Security Basics mailing list archives
RE: Network Access Quarantine
From: "Nagy Gergely" <gergely.nagy () is-energy hu>
Date: Thu, 22 Jan 2004 10:57:02 +0100
It seems a good idea, but how could you prevent connecting the client from the LAN? I mean if some client gets the "live" IP address and mybe hooked some network worm, that it can infect the whole network before checking for the compliance. I would need a "dummy" network scope with only one server for the check process. After the compliance check has succedded it can have a new ip address from the "live" IP scope. Or whatever. Thankx for all of you for the answers, but I would need some more specific way, how to start. I like the Cisco future solution, but I think that would not be too cheap for us to buy. Has anybody ever tested something like this? How does Blacice or Zone alarm Integrity Server works? Do I need a client agent to work? Are the clients connecting to the "live" network, or a dummy quarantine network? Any help would be appreciated... Br, Gergely Nagy -----Original Message----- From: Rosenhan, David [mailto:David.Rosenhan () swiftbrands com] Sent: Wednesday, January 21, 2004 7:41 PM To: Nagy Gergely; security-basics () securityfocus com Subject: RE: Network Access Quarantine Local users can be quarantined when using Zone alarm Integrity server or ISS (Black Ice) these are both server based firewalls (and host based IDS) that control the hosts on the network, if they don't have the virus updates you specify then they can't get on the network. David Rosenhan, CCNP Information Technology Ez a level virusellenorzesen esett at! This message was checked against viruses! --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Network Access Quarantine Nagy Gergely (Jan 21)
- Re: Network Access Quarantine JM (Jan 22)
- Re: Network Access Quarantine Steve (Jan 26)
- Re: Network Access Quarantine Random Task (Jan 27)
- <Possible follow-ups>
- RE: Network Access Quarantine Moody, Chris (Jan 21)
- RE: Network Access Quarantine Rosenhan, David (Jan 21)
- RE: Network Access Quarantine Nagy Gergely (Jan 22)
- RE: Network Access Quarantine Kuhl, Vince (DotComm) (Jan 21)
- Re: Network Access Quarantine Matthew Kemp (Jan 22)
- RE: Network Access Quarantine John Kingston (Jan 26)
- RE: Network Access Quarantine Shawn Jackson (Jan 26)
- RE: Network Access Quarantine Rosenhan, David (Jan 26)
- RE: Network Access Quarantine Adams, Tom (Jan 26)
- Re: Network Access Quarantine Jeff Friend (Jan 28)