web site (software.dell.com) for regional and international office information. Trademarks Dell and the Dell logo, Dell One Identity Cloud Access Manager and Dell SonicWall are trademarks of Dell Inc.and/or its affiliates. Microsoft Active Directory is a registered trademark of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information