Security Basics mailing list archives
FW: NAC Question
From: kevin fielder <kevin.fielder () gmail com>
Date: Wed, 8 Apr 2009 07:57:19 +0100
Hi Another great benefit of many (most?) MAC products is that you can assist yourselves and your uses in maintaining their machines. You configure various polices such as AV installed and patched, latest O/S patches installed, local firewall running etc. If the client machine fails any of these checks it is only allowed to connect to certain machines / links (e.g. your update server, your AV server, windows update etc) This can be achieved either by the NAC client restricting access or by the NAC client forcing the machine onto a 'dirty' network. The machine is either automatically updated, or on screen (via the browser) instructions are provided to the user to update the machine and bring it into compliance. Once the machine meets the NAC rules it is then able to connect to the normal office network. Most of the big players offer a NAC solution with the most comprehensive usually consisting of a local client and a back end device of some sort (Hardware device or software installed on a standard server). Cisco's offering is very good though as with most of the best solutions clearly has cost implications. cheers K -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of aditya mukadam Sent: 07 April 2009 07:50 To: avghacker () gmail com; security basics Subject: Re: NAC Question Let the worm, not be the only reason to use NAC. Using NAC has many advantages w.r.t mitigating worms : 1) It can perform check on laptops connecting devices for the AV, Firewall etc 2) Wireless guest users can be authenticated and checked for security. 3) You can enforce policy if NAC is integrated with FW/ URL filtering server on per user basis. Hope this helps. Thanks, Aditya Govind Mukadam On Tue, Mar 24, 2009 at 10:19 PM, <avghacker () gmail com> wrote:
Well we have the downadup worm floating around our network and are slowly trying to deal with it. Our environment has a lot of users who are local admins so they basically are allowed to download anything here and at home. I wanted a way to keep them off the network unless they have patches and an AV solution. Many users only pull out their laptops every couple of weeks so obviously the update server isn't reaching them. Side note: already have and ids in place ------Original Message------ From: exzactly To: avghacker () gmail com To: security-basics () securityfocus com Subject: Re: NAC Question Sent: Mar 24, 2009 12:34 PM Are you sure NAC is the way to go for your issue? An IPS may be a better option to keep the spread of Malware down. NAC can be expensive, messy to implement and time consuming, it has it's place but I don't know if your requirements would warrant it. Can you add a little more information to your issue? -------------------------------------------------- From: <avghacker () gmail com> Sent: Friday, March 20, 2009 4:39 AM To: <security-basics () securityfocus com> Subject: NAC QuestionHey all was wondering if anyone had any experience with deploying or maintaining a NAC? I'm looking for recommendations, advice, gotchas, etc... Having some serious malware issues in a place that doesn't have patch management and I'm looking to turn to a NAC to help bring the network under control.....advice? -------------------------------------------------------------------- ---- This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.htm l -------------------------------------------------------------------- ----Sent from my Verizon Wireless BlackBerry
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- RE: NAC Question juan | ToBe Security (Apr 02)
- <Possible follow-ups>
- Re: NAC Question aditya mukadam (Apr 07)
- FW: NAC Question kevin fielder (Apr 08)
- Re: NAC Question Stephen Mullins (Apr 20)
- Re: NAC Question avghacker (Apr 20)
- Re: NAC Question Stephen Mullins (Apr 20)
- Re: NAC Question avghacker (Apr 20)
- Re: NAC Question I_wont_tell (Apr 21)