[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Good Network Access Control solution using dot1x?
- To: Ryan Sumida <rsumida@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] Good Network Access Control solution using dot1x?
- From: "Buelna, Derek" <derek.buelna@xxxxxxxxxxxxxxxx>
- Date: Thu, 16 Sep 2004 14:20:50 -0700
I wrote a paper on enforcing policy at the perimeter that you might find
useful. http://www.giac.org/practical/GSEC/Derek_Buelna_GSEC.pdf
<http://www.giac.org/practical/GSEC/Derek_Buelna_GSEC.pdf>
Cheers,
-Derek
_____
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Ryan Sumida
Sent: Thursday, September 16, 2004 12:43 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Good Network Access Control solution using dot1x?
Hello Security Folk,
Looking for a network solution to mitigate the virus/worm problems in our
university dorm network. Has any one company moved ahead of the pack in the
port based NAC market? I'm not sure if this is the best way to go but in
theory it would solve some of our problems. At the moment our IPS is blocking
over 90,000 attacks/hour from the dorm area alone!
A solution similar to Perfigo's CleanMachine product is what I have in mind but
with 802.1x support. When end-users would like to get on the network they
start in a temporary restricted VLAN. The system will then be scanned (Nessus
scan , etc.) for vulnerabilities defined by the security policy. If compliant
then the mac is granted network access and the port is then changing to a
non-restricted VLAN. If non-compliant the mac is put on quarantine list and
the port is then set to "jailed" VLAN.
Anyone know of a good product that can do this or something similar?
Regards,
Ryan