Random ...
July 2018
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Tags ...

Linux++:::: Halt! who goes there?
Posted at 22.Jun,2006 23:16  Comments 0 / Trackbacks 0 / Like this post!
Technorati tag(s):

People generally look for bad guys coming from outside the network. Many would forget to look at the internal network where viruses, worms, rouge APs, etc.

Many, including me, has that false sense of security. We trust anything from internal network too much.

How can we mitigate all internal users? I asked Adli that during the security sig at mimos, and he told me to check out packetfence

Well, I did, and I wondered how my network survived this long :)

Briefly, packetfence can be described as a network access control, or threat management to be buzzward compliant; and to impress PHBs.

Packetfence work in two modes, by managing arps or via dhcp. Packetfence can be deployed inline or passive.

Packetfence can do any or all these::

  • isolate
  • detect/scan
  • register

Users trying to access the network will be redirected to packet fence, and depending what we set up, can isolate, ask users to register (via radius, ldap, local), and/or scan for vulnerabilities (using nessus).

We can set what is considered a violation; e.g if open shares are a violation, just set the nessus plugin id as the trigger.

Packetfence has a web interface for PHBs, and command line for you geeks.

Initial tests show that it works great. I will jot about installation and test environment in later entry.

Bookmark and Share

Is this entry helpful? Comments/Donate/Click some google ads.  
Trackback is http://myzope.kedai.com.my/blogs/kedai/86/tbping 

Post a comment