Re: How to securing endpoints?

The Cisco solution can also be clientless. And it's also independent
of the operating system as in windows, mac ox, and linux. I suppose
things can be arranged for the rest of the OSs...

On 1/23/07, Jaime Ruiz <jruiz@xxxxxxxxxxxx> wrote:
You sould take a look at the NAC technology from Mirage Networks. This is a clientless aproach to NAC in opposite to Cisco and independant of the operating system.


Jaime Ruiz V.
Jaime Ruiz Villegas
Gerente de Proyectos Especiales, NeoSecure S.A. - Web:
Email: jruiz@xxxxxxxxxxxx - Phone:+56.2 2905919 - Mobile:+56.9 7995848
CHILE - Phone:+56-2.2905900, Fax:+56.2 2905959
Providencia 1760 Of. 1601, Santiago. CP7500498
ARGENTINA - Phone:+54-11.48501310, Fax:+54.11.48501201
Bouchard 557/599 Piso 20 C 1106 ABG, Buenos Aires
===================== Nota de Confidencialidad ==================
La información contenida en este mail es confidencial y ha sido enviada en
forma exclusiva al destinatario del mismo, quién no debe divulgarla sin
previo consentimiento de NeoSecure.

-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En nombre de WALI
Enviado el: Sábado, 20 de Enero de 2007 3:59
Para: security-basics@xxxxxxxxxxxxxxxxx
Asunto: How to securing endpoints?

Seeking pointers on how to secure endpoints within the LAN.

With an AD domain running, without any Radius authentication mechanism, I am wondering whether it would be worth investing yet, in the nascent Microsoft/CISCO NAC technology.

My main concern is, to find ways to prohibit anyone/everyone to be able to just plugin their PC/laptop into the UTP wall socket and get a lease from my DHCP servers. We are looking at a network of about 1000 pc's here.

MAC learning and locking at the switch layer is an option but I foresee a huge administrative overhead in my scenerio where helpdesk rolls out several new PC's daily.

Any other options??