Use Cases

Basic NetReg Functions and Use Cases

The following instructions explain how to establish a contact role, claim subnets and IP addresses in order to receive security notices for network devices in your department.

Establish a contact role

Claim subnets and IP addresses for your contact role

You may claim whole subnets, or request individual IP addresses on other subnets by clicking "Subnet" and choosing from the options provided. (See https://netreg.security.berkeley.edu/help/ipaddress_index)

  • Subnets that your contact role claims are listed in black; those with individually claimed IP addresses are listed in gray.
    • Subnets can be expanded to show the individual IP addresses on those subnets, if any.
    • Claimed subnets can be abandoned by clicking the 'Abandon' button.
    • Unclaimed subnets are listed under the 'Claim Unclaimed Subnets' button.
    • Registering a subdomain will generate a "FYI IP addresses to transfer?" message to request IP addresses registered in that subdomain that do not already belong to your contact role.
  •  Individual IP addresses are transferred by initiating a request to another security contact.

Add any offsite hostnames in use by your department by clicking "Offsite Hostnames".
(See https://netreg.security.berkeley.edu/help/offsite_index)
You will receive security notices for all registered Subnets, IP addresses and offsite hostnames.


Use Cases

Use Case #1:

Your department has a number of sub-units that each manage their own network resources

Solution:  NetReg supports a parent-child relationship through “Group Contact Roles"

Group Contact Roles

  • Establish a contact role.
  • Claim subnets and IP addresses for your contact role.
  • Create Group Contact Roles for each sub-unit
    • Include an initial “first member” for each Group Contact Role
    • Check "Security Notices to parent also?” if notices should also go to your parent contact role
  • Now members of the Group Contact Roles can:
    • Claim subnets and IP addresses for their contact roles.
    • Add and remove members to the contact role
  • You can be a member of a parent and child contact role, but you need to switch between them using “Select Context"

Use Case #2:

You manage all devices for your department, but some labs, researcher groups, or other sub-units would also like to receive notices for their systems directly

Solution: NetReg supports additional notices through “CC CR IP addresses"

  • Establish a contact role
  • Claim subnets and IP addresses for your contact role
  • Select this contact role, and claim subnets and IP addresses assigned to your department
  • Create Group Contact Roles for each lab, facility, or other sub-unit that would like notices
  • Add CC IP Addresses for IP addresses belonging to each group

Use Case #3:

All of your department's IT resources are managed by CSS-IT

Solution: Add CSS-IT to your Contact Role as a “Service Provider"

  • Establish a contact role
  • Select this contact role, and select CSS-IT as the service provider
  • CSS-IT staff will add and remove network addresses for this contact role

Use Case #4:

Your department maintains some systems internally, while other systems are supported by CSS-IT

Solution: Create a “Group Contact Role” and add CSS-IT as a Service Provider

  • Establish a contact role
  • Claim subnets and IP addresses for your contact role
  • Create a Group Contact Role under your Department Contact Role and add yourself as a member
  • Select CSS-IT as the service provider for this contact role
  • CSS-IT staff will add and remove network addresses for this contact role

Use Case #5:

You are a database administrator, application developer, or otherwise support applications/middleware. The system administrators for the servers hosting your services now receive security notices, but you would like to get these notices as well

Solution: NetReg supports additional notices through “CC CR IP addresses"

  • Establish a contact role
  • Request CC IP Addresses for the systems hosting your services
  • The system administrators claiming these IP addresses will need to approve your request
  • Once approved, you will begin to receive security notices for these IP addresses

Please contact netreg@security.berkeley.edu for any questions, or additional support.