Use Cases

Basic NetReg Functions and Use Cases

The following instructions explain how to establish a Security Contact, claim subnets and IP addresses in order to receive security notices for network devices in your department.

Establish a Security Contact:

Claim subnets and IP addresses for your Security Contact

You may claim whole subnets, or request individual IP addresses on other subnets by clicking "Subnet" and choosing from the options provided. (See https://netreg.security.berkeley.edu/help/ipaddress_index)

  • Subnets that your Security Contact claims are listed in black; those with individually claimed IP addresses are listed in gray.
    • Subnets can be expanded to show the individual IP addresses on those subnets, if any.
    • Claimed subnets can be abandoned by clicking the 'Abandon' button.
    • Unclaimed subnets are listed under the 'Claim Unclaimed Subnets' button.
    • Registering a subdomain will generate a "FYI IP addresses to transfer?" message to request IP addresses registered in that subdomain that do not already belong to your Security Contact.
  •  Individual IP addresses are transferred by initiating a request to another security contact.

Add any offsite hostnames in use by your department by clicking "Offsite Hostnames".
(See https://netreg.security.berkeley.edu/help/offsite_index)

You will receive security notices for all registered Subnets, IP addresses and offsite hostnames.


Use Cases

Use Case #1:

Your department has a number of sub-units that each manage their own network resources

Solution:  NetReg supports a parent-child relationship through “Group Security Contacts"

Group Security Contacts

  • Establish a security contact
  • Claim subnets and IP addresses for your security contact
  • Create Group Security Contacts for each sub-unit
    • Include an initial “first member” for each Group Security Contact
    • Check "Security Notices to parent also?” if notices should also go to your parent Security Contact 
  • Now members of the Group Security Contacts can:
    • Claim subnets and IP addresses for their Security Contacts
    • Add and remove members to the Security Contact
  • You can be a member of a parent and child security contact, but you need to switch between them using “Select Context"

Use Case #2:

You manage all devices for your department, but some labs, researcher groups, or other sub-units would also like to receive notices for their systems directly

Solution: NetReg supports additional notices through “CC SC IP addresses"

  • Establish a Security Contact
  • Claim subnets and IP addresses for your Security Contact
  • Select this Security Contact and claim subnets and IP addresses assigned to your department
  • Create Group Security Contacts for each lab, facility, or other sub-unit that would like notices
  • Add CC IP Addresses for IP addresses belonging to each group

Use Case #3:

All of your department's IT resources are managed by IT Client Services

Solution: Add IT Client Services to your Security Contact as a “Service Provider"

  • Establish a Security Contact 
  • Select this Security Contact and select IT Client Services as the service provider
  • CSS-IT staff will add and remove network addresses for this contact role

Use Case #4:

Your department maintains some systems internally, while other systems are supported by IT Client Services

Solution: Create a “Group Security Contact” and add IT Client Services as a Service Provider

  • Establish a Security Contact
  • Claim subnets and IP addresses for your Security Contact 
  • Create a Group Security Contact under your Department Security Contact and add yourself as a member
  • Select IT Client Services as the service provider for this Security Contact
  • IT Client Services staff will add and remove network addresses for this Security Contact 

Use Case #5:

You are a database administrator, application developer, or otherwise support applications/middleware. The system administrators for the servers hosting your services now receive security notices, but you would like to get these notices as well

Solution: NetReg supports additional notices through “CC SC IP addresses"

  • Establish a Security Contact 
  • Request CC IP Addresses for the systems hosting your services
  • The system administrators claiming these IP addresses will need to approve your request
  • Once approved, you will begin to receive security notices for these IP addresses

Use Case #6:

You are a researcher within a large department.  As part of your research you have restricted data on a server managed by IST in the data center.

Solution:  Create a Group Security Contact under your Department Security Contact

  • Request the group from your Department Security Contact, providing its name, security notice email address and other information.

  • Register your Restricted Data (RD) Application to your new Security Contact, including protection level, number of records, etc.

  • Add components (IP Addresses, Devices, etc.,) to the RD Application even if those assets belong to other security contacts.


Please contact netreg@security.berkeley.edu for any questions, or additional support.