Flashcards in Chapter 8 - Classification Deck (10):
What happens if the endpoint does not match any of the conditions specified by the sub-rules?
It will be classified as “unclassified.”
Explain how to classify a specific unclassified endpoint as new device type?
Manually create a new sub-rule and place it above the Unclassified endpoints sub-rule.
Can Groups names created after using a classification policy template be changed?
Yes. You can rename them in the group manager.
What information is needed for asset classification?
• OS fingerprints • OS type (NMAP profile) • Open ports • Hardware properties, such as Network Interface Card (NIC) vendor (Media Access Control [MAC]) • Service banners
How do classification policies organize network assets?
Setting different categories or sub-rules
Give examples of criteria used for network asset classification.
infrastructure devices (printers, scanners..)
Give examples of active data collection done through policy classification.
OS fingerprints • OS type (NMAP profile) • Open ports • Hardware properties, such as Network Interface Card (NIC) vendor (Media Access Control [MAC]) • Service banners
Give examples of passive data collection done through policy classification.
• Device behavior • Traffic detection • HTTP User Agents • Authorization Traffic
Give examples of the types of network activities that CounterACT can classify.
*Monitor 802.1X requests to the built- in or external RADIUS server
*Monitor DHCP requests to detect when a new host requests an IP address
*Optionally monitor a network SPAN port to see network traffic such as HTTP traffic and banners