Re: Network Access Quarantine

["Steve" <securityfocus () delahunty com>]

Why not force them to VPN in?  Sure, there would be overhead for that, and
costs for the VPN.

I had a thought about this, and wonder what the groups thinks of this
approach.  With the security issues we now face in the workplace, I could
see a good case for a real firewall between the actual end-users (employees)
and our systems.  I mean, why should regular old employees have direct
access to all network servers anyway other than what they need for email
etc?  Sure this would take some work to set up the firewall ruleset
internally but think about how recently we have all seen corporate servers
running the risk of being infected by Nimda etc from inside our networks,
not the fear if those ports are blocked between the servers and the
employees.  Just an interesting thought.


----- Original Message ----- 
From: "Nagy Gergely" <gergely.nagy () is-energy hu>
To: <security-basics () securityfocus com>
Sent: Wednesday, January 21, 2004 2:49 AM
Subject: Network Access Quarantine


Hi all,

Do you have a solution for the following:

I would need a DHCP quarantine which works as a virtual lan or something.
The main role would be to check all the PCs that connect to the LAN for
security patches and viruses before leting them to connect to the real one.
If they comply to the company policy they can be forwarded to the real and
live network where they can work as usualy the do.

I have searched the net, but couldn't find anything like this. I could find
this solution for dial-in and VPN users, but not for local ones.

Any help would be kindly appreciated.

Greg



Ez a level virusellenorzesen esett at!

This message was checked against viruses!





Ez a level virusellenorzesen esett at!

This message was checked against viruses!



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------