Educause Security Discussion mailing list archives
Re: Revisiting wireless NAC
From: Justin Azoff <JAzoff () ALBANY EDU>
Date: Fri, 4 Jan 2013 15:16:18 -0500
On Fri, Jan 04, 2013 at 02:43:30PM -0500, David Curry wrote:
looking for products, we couldn't find any. There are plenty of IDS/IPS systems out there that can detect and block the traffic; that part's easy. But we've been unable to find any products that can also do the other part--sending users to some sort of quarantine/remediation portal so that they know why their computer isn't working on the network anymore. This last part is critical to us, as we do not run a 24x7 help desk, and we don't want to just silently drop users' traffic with no explanation when there's nobody they can call to find out what's happening. So finally, my question: Has anybody implemented something like this? If so, would you be willing to share how you did it? Thanks, --Dave
If you are moving to 802.1x you can dynamically assign vlans based on the user. like so: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml substitute cisco with another vendor, I'm sure they all do it. Then all you need is a tiny script that takes IDS events and flags the associated user records in LDAP. We never bothered with a remediation network on wireless, we just block their mac address and send them an email. It works well enough for us. -- -- Justin Azoff -- Network Security & Performance Analyst
Current thread:
- Revisiting wireless NAC David Curry (Jan 04)
- Re: Revisiting wireless NAC Justin Azoff (Jan 04)
- Re: Revisiting wireless NAC Patrick Gorsuch (Jan 04)
- Re: Revisiting wireless NAC Hahues, Sven (Jan 04)
- Re: Revisiting wireless NAC Mark Monroe (Jan 04)
- Re: Revisiting wireless NAC SCHALIP, MICHAEL (Jan 04)
- Re: Revisiting wireless NAC Martin Golizio (Jan 05)
- Re: Revisiting wireless NAC John Kaftan (Jan 05)
- Re: Revisiting wireless NAC Jeff Kell (Jan 06)