Re: Bulk blocking of all devices in Aruba ClearPass?

[Steve Smith <steve.smith () AIMS EDU>]

Hi Michael,

Thank you...Kelly emailed me directly.

Steve

On Tue, Jun 8, 2021 at 2:04 PM Michael Avers <michael.avers () aims edu> wrote:

> We've built a "Blocked" profile and logic for it looking for a Tips
> attribute that can be used for this. The original intent for this was for
> blocking suspected compromised devices.  If you know what devices you want
> to block, it is a pretty easy process to bulk add the attribute in case of
> a large-scale issue.
>
> This is assuming the devices you want to block are known.  If they are
> unknown, you'd have to figure out some specifics (MAC OUIs, fingerprint
> info, etc) to key off of to build a policy that will assign the profile.
>
> Best regards,
>
> Michael Avers
> Network Administrator II
> Network and Telecommunications Services
> Aims Community College
> 970.339.6400
> michael.avers () aims edu
> 5401 W. 20th Street
> Greeley, CO, 80634
> www.aims.edu
> Virtual Tour <https://www.aims.edu/prospective/campus-tour.php#>
> <https://www.aims.edu/about/social-media/>
>
>
> [image: Aims Community College Top Work Places 2018 - The Denver Post]
>
>
>
> On Tue, Jun 8, 2021 at 1:15 PM Catherine Ullman <cende () buffalo edu> wrote:
>
> > Greetings!
> >
> >
> >
> > I’ve been asked to reach out and ask whether any of your institutions who
> > use Aruba Clearpass have a policy or procedure for bulk blocking of devices
> > in the event of something like a ransomware attack.  If you do any of you
> > have such a thing, are you willing to share?  Thank you in advance!
> >
> >
> >
> > Best,
> >
> > Cathy
> >
> >
> >
> >
> >
> > Dr. Catherine J Ullman
> >
> > Senior Information Security Forensic Analyst
> >
> > Information Security Office
> >
> > University at Buffalo
> >
> > cende () buffalo edu
> >
> >
> >
> >
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=FcIeZ6Ccb3dPAcLawMahccf3KmVlVPqb4seW7g60QfA&m=jVJzYMqe7rxl-ex-WwOQ4gBNmiOjZBqu5TFXBT0pJx4&s=bblB8MzNy5WsgCbgzkzRL-qDZzx9ZQ0bmQ1pmpryqpE&e=>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=spdyCQlbcMzVK9-MvWb-WQ&r=FcIeZ6Ccb3dPAcLawMahccf3KmVlVPqb4seW7g60QfA&m=jVJzYMqe7rxl-ex-WwOQ4gBNmiOjZBqu5TFXBT0pJx4&s=bblB8MzNy5WsgCbgzkzRL-qDZzx9ZQ0bmQ1pmpryqpE&e=>


-- 
Steve Smith
Network Administrator II
Network and Telecommunications Services
Aims Community College
970.339.6565

[image: Aims Community College - Community of Care]
steve.smith () aims edu <michael.avers () aims edu>
5401 W. 20th Street
Greeley, CO, 80634

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community