IDS mailing list archives
Re: AW: IDS
From: "Thomas Choi" <tchoi () nortel com>
Date: Wed, 05 Jul 2006 17:04:28 -0400
Barthel, Frank wrote:
Look at Cisco NAC or McAfee ePO with MPE. These are implementations that first put the client in a quarantine VLAN, then check the client and push the needed updates to the client. After that, the port of the switch (NAC) or the desktop-firewall-policy (MPE) will grant the network access.
I agree. Network Access Controls (NACs) would do exactly what Gopi is looking for.
NACs typically comprise of an interrogation engine that scans hosts against predefined computing policy criteria before granting network access. Such policies could ensure that all hosts on your network have a desktop firewall, OS patches up-to-date, AV definitions up-to-date, no known malicious files or entries in registry etc... Depending on the severity/magnitude of non-compliance, the machine can either be provided limited access to the network or their access can be blocked entirely.
In addition to the products that Frank mentioned above, you might also want to take a look at Forescout's CounterACT which in addition to providing NAC services, can also block fast propagating malware on your network.
Nortel also has a similar product called NSNA that you might want to check out as well.
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------