Security Basics mailing list archives
RE: Network Access Quarantine
From: "Rosenhan, David" <David.Rosenhan () swiftbrands com>
Date: Fri, 23 Jan 2004 08:26:07 -0700
From what ISS and Zone Alarm showed us when they came out to demo the
products it looked as though the firewall allowed the user to get an IP address and login to the domain, and that was as far as the user got, we tried to replicate a few issues and it looked like the firewall and host based IDS stopped all other outgoing traffic created by the client until the server that controls the firewall allowed the user onto the network. I would suggest you take a good look at their websites, go to Zone Alarms website and the website for ISS (black ice). The firewall that seemed to work the best was ISS but was more difficult to configure. It seems a good idea, but how could you prevent connecting the client from the LAN? I mean if some client gets the "live" IP address and mybe hooked some network worm, that it can infect the whole network before checking for the compliance. I would need a "dummy" network scope with only one server for the check process. After the compliance check has succedded it can have a new ip address from the "live" IP scope. Or whatever. Thankx for all of you for the answers, but I would need some more specific way, how to start. I like the Cisco future solution, but I think that would not be too cheap for us to buy. Has anybody ever tested something like this? How does Blacice or Zone alarm Integrity Server works? Do I need a client agent to work? Are the clients connecting to the "live" network, or a dummy quarantine network? Any help would be appreciated... Br, Gergely Nagy -----Original Message----- From: Rosenhan, David [mailto:David.Rosenhan () swiftbrands com] Sent: Wednesday, January 21, 2004 7:41 PM To: Nagy Gergely; security-basics () securityfocus com Subject: RE: Network Access Quarantine Local users can be quarantined when using Zone alarm Integrity server or ISS (Black Ice) these are both server based firewalls (and host based IDS) that control the hosts on the network, if they don't have the virus updates you specify then they can't get on the network. David Rosenhan, CCNP Information Technology --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Network Access Quarantine, (continued)
- Re: Network Access Quarantine JM (Jan 22)
- Re: Network Access Quarantine Steve (Jan 26)
- Re: Network Access Quarantine Random Task (Jan 27)
- RE: Network Access Quarantine Moody, Chris (Jan 21)
- RE: Network Access Quarantine Rosenhan, David (Jan 21)
- RE: Network Access Quarantine Nagy Gergely (Jan 22)
- RE: Network Access Quarantine Kuhl, Vince (DotComm) (Jan 21)
- Re: Network Access Quarantine Matthew Kemp (Jan 22)
- RE: Network Access Quarantine John Kingston (Jan 26)
- RE: Network Access Quarantine Shawn Jackson (Jan 26)
- RE: Network Access Quarantine Rosenhan, David (Jan 26)
- RE: Network Access Quarantine Adams, Tom (Jan 26)
- Re: Network Access Quarantine Jeff Friend (Jan 28)