RES: NAC solutions

[Alexandre Fernandes <alexandre.fernandes () lasa com br>]

Do you have any options.... About Cisco, take a look: http://www.cisco.com/en/US/products/ps6128/index.html and another 
option is BIG-IP (http://www.f5.com/pdf/white-papers/simplify-application-access-wp.pdf )
I hope that help.



________________________________________
De: listbounce () securityfocus com [listbounce () securityfocus com] em Nome de Nick Schroedl [NSchroedl () 
mullen-group com]
Enviado: quarta-feira, 3 de agosto de 2011 13:07
Para: 'James Jelinek'; security-basics () securityfocus com
Assunto: RE: NAC solutions

It was a while back when we purchased it, I just remember that it was one of
the more expensive systems we looked at.  However we built ours with full
redundancy at a separate data center which doubled the cost.  We have around
1500 systems across North America and we use Bradford to do on the fly
dynamic vlans.  So basically if we don't trust a system based on our
policies the Bradford system will auto log into the switch via ssh and enter
the command to switch the port to either a "black hole" VLan or our
"internet only" VLan which still goes through our proxy system.  We are
mostly Cisco and HP switches and we have not run into an issue except with
older Cisco gear that just needed an update.

Bradford Sales is very helpful, and they are a great company to work with.
I would recommend with starting at their website and arranging a web
conference to get more info straight from them.

Nick


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of James Jelinek
Sent: Wednesday, August 03, 2011 9:56 AM
To: security-basics () securityfocus com
Subject: RE: NAC solutions


We're in a similar position as Andi.  Looking for a NAC/IDS solution for our
network of 100 workstations, 7 subnets (long story), and multiple ACL
nightmares.  I'm looking into Packetfence as well since it will supposedly
work with the HP Procurve switches we have.  It will only shut ports with
these switches, it won't do any layer-3 blackholing/etc.

Definitely worth a look.

I'd like to check out Bradford, what is the average cost?  Or is that an
arbitrary question?

-James
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Nick Schroedl
Sent: Wednesday, August 03, 2011 10:42 AM
To: 'Morris, Andi'; security-basics () securityfocus com
Subject: RE: NAC solutions

We have the Bradford Networks solution running and it is SLICK!  Control
right down to the switch level and not dependent on MAC addresses.  The
system its self will work on wireless, and wired, and will work with pretty
much any managed switch.  Downside is it is a tad bit pricy.  You will have
to have a fairly large network to justify the cost.

Nick

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of Morris, Andi
Sent: Wednesday, August 03, 2011 2:45 AM
To: security-basics () securityfocus com
Subject: NAC solutions

I'm about to do some investigating in to NAC solutions for our network.
Is
there a good list of solutions with pros and cons around?  The main one that
is grabbing my eye at the moment is PacketFence due to the open source
nature and seemingly large flexibility of the product.

I'm looking at a network integrated solution, rather than one that would
need endpoint client installation, and it would need to work seamlessly with
our Cisco infrastructure.

Cheers,
Andi

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f7
27
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------