RE: Network Access Quarantine

From: Rosenhan, David (
Date: 01/23/04

  • Next message: pablo gietz: "FTP Proxy"
    Date: Fri, 23 Jan 2004 08:26:07 -0700
    To: "Nagy Gergely" <>, <>

    From what ISS and Zone Alarm showed us when they came out to demo the
    products it looked as though the firewall allowed the user to get an IP
    address and login to the domain, and that was as far as the user got, we
    tried to replicate a few issues and it looked like the firewall and host
    based IDS stopped all other outgoing traffic created by the client until
    the server that controls the firewall allowed the user onto the network.
    I would suggest you take a good look at their websites, go to Zone
    Alarms website and the website for ISS (black ice). The firewall that
    seemed to work the best was ISS but was more difficult to configure.

    It seems a good idea, but how could you prevent connecting the client
    from the LAN? I mean if some client gets the "live" IP address and mybe
    hooked some network worm, that it can infect the whole network before
    checking for the compliance. I would need a "dummy" network scope with
    only one server for the check process. After the compliance check has
    succedded it can have a new ip address from the "live" IP scope. Or
    Thankx for all of you for the answers, but I would need some more
    specific way, how to start. I like the Cisco future solution, but I
    think that would not be too cheap for us to buy. Has anybody ever
    tested something like this? How does Blacice or Zone alarm Integrity
    Server works? Do I need a client agent to work? Are the clients
    connecting to the "live" network, or a dummy quarantine network?

    Any help would be appreciated...


    Gergely Nagy

    -----Original Message-----
    From: Rosenhan, David []
    Sent: Wednesday, January 21, 2004 7:41 PM
    To: Nagy Gergely;
    Subject: RE: Network Access Quarantine

    Local users can be quarantined when using Zone alarm Integrity server or
    ISS (Black Ice) these are both server based firewalls (and host based
    IDS) that control the hosts on the network, if they don't have the virus
    updates you specify then they can't get on the network.

    David Rosenhan, CCNP
    Information Technology

    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at to get $720 off
    any course!

  • Next message: pablo gietz: "FTP Proxy"

    Relevant Pages

    • Re: Computers on LAN wont recognize or talk to each other.
      ... both systems run zone alarm firewall & anti virus.all regular ... I believe I've eliminated 3rd party problems of firewall from zone ... I have tried running the Network Setup wizard on both machines, ... Read this article, and linked articles, and follow instructions precisely ...
    • Re: Weirdness when setting up new network
      ... I seem to recall using this process to remove Zone Alarm months ago. ... The desktop computer curiously omits the *My Network Places* icon when accessing the *Start* menu. ... In addition, when clicking the *View workgroup computers* once I manuever to *My Network Places*, the following error message is received: ... Microsoft's firewall is on both machines and setup properly as far as I can determine. ...
    • Re: Zone Alarm Problems
      ... XP Firewall is enabled on all three computers. ... Cable Internet if that helps. ... >> Installed Zone Alarm and it would keep blocking the computers on the ... >> have any access to the Internet or our home network at all. ...
    • Re: Network not working
      ... >> I then disabled the firewall in XP and in Zone Alarm and I can see the ... > I rebooted the 98 and hey presto the network was complete on the 98 ...
    • RE: can ping but not browse
      ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...