| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200409162021.i8GKLfP24270@netsys.com> From: alanme at melmac.co.uk (Alan Melia (Melmac)) Subject: Good Network Access Control solution using dot1x? I can hear the wails as I paste this but ... http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx Network Access Quarantine Control in Windows Server 2003 Summary This downloadable article provides a technical overview of the Network Access Quarantine Control feature in the Windows Server 2003 family and includes instructions on how to deploy it. Included in This Document . How Network Access Quarantine Control Works . How to Deploy Network Access Quarantine Control . Alternate Configurations . Sample Quarantine Script . Appendix: Network Access Quarantine Control Requirements Alan _____ From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ryan Sumida Sent: 16 September 2004 20:43 To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Good Network Access Control solution using dot1x? Hello Security Folk, Looking for a network solution to mitigate the virus/worm problems in our university dorm network. Has any one company moved ahead of the pack in the port based NAC market? I'm not sure if this is the best way to go but in theory it would solve some of our problems. At the moment our IPS is blocking over 90,000 attacks/hour from the dorm area alone! A solution similar to Perfigo's CleanMachine product is what I have in mind but with 802.1x support. When end-users would like to get on the network they start in a temporary restricted VLAN. The system will then be scanned (Nessus scan , etc.) for vulnerabilities defined by the security policy. If compliant then the mac is granted network access and the port is then changing to a non-restricted VLAN. If non-compliant the mac is put on quarantine list and the port is then set to "jailed" VLAN. Anyone know of a good product that can do this or something similar? Regards, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040916/bbbcfa0c/attachment.html
Powered by blists - more mailing lists