Example use case 2: Credentials mapping

<< Click to Display Table of Contents >>

Raynet One > 1.1 > User Guide > Technical overview > Regular expressions 

Example use case 2: Credentials mapping

In the context of IT security, the distribution of strong and distinct device credentials is key. Different device credentials can be picked for different locations. Devices of different scope, internal-network-only or internet-exposed, tend to come with different credentials. It is important to establish a good structure spanning across all devices. In the following example, we take a look at a multi-location company with devices and credentials, and how regular expressions are used to map credentials to each device correctly.

Example company structure

There are offices in three locations: Paderborn (PB), New York (NY) and Tokyo (TKY). For security reasons, devices of each location are administered using different credentials. Additionally, devices are divided into either evaluation (EVAL) or production (PROD) purposes, each having different credentials.

Example credentials list

The following usernames are passwords are chosen, presented only for completeness.

 

PB: Admin deepblue

TKY: @am1n lightpurple

NY: 12ad34mn56n sevenstars

EVAL: evaladmin 12345eval (not reachable from the internet)

Regular expression format

The following structure is used for the device names.

 

[location][location device numeric identifier]-[device purpose]

 

The structure is matched by the following C# regular expression.

 

(PB|TKY|NY)\d+-(PROD|EVAL)

Configuring the credentials according to the structure

In order to automatically assign the credentials to the correct devices, you need to assign them to the a site (the Default site). Assign all of the devices to the same site. You can only assign regular expressions to site-assigned credentials.

 

The following list displays the relation between credentials and regular expressions.

 

PB regex: PB\d+-PROD

TKY/NY regex: similar to PB

EVAL regex: (PB|NY|TKY)\d+-EVAL

Remarks

Structuring the devices by their device name is an alternative to the Raynet One site/OU assignment.

Instead of locations of the same company, you can distinguish between different companies, from the viewpoint of a computer management specialist contractor.

Windows computer domains append their domain name to device names of devices assigned to them. Make use of this feature for simplified domain credentials targeting.