Cisco Cisco Identity Services Engine 1.3 백서
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 27
What Is Profiling?
Profiling in Cisco ISE is the automated process of device discovery and classification. It is based on the use of
collectors, called probes, as well as on other sources of endpoint context. Probes use specific methods and
protocols to collect attributes about each endpoint. The specific information a probe collects depends on the
protocol and method implemented.
collectors, called probes, as well as on other sources of endpoint context. Probes use specific methods and
protocols to collect attributes about each endpoint. The specific information a probe collects depends on the
protocol and method implemented.
Cisco ISE supports various probes, each capable of capturing different endpoint data. Raw data for a given
endpoint is parsed and stored in the ISE internal endpoint database. Relevant endpoint attributes are then
analyzed against a library of fingerprinting rules known as Profiler policies. Different attributes and rules can have
different weighting factors in the final endpoint classification depending on the reliability of the data.
endpoint is parsed and stored in the ISE internal endpoint database. Relevant endpoint attributes are then
analyzed against a library of fingerprinting rules known as Profiler policies. Different attributes and rules can have
different weighting factors in the final endpoint classification depending on the reliability of the data.
ISE Probes to Classify Healthcare Devices
Different profiling probes contribute different information about each endpoint. In some cases, the same data is
collected by different probes. The challenge is to deploy the probes that optimize the collection while adding unique
value to the classification. In addition to enabling specific probes in Cisco ISE, the network must be configured to
support collection, and the collection points must include relevant data.
collected by different probes. The challenge is to deploy the probes that optimize the collection while adding unique
value to the classification. In addition to enabling specific probes in Cisco ISE, the network must be configured to
support collection, and the collection points must include relevant data.
The Cisco ISE Profiler includes the following probes and context sources for collecting endpoint attributes used to
classify medical devices:
classify medical devices:
●
RADIUS
●
SNMP
●
DHCP
●
HTTP
●
DNS
●
Network scan (Nmap)
●
NetFlow
●
AnyConnect
®
Identity Extensions (ACIDEX)
●
Device Sensor
The following section reviews the probes available in ISE. It explains how they work, what data they collect, and
how they are used in medical profiling. Some best practices for implementation are offered. For a more detailed
review of ISE profiling and probes, please refer to the
how they are used in medical profiling. Some best practices for implementation are offered. For a more detailed
review of ISE profiling and probes, please refer to the
RADIUS Probe
The RADIUS probe parses RADIUS AAA requests sent to the ISE policy service node and extracts attributes such
as the MAC and IP addresses along with other connection information such as the network access device, port,
VLAN, and authentication method.
The RADIUS probe parses RADIUS AAA requests sent to the ISE policy service node and extracts attributes such
as the MAC and IP addresses along with other connection information such as the network access device, port,
VLAN, and authentication method.
The MAC address is a basic but important attribute. The first three bytes of this 6-byte address defines the
Organizationally Unique Identifier (OUI) that uniquely identifies a vendor, manufacturer, or other organization
worldwide. Since many medical devices are manufactured by companies with a specialized focus on healthcare,
the OUI can be extremely useful in detecting medical devices and in some cases the specific device type or
function.
Organizationally Unique Identifier (OUI) that uniquely identifies a vendor, manufacturer, or other organization
worldwide. Since many medical devices are manufactured by companies with a specialized focus on healthcare,
the OUI can be extremely useful in detecting medical devices and in some cases the specific device type or
function.