http://www.packetfence.org/
I spotted this via a feature on it in Aprils Linux Journal. I know we've discussed NAC in various threads but no one has been able to implement it because of the need for 802.11X enabled switches or other vendor specifc hardware. Well Packet Fence seems to avoid this problem because you can use either ARP posioning, DHCP scope changes or VLANs to control network access.
Anyway, check it out.
Nice one Geoff
We are banned from accessing the site here in Birmingham. Access via the BGFL returns " Inappropriate Content Blocked by: Smartfilter/Sexual Materials (sm)" We are ahem NAC-kered!
Geoff: What hardware are you running your packetfence on?
Ben
None. It's running on VMWare.
you're using it in anger on this config?
What mode do you have it running in arp poisoning?
Ben
Yes, it's set to arp poision. I also plugged Nessus in to it too.
Geoff,
I am planning on implementing this over the summer holidays and wondered the following: I have had a look on the PF website but no joy
1) I want to run this on a dedicated machine what would be the best spec for monitoring a 2000 node network?
2) I would assume it would be best to plub this into one of my HP layer3 core switches on a mirrored port?
3) Can I just plug this in and then config as I go or do all network kit have to be added otherwise it they will not work?? The reason I ask is that I have a number of other jobs I want to do and as long as I get the server in I can config it later so to speak
thick question. what does it do exactly?
Have a read
Network Access Control - Wikipedia, the free encyclopedia
NAC is also a feature of server 2008 and you can get agents for XP and Vista but not 2k. I don't think it actually requires a 2008 Active Directory but it will require a 2008 member server (not certain about that yet as i haven't had a play).
so control is done by MAC addressing?
1) Any old junk will work. I think mines running on a Celeron 900 with 256mb and a 20Gb HDD. However the main issue is cpu speed. Multicore will help tooOriginally Posted by ICTNUT
2) The more traffic it can see the better. Ideally you should put it on your 'core' switch and set the port to monitor, then have a second out-of-band network connection for management purposes.
3) Yes, you can configure it in various 'modes'. If you leave it in 'monitor' rather than 'enforcement' you can take your time. It will of course, still log events when set like this so you can take action manually.
Ahh Cool that clears thing up abit.
A quick question on your nessus intergration do you have it on the same box as PF or on a seperate one?
How does this nessus plugin work. I have nessus installed on my work laptop but as far as I've used it in the past it's a port / vulnerability scanner.
Yes I have nessus on the same box.
Correct it's a vulnerability scanner. What happens is you ask it to check for XYZ. Then when a new system is seen, it will be scanned for XYZ. If it fails it gets booted, if it doesn't its allowed on your network. Then (optionally) you can schedule scans to ensure continued compliance. You can also manually initiate scans, for example if you have just updated your definitions and wanted to check some new hole and boot the vulnerable systems.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote