Re: Revisiting wireless NAC

[Justin Azoff <JAzoff () ALBANY EDU>]

On Fri, Jan 04, 2013 at 02:43:30PM -0500, David Curry wrote:
> looking for products, we couldn't find any. There are plenty of IDS/IPS systems
> out there that can detect and block the traffic; that part's easy. But we've
> been unable to find any products that can also do the other part--sending users
> to some sort of quarantine/remediation portal so that they know why their
> computer isn't working on the network anymore. This last part is critical to
> us, as we do not run a 24x7 help desk, and we don't want to just silently drop
> users' traffic with no explanation when there's nobody they can call to find
> out what's happening.
>
> So finally, my question: Has anybody implemented something like this? If so,
> would you be willing to share how you did it?
>
> Thanks,
> --Dave

If you are moving to 802.1x you can dynamically assign vlans based on
the user. like so:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

substitute cisco with another vendor, I'm sure they all do it.

Then all you need is a tiny script that takes IDS events and flags the
associated user records in LDAP.

We never bothered with a remediation network on wireless, we just block
their mac address and send them an email.  It works well enough for us.

-- 
-- Justin Azoff
-- Network Security & Performance Analyst