8.1.1.1. Multiplatform Agent - Introduction
The OpenNAC Agent is an application used in the OpenNAC Enterprise solution that allows you to have greater control and security over the devices that connect to a network. In this way, the openNAC Multiplatform Agent is capable of extracting information from the device and generating and storing this data so that it can be reviewed in the PpenNAC portal itself. In addition to this, the Agent also includes functionalities such as an embedded VPN connection and execution of scripts.
8.1.1.1.1. User Community Description
The Agent users can be individuals who require secure authentication and the security checks provided by OpenNAC Enterprise. These users can include third-party clients of companies utilizing the OpenNAC Enterprise solution, who wish to offer rule-based policy management, control over user and network devices, and other related features to their employees or clients. Users who install the legacy openNAC Agent use the Windows operating system.
8.1.1.1.2. Supported Operating Systems
ON Agent is supported on the following Operating Systems:
OS |
Version |
|---|---|
Linux Mint |
20 |
21 |
|
Ubuntu |
20.04 |
22.04 |
|
22.10 |
|
Windows |
10 |
11 |
|
MacOS |
Big Sur 11 |
Monterey 12 |
|
Ventura 13 |
Note
All the supported OS are of 64 bits.
8.1.1.1.3. Functional Description
The legacy Agent extracts information from the device running the application and allows visibility. This information is manually obtained if the user executes a manual gather, or automatically obtained from time to time. This gather is automatically executed every 24 hours by default with a full scan, and every 1 hour by default with a normal scan. The difference between full and normal scans are that the first will send more information to openNAC, it is what we call a full payload, otherwise, it will be a light payload.
The Agent also allows scripts execution. These scripts are executed whenever a payload is sent to the server and it sends the script to the Agent in response. The Agent then runs the script and executes a new full scan that will be sent to the server along with the script execution result.
Apart from the scan and scripts execution, the user can use the same application to connect to a VPN by using an OpenVPN configuration file.
This application uses Microsoft’s own libraries, files, and registers to obtain information about hardware, processes, security center, certificates, USB devices, etc. This is limited, since we need an application that can be used on all three platforms (Windows, Mac, Linux) with the same code or with small changes. This way, it would be easy to maintain and update it.
A functionality not visible to the user is the blocking USB devices based on USB policies received from OpenNAC Enterprise. That is, the Agent receives this information from OpenNAC Enterprise and if a new USB device is detected, its use can be disabled.
8.1.1.1.4. Technical Architecture
Type of process: The openNAC Agent extracts information from the system through Microsoft files and commands, and communicates the tasks carried out to the openNAC Core.
Major components: The major component of this application is a core server that receives data from the Agent. In addition, this server executes an API that contains one of the necessary calls for the agent, which is to post the information obtained from the device.
Data collected and managed: The information that the daemon service collects is that of the device, such as its hardware and operating system details, its network interfaces, its security status, the installed softwares, the processes running, the certificates, the connected USBs, the active Bluetooth connections, its WIFI and networks status, and its connection status to a VPN from the Agent itself. This information is collected internally and sent to the openNAC Core server when a scan is executed or when changes occur. For example, in a network interface, an updated software or in a security posture.
Application architecture: Two-tier architecture, as the Agent is a taskbar for user interaction and a daemon to execute tasks. A core server stores this information.
Programming language: The agent application is built on .NET framework using the C++ and C# programming languages.
Hardware platform: Any processor that executes Windows operating system.
User interface: A taskbar for user interaction and a daemon that makes the service listen to the client executed actions.
Network architecture: The taskbar works as a client that sends information to the running service as a server in same local area network. That daemon service communicates with an openNAC Core server through the same network in VPN connection.
System host: OpenNAC datacenter.
Maintenance: Maintenance is carried out by the Open Cloud Factory developer team.