Re: AW: IDS

["Thomas Choi" <tchoi () nortel com>]

Barthel, Frank wrote:
> Look at Cisco NAC or McAfee ePO with MPE.
> These are implementations that first put the client in a quarantine VLAN, then check the client and push the needed 
> updates to the client.
> After that, the port of the switch (NAC) or the desktop-firewall-policy (MPE) will grant the network access.

I agree.  Network Access Controls (NACs) would do exactly what Gopi is 
looking for.

NACs typically comprise of an interrogation engine that scans hosts 
against predefined computing policy criteria before granting network 
access.  Such policies could ensure that all hosts on your network have 
a desktop firewall, OS patches up-to-date, AV definitions up-to-date, no 
known malicious files or entries in registry etc...  Depending on the 
severity/magnitude of non-compliance, the machine can either be provided 
limited access to the network or their access can be blocked entirely.

In addition to the products that Frank mentioned above, you might also 
want to take a look at Forescout's CounterACT which in addition to 
providing NAC services, can also block fast propagating malware on your 
network.

Nortel also has a similar product called NSNA that you might want to 
check out as well.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------