Have you ever been looking over your SonicWall logs and reports and thought, “I wonder who was at IP 192.168.1.56 streaming YouTube all day?” Or maybe you have wondered what user at IP 10.10.10.152 tripped the Gateway Anti-Virus signature AdvancedKeyLogger.M (Trojan). Had you been using the built in SonicWall feature, Single Sign On (SSO), you would have known that “Captain Goof Off” was the YouTube abuser and “Gullible Gary” got infected with a keylogger and you could have quickly addressed the lack of productivity and propensity for clicking links in emails.
These scenarios, along with several others, is why I’m going to take you through what SonicWall Single Sign On is and why you should be using it. In my experience, SonicWall users who aren’t currently utilizing SSO are doing so simply because they may not know it exists or don’t realize how simple it really is to implement.
What is Single Sign On?
SSO works behind the scenes to authenticate users on the network to the SonicWall with no additional action needed by the user. By authenticating users to the SonicWall you can take advantage of the many services included in the SonicWall appliance that utilizes user level authentication, such as Content Filtering Service (CFS), group membership, and App Control, in addition to showing usernames in the SonicWall Group Membership logs and within Cerdant’s own Pervidio Reporting solution.
How Does it Work?
The SSO process starts by syncing with Active Directory (AD) and installing the Directory Services Connector (SSO agent). The SSO agent needs to be installed on a Windows server, but preferably NOT a domain controller. Cerdant suggests installing a minimum of 2 SSO agents for redundancy. In the event one server goes offline, authentication can still occur. Installing the SSO agents is an extremely simple process and they are very light weight. Once synced to AD and with the SSO agent installed, a user’s traffic hits the SonicWall and the SonicWall queries the SSO agent by sending the IP address and requesting the username. The SSO agent then responds with the username, at which point the SonicWall checks LDAP for group membership for that user. The user is now authenticated to the SonicWall without even knowing anything was done behind the scenes.
Why Should You be Using it?
Very simply, utilizing SonicWall’s SSO feature is going to make applying web use access policies much easier and is going to give you better log and reporting insight, which in turn is going to make troubleshooting a variety of issues much easier. When using SSO and syncing with AD, you will be able to import AD users and/or groups. With these users/groups imported you can leverage the SSO feature so the SonicWall knows what user is logged in to a machine and assign Content Filter policies based on the users AD group. This allows you to assign a different Content Filter policy to different departments within your organization. For example, this would be very useful when someone in marketing may need access to social media, but you want to keep social media blocked for others because you know how much time Carl in accounting can waste when the temptation of Facebook is at his fingertips.
Utilizing SSO is also very beneficial in the reporting scenario presented at the beginning of this post. Whether you’re using SonicWall’s Analyzer reporting or Cerdant’s cloud based Pervidio Reporting, having usernames in your reports will save you significant time when troubleshooting a variety of issues and make your network traffic reporting even more powerful. I can personally attest to how valuable having this feature enabled has been when helping our customers respond to a potential breach. Time is of the essence when gathering information on the origin of potentially malicious traffic and time to resolution always comes back to the quality of network traffic visibility.
Below is an example of Cerdant’s Pervidio Web Usage report before and after implementing SSO.
If you are like most IT professionals, you need to be as efficient as possible and save time whenever and wherever you can. With networks constantly growing and becoming more complex, deploying SSO can not only give you more granular control over Content Filter policy assignment, it can make the task of tracking down users much easier. In my experience as a Senior Network Security Engineer, I’ve seen SSO save Network Administrators countless hours. They no longer spend precious time tracking down what MAC address was assigned an IP and cross reference this to what user has that device or refer to their ever-growing IP documentation to determine what user was assigned an IP address.
If you are interested in learning more about the SonicWall SSO feature or would like to start the implementation process and are already a Cerdant Managed Security customer, give us a call or open a support ticket in the mycerdant.com web portal and one of our engineers on staff will be happy to and assist. If you are not currently a Cerdant managed security customer, please call 877-616-9384 or email us to discuss our SonicWall support and consulting services.