Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1434
Views
1
Helpful
8
Replies

Biomed Devices profiling

Go to solution
ecanogut
Cisco Employee
Cisco Employee

‎10-10-2017 05:44 PM

Hello everyone,

One of my customer is looking for best practices for biomed devices profiling, does any one know which probe(s) can we use for this purpose? which type of information does a biomed device can send to ISE?.

Your answer is really appreciated.

thank you very much.

1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎10-11-2017 04:31 AM

ISE has the same tricks in its bag for profiling biomed devices as it does for any device:

DHCP attributes from IOS device sensor or IP helper forwarding

LLDP/CDP attributes from IOS device sensor or SNMP polling

NMAP scans

DNS reverse lookups

OUI mappings

Active Directory (wouldn't apply here)

You can take a look at the ISE Medical NAC profile library as a place to start:

Cisco ISE Medical NAC Profile Library

But really it comes down to looking at what ISE can learn about devices using its standard profiling techniques, find common attributes and crafting your profiling policies.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
paul
Level 10
Level 10

‎10-11-2017 04:31 AM

ISE has the same tricks in its bag for profiling biomed devices as it does for any device:

DHCP attributes from IOS device sensor or IP helper forwarding

LLDP/CDP attributes from IOS device sensor or SNMP polling

NMAP scans

DNS reverse lookups

OUI mappings

Active Directory (wouldn't apply here)

You can take a look at the ISE Medical NAC profile library as a place to start:

Cisco ISE Medical NAC Profile Library

But really it comes down to looking at what ISE can learn about devices using its standard profiling techniques, find common attributes and crafting your profiling policies.

0 Helpful

Go to solution
ecanogut
Cisco Employee
Cisco Employee
In response to paul

‎10-11-2017 07:17 AM

Hi  Paul,

That makes sense from the profiling perspective, will try two or three probes and will share the results.

Thank you very much .

Regards.

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to ecanogut

‎10-11-2017 07:38 AM

I usually run all of those profilers and see what information I learn to help develop my profiling policies.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to paul

‎10-12-2017 04:35 AM

I also recommend reviewing the whitepaper under www.cisco.com/go/medicalnac as I explain in more detail the profiling methods currently available and their pros and cons.   Stay tuned!

0 Helpful

Go to solution
ecanogut
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎10-12-2017 07:40 AM

Awesome resource! Thanks a lot

0 Helpful

Go to solution
ecanogut
Cisco Employee
Cisco Employee
In response to paul

‎10-12-2017 07:36 AM

Alright Paul, sounds like a good strategy to get as much information as possible, Im wondering if I run all the probes the CPU load will increase considerably?

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to ecanogut

‎10-12-2017 07:45 AM

I haven’t had an issues on any of my many deployments running the profilers and collecting as much data as I can.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

0 Helpful

Go to solution
ecanogut
Cisco Employee
Cisco Employee
In response to paul

‎10-12-2017 08:05 AM

It is good to know, let's try it and see what happen!.


Thanks again for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents