RE: Network Access Quarantine

• Previous message: Matthew Kemp: "Re: Network Access Quarantine"
• In reply to: Rosenhan, David: "RE: Network Access Quarantine"
• Next in thread: Kuhl, Vince (DotComm): "RE: Network Access Quarantine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Rosenhan, David'" <David.Rosenhan@swiftbrands.com>, <security-basics@securityfocus.com>
Date: Thu, 22 Jan 2004 10:57:02 +0100

It seems a good idea, but how could you prevent connecting the client from
the LAN? I mean if some client gets the "live" IP address and mybe hooked
some network worm, that it can infect the whole network before checking for
the compliance. I would need a "dummy" network scope with only one server
for the check process. After the compliance check has succedded it can have
a new ip address from the "live" IP scope. Or whatever.
Thankx for all of you for the answers, but I would need some more specific
way, how to start. I like the Cisco future solution, but I think that would
not be too cheap for us to buy. Has anybody ever tested something like
this?
How does Blacice or Zone alarm Integrity Server works? Do I need a client
agent to work? Are the clients connecting to the "live" network, or a dummy
quarantine network?

Any help would be appreciated...

Br,

Gergely Nagy

-----Original Message-----
From: Rosenhan, David [mailto:David.Rosenhan@swiftbrands.com]
Sent: Wednesday, January 21, 2004 7:41 PM
To: Nagy Gergely; security-basics@securityfocus.com
Subject: RE: Network Access Quarantine

Local users can be quarantined when using Zone alarm Integrity server or
ISS (Black Ice) these are both server based firewalls (and host based
IDS) that control the hosts on the network, if they don't have the virus
updates you specify then they can't get on the network.

David Rosenhan, CCNP
Information Technology

Ez a level virusellenorzesen esett at!

This message was checked against viruses!

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

• Previous message: Matthew Kemp: "Re: Network Access Quarantine"
• In reply to: Rosenhan, David: "RE: Network Access Quarantine"
• Next in thread: Kuhl, Vince (DotComm): "RE: Network Access Quarantine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]