Introduction to Ray Blacklists:
In this article we are going to talk about device network access controls using blacklists and whitelists in the Ray cloud platform.
As we are all familiar with the challenges associated with not having complete control over what devices connect to your network, Whether its your Wireless network or the wired LAN.
In most cases we try our best to ensure that we setup security measures to ensure that all devices connecting to our network are authorized and authenticated before they can join our network. This is usualy done either through a pre-shared Password incase of Wi-Fi networks or using 802.1X on the wired LAN network.
The authentication methods above however are sometimes not sufficient to restrict access to the network as things like Passwords can be shared or leaked which leads to anyone with the credentials being able to access the network.
Sometimes network administrators are advised to frequently change their network authentication passwords to combat things like leaked Wi-Fi passwords in order to ensure unauthorized devices that may have gotten access to leaked passwords cannot use them to gain access to the network.
Frequently changing network access passwords and credentials solves half of the problem of unauthorized devices network access.
Changing network access passwords can be sufficient in small networks where fewer users are expected to access the network. This solution however stops being scalable when the network you are trying to secure is big with over 60 legitimate users and only a few (less than 20 users) un- authorized devices that may have gotten access to the network password.
This would require the network admin to share new credentials with all the 60 legitimate users which can be a hectic task.
Another major issue not addressed by frequently changing network accesss passwords is one that involves legitimate network users with access to network credentials connecting their personal devices such as Tablets which are not allowed on the corporate network.
The above challenges can be addressed by using Blacklists and Whitelists in Ray.
BLACKLISTS IN RAY:
What is a blacklist?
So before we show you how to use blacklists, we need to explain what a blacklist means in networking terms. A blacklist is list of devices in a computer network that are blocked usually by a network administrator from communicating with or logging into a computer or a network.
How are blacklists created?
Unlike Whitelists, Blacklists are not usually implemented during the deployement of a network but is a security mechanism that involves the continuous and gradual process of identifying and blocking devices connected to the network that are unknown, have violated network security polices or have not been approved by the network administrator to connect to the network.
Blocked network devices are typically manually identified by their IP addresses, user IDs, domains, email addresses or MAC addresses by the network administrator and added to the blacklist.
In some cases software or networks security devices like integrated firewalls, IPS and IDS can automatically detect network devices that show malicious traffic patterns and automatically block them and add them to the blacklist to prevent security breaches.
Blacklist is a gradually populated list of network devices that have been identified and intentionally blocked and restricted from accessing the network either by the network administrator or by a security software of firewall.
Note: Devices that are in the blacklist are devices that have initially successfully connected to the network but were identified and blocked in order to deny them access to the network. So in order for a device to be added to the blacklist, it needs to first get connected and gain access to the network.
HOW TO BLACKLIST DEVICES ON THE RAY CONTROLLER:
In the above section we have explained how Blacklists work. The concept being to look at client devices already connected to the network and identifyng and blocking the devices or users we no longer want to grant access to our network by revoking their access to our network through adding them to a Blacklist.
Steps to Blacklist devices in Ray:
STEPS 1,2 and 3:
In order to blacklist client devices in Ray, From our Ray cloud controller we need to navigate to the Clients tab then make sure we are on the Devices sub-menu as highlighted in step 2 of image below.
Next we need to identify the device we would like to block by adding it to our blacklist. For purposes of illustration, in this example from our list of Client devices connected to our network, we are going to use client device with name of tanvi MAC address of 00:0c:29:c8:72:f7
Step 3 will be clicking the action button next to Client device of tanvi. The action button is indicated by 3 dots and highlighted by circle in step 3 as shown in image below.
See Image below of screenshot showing above steps 1,2 & 3:
STEP 4:
On successfully following and completing Steps 1 to 3, clicking on the action button will present a pop-up box with a list of actions. Select the add to Blacklist action with a Padlock icon which is highlighted by a rectangle and shown as step 4 in image below..
See Image below of screenshot showing the above step 4:
STEP 5:
Step 5 is a continuation of step 4 and a confirmation of action taken above in step 4.
On clicking the add to Blacklist action button from step 4, you will receive a pop confirmation box asking you to Confirm that you want to add device to Blacklist. Click on OK button highlighted by green rectangle labelled step 5 to confirm.
See Image below of screenshot showing Confirmation pop-up described above in Step 5:
STEP 6:
At this point we would have already completed adding our device to the Blacklist by the actions taken from previous Steps 4 & 5. The client device tanvi in this example should no longer be able to access our network.
In step 6 we want to verify that client device tanvi has been added to our blacklist. To do this verification we need to click on the action button next to client device tanvi as shown by image below highlighted by green Square labelled step 6.
See images below of screenshots showing verifications step 6:
On clicking action button from image above step 6. there are 2 indicators that our client device tanvi is now a Blacklisted device.
The First incator of a Blacklisted device is the device name and MAC address will be in listed in italics font at the Clients device tab. See tanvi client device listed in italic font in image below. we have underlined tanvi device and MAC address 00:0c:29:c8:72:f7 to show the italic fonts used to identify blacklisted devices.
The Second indicator of a Blacklisted device is the lists of actions in the action menu button of client, changes from the dark padlock icon Add to Blacklist action shown in Step 4. to a An Outline Unlock action Remove from Blacklist action shown in image below.
See image below for verifcation of Blacklist devices described above:
VERIFICATION AND LOCATION OF BLACKLISTED DEVICES:
Blacklisted devices can still connect to the network either through a switch port or Wi-Fi network and will still appear in the controller in the clients tab. however they will not be able to communicate on or use any of the network resources.
In previous section above in step 6 we showed you how to identify clients that are connected to the network but have been Blacklisted by using indicators such as italics font on device name, MAC address and action menu button.
In the final section of the this article, we are going to show you how to view clients that may have been previously blacklisted on the network but are currently not connected to the network and not visible in the list of clients on dashboard clients view of Ray controller.
This will also show the location of the blacklist and we shall see option to remove Blacklisted clients from the Blacklist.
Steps to follow:
To view blacklisted clients and the location of the Blacklist, we need to go to the
Profiles tab in controller-->, navigate to available profiles---> click on Wlan sub-menu----> On the list of Available Wlan profiles, we need to click on the actions menu button next to our Wlan profile. in this example Ray.
On the actions popup box, we shall select view:.
Summary of steps:
- Profiles
- Available profiles
- Wlan
- Select the wlan profile you have blacklisted users and click action menu
- On action menu popup select view.
See Image of screenshots describing the above steps below:
On completing the above steps and clicking the view action from the Ray Wlan profile, A Popup window will show up with the detials of our Ray Wlan profile.
To views our Blacklist, we need to click on the Whitelist/Blacklist tab highlighted with a green rectange in image below.
In the Whitelist/Blacklist tab you will be able to see our blacklisted client devices. see tanvi client device and MAC address that we blacklisted earlier in previous step 4 marked with green star marker..
All the client devices that we blacklist from the clients tab in the future, will be added and populated on this list.
To remove a blacklisted device and re authorize network access for a client on the blacklist, We need to remove the client device from the blacklist shown in image below by clicking on the delete icon highlighted by Red star marker in image below.
See Image of screenshot showing above actions:
This marks the end of article about Blacklists in Ray.
Check out our article about Whitelists in Introduction to Ray Whitelists
We hope this article was helpful.?
Thank you