RE: How to securing endpoints?

["Jaime Ruiz" <jruiz () neosecure cl>]

You sould take a look at the NAC technology from Mirage Networks. This is a clientless aproach to NAC in opposite to 
Cisco and independant of the operating system.
  
http://www.miragenetworks.com

Regards,

Jaime Ruiz V.
============================================================
Jaime Ruiz Villegas
  Gerente de Proyectos Especiales, NeoSecure S.A. - Web: www.neosecure.net
  Email: jruiz () neosecure cl - Phone:+56.2 2905919 - Mobile:+56.9 7995848 
CHILE   - Phone:+56-2.2905900, Fax:+56.2 2905959
Providencia 1760 Of. 1601, Santiago. CP7500498
ARGENTINA - Phone:+54-11.48501310, Fax:+54.11.48501201
Bouchard 557/599 Piso 20 C 1106 ABG, Buenos Aires
=====================  Nota de Confidencialidad ==================
La información contenida en este mail es confidencial y ha sido enviada en
forma exclusiva al destinatario del mismo, quién no debe divulgarla sin
previo consentimiento de NeoSecure.
============================================================ 


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de WALI
Enviado el: Sábado, 20 de Enero de 2007 3:59
Para: security-basics () securityfocus com
Asunto: How to securing endpoints?


Seeking pointers on how to secure endpoints within the LAN.

With an AD domain running, without any Radius authentication mechanism, I am wondering whether it would be worth 
investing yet, in the nascent Microsoft/CISCO NAC technology.

My main concern is, to find ways to prohibit anyone/everyone to be able to just plugin their PC/laptop into the UTP 
wall socket and get a lease from my DHCP servers. We are looking at a network of about 1000 pc's here.

MAC learning and locking at the switch layer is an option but I foresee a huge administrative overhead in my scenerio 
where helpdesk rolls out several new PC's daily.

Any other options??