lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: alanme at (Alan Melia (Melmac))
Subject: Good Network Access Control solution using dot1x?

I can hear the wails as I paste this but ...

Network Access Quarantine Control in Windows Server 2003


This downloadable article provides a technical overview of the Network
Access Quarantine Control feature in the Windows Server 2003 family and
includes instructions on how to deploy it.

Included in This Document

How Network Access Quarantine Control Works

How to Deploy Network Access Quarantine Control

Alternate Configurations

Sample Quarantine Script

Appendix: Network Access Quarantine Control Requirements



[] On Behalf Of Ryan Sumida
Sent: 16 September 2004 20:43
Subject: [Full-Disclosure] Good Network Access Control solution using dot1x?

Hello Security Folk, 

Looking for a network solution to mitigate the virus/worm problems in our
university dorm network.  Has any one company moved ahead of the pack in the
port based NAC market?  I'm not sure if this is the best way to go but in
theory it would solve some of our problems.  At the moment our IPS is
blocking over 90,000 attacks/hour from the dorm area alone! 

A solution similar to Perfigo's CleanMachine product is what I have in mind
but with 802.1x support.  When end-users would like to get on the network
they start in a temporary restricted VLAN.  The system will then be scanned
(Nessus scan , etc.)  for vulnerabilities defined by the security policy.
If compliant then the mac is granted network access and the port is then
changing to a non-restricted VLAN.   If non-compliant the mac is put on
quarantine list and the port is then set to "jailed" VLAN.   

Anyone know of a good product that can do this or something similar?   


-------------- next part --------------
An HTML attachment was scrubbed...

Powered by blists - more mailing lists