RE: Network Access Quarantine

["Rosenhan, David" <David.Rosenhan () swiftbrands com>]

> From what ISS and Zone Alarm showed us when they came out to demo the
products it looked as though the firewall allowed the user to get an IP
address and login to the domain, and that was as far as the user got, we
tried to replicate a few issues and it looked like the firewall and host
based IDS stopped all other outgoing traffic created by the client until
the server that controls the firewall allowed the user onto the network.
I would suggest you take a good look at their websites, go to Zone
Alarms website and the website for ISS (black ice).  The firewall that
seemed to work the best was ISS but was more difficult to configure. 



It seems a good idea, but how could you prevent connecting the client
from the LAN? I mean if some client gets the "live" IP address and mybe
hooked some network worm, that it can infect the whole network before
checking for the compliance. I would need a "dummy" network scope with
only one server for the check process. After the compliance check has
succedded it can have a new ip address from the "live" IP scope. Or
whatever. 
Thankx for all of you for the answers, but I would need some more
specific way, how to start. I like the Cisco future solution, but I
think that would not be too cheap for us  to buy. Has anybody ever
tested something like this? How does Blacice or Zone alarm Integrity
Server works? Do I need a client agent to work? Are the clients
connecting to the "live" network, or a dummy quarantine network?

Any help would be appreciated...

Br,

Gergely Nagy

-----Original Message-----
From: Rosenhan, David [mailto:David.Rosenhan () swiftbrands com] 
Sent: Wednesday, January 21, 2004 7:41 PM
To: Nagy Gergely; security-basics () securityfocus com
Subject: RE: Network Access Quarantine

Local users can be quarantined when using Zone alarm Integrity server or
ISS (Black Ice)  these are both server based firewalls (and host based
IDS) that control the hosts on the network, if they don't have the virus
updates you specify then they can't get on the network.

David Rosenhan, CCNP
Information Technology

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------