RE: Network Access Quarantine

["Moody, Chris" <cmoody () qualcomm com>]

Sounds to me like you will need to do some heavy scripting.

What kind of switches do you have?  You can possibly have the switches
change the ports to different vlans...based on like arpwatch output (new
MAC detected launches a VLAN change script).  Once the machine passes
the "scan", you could then have the script change the ports back to the
"live" VLAN.  This will drop the user's connection however as their IP
will be invalid.  Something will have to trigger the DHCP request again
on the host (manual release/renew for M$...or a timer on a unix host).
Once they are located on the live VLAN, and get the 2nd DHCP ack...they
should be good to go.

Sounds like an AWFUL lot of work however.  Why not just develop some
other strategy for scanning the machines while they are live?

Perhaps define/describe your situation and goals in more detail...and we
can think of other solutions.

Cheers,
~Chris


-----Original Message-----
From: Nagy Gergely [mailto:gergely.nagy () is-energy hu] 
Sent: Tuesday, January 20, 2004 11:50 PM
To: security-basics () securityfocus com
Subject: Network Access Quarantine

Hi all,

Do you have a solution for the following:

I would need a DHCP quarantine which works as a virtual lan or
something.
The main role would be to check all the PCs that connect to the LAN for
security patches and viruses before leting them to connect to the real
one.
If they comply to the company policy they can be forwarded to the real
and
live network where they can work as usualy the do.

I have searched the net, but couldn't find anything like this. I could
find
this solution for dial-in and VPN users, but not for local ones.

Any help would be kindly appreciated.

Greg



Ez a level virusellenorzesen esett at!

This message was checked against viruses!





Ez a level virusellenorzesen esett at!

This message was checked against viruses!



------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------