1.5.2. Release 1.2.2-2

Release date: 28.10.2021

The new changes in this release are the following:

1.5.2.1. openNAC Authentication

  • New VPN access system with double authentication factor: One Time QR.

The system generates a QR image associated with the user. By scanning the QR, the user obtains an OTP seed that is saved in Google Authenticator/Password wallet. This seed registered in the generation software will generate a code every 30 seconds, with which, together with their credentials, the user will be able to access the VPN.

This QR image has a lifetime and a scan limit, which improves system security.

  • Support for change authorization functionality with Juniper and HP1920 devices.

  • Authorized LDAP users are allowed to be used in the admin portal to authenticate in the administration portal.

1.5.2.2. Devices profiling

  • Device profiling by TAGS added by default according to the network to which they belong.

Functionality that allows assigning TAGs by default to the Network Devices that belong to a Network. This can be useful to add network-based profiling and, for example, provide information about the location of the devices.

  • Improvement of the Discover plugin.

    Improved the ability to search HTML files for device profiling.

  • Redesign of the TAG DPA_ improving the information provided on the precision of the profiling.

    Improvement of the information provided for the devices precision, indicating the number of profiling rules that are met to determine what profile a devices should have.

  • Design of new TAGs to add profiling features to devices.

    • CWF_{workFlowName}: identification of the workflow from which a User Device comes.

    • PP{1-9}_*: tags that indicate the device profile. Each device will be assigned from 1 to 9 tags PP1, PP2…PP9, for example: PP1_DESKTOP, PP2_DESKTOP_WINDOWS.

1.5.2.3. Usability

  • Improved operator help messages.

    New alert messages and confirmation of changes.

1.5.2.4. Changes to consider

  • Modification of the attribute used for the openNac policies of the VPN use case. Changes from Cisco-AVPair to OpenNAC-VPNGW-Role in the case of openvpn and VPNGW-Role in the case of wireguard.

  • The type of user data source “AD / LDAP” has been separated to two different “AD” and “LDAP”. All the existing ones have come to be considered of type “AD”. If your user data source is an LDAP you must edit it and configure it as “LDAP” in the user data sources.