Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to securing endpoints?

From: "William M. Ryan" <wmr02 () health state ny us>
Date: Wed, 24 Jan 2007 14:26:07 -0500


We do the MAC locking option and set static reservations in DHCP.  It was a
LOT of work to set up, but maintaining it isn't too bad if you script the
changes.



                                                                       
             "Mario Platt"                                             
             <mplatt () gmail com                                         
             >                                                          To
             Sent by:                  "Jaime Ruiz" <jruiz () neosecure cl>
             listbounce@securi                                          cc
             tyfocus.com               WALI <hkhasgiwale () gmail com>,   
                                                                   Subject
                                       Re: How to securing endpoints?  
             01/23/2007 06:51                                          
             PM                                                        
                                                                       
                                                                       
                                                                       
                                                                       




The Cisco solution can also be clientless. And it's also independent
of the operating system as in windows, mac ox, and linux. I suppose
things can be arranged for the rest of the OSs...

On 1/23/07, Jaime Ruiz <jruiz () neosecure cl> wrote:

You sould take a look at the NAC technology from Mirage Networks. This is

a clientless aproach to NAC in opposite to Cisco and independant of the
operating system.


http://www.miragenetworks.com

Regards,

Jaime Ruiz V.
============================================================
Jaime Ruiz Villegas
  Gerente de Proyectos Especiales, NeoSecure S.A. - Web:

www.neosecure.net

  Email: jruiz () neosecure cl - Phone:+56.2 2905919 - Mobile:+56.9 7995848
CHILE   - Phone:+56-2.2905900, Fax:+56.2 2905959
Providencia 1760 Of. 1601, Santiago. CP7500498
ARGENTINA - Phone:+54-11.48501310, Fax:+54.11.48501201
Bouchard 557/599 Piso 20 C 1106 ABG, Buenos Aires
=====================  Nota de Confidencialidad ==================
La información contenida en este mail es confidencial y ha sido enviada

en

forma exclusiva al destinatario del mismo, quién no debe divulgarla sin
previo consentimiento de NeoSecure.
============================================================


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En

nombre de WALI

Enviado el: Sábado, 20 de Enero de 2007 3:59
Para: security-basics () securityfocus com
Asunto: How to securing endpoints?


Seeking pointers on how to secure endpoints within the LAN.

With an AD domain running, without any Radius authentication mechanism, I

am wondering whether it would be worth investing yet, in the nascent
Microsoft/CISCO NAC technology.


My main concern is, to find ways to prohibit anyone/everyone to be able

to just plugin their PC/laptop into the UTP wall socket and get a lease
from my DHCP servers. We are looking at a network of about 1000 pc's here.


MAC learning and locking at the switch layer is an option but I foresee a

huge administrative overhead in my scenerio where helpdesk rolls out
several new PC's daily.


Any other options??
Previous By Date Next
Previous By Thread Next

Current thread: