Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of profiles. These profiles include a wide range of device types, including mobile clients (iPads, Android tablets, Chromebooks, and so on), desktop operating systems (for example, Windows, Mac OS X, Linux, and others), and numerous non-user systems such as printers, phones, cameras, and game consoles. Cisco ISE Profiling also covers the Internet of Things (IoT) by classifying building automation including devices used to control heating, ventilation, and air conditioning (HVAC), power and lighting systems, as well as vertical-specific endpoints such as healthcare patient monitors and imaging devices, as well as manufacturing controllers and sensors.
In general, the HTTP probe provides a high level of fidelity for detecting client OS types via User-Agent. The HTTP probe is recommended when a policy based on platform or operating system is required, particularly for wireless environments where customers often need to provide differentiated based on device type (desktop or mobile).
Figure 64 shows an example of UDP and TCP ports often used to allow remote desktop sharing. Such a scan could be triggered against specific clients and detect if they may be violating company policy, or simply allowing remote control from external systems. 2b1af7f3a8