Re: How to securing endpoints?





We do the MAC locking option and set static reservations in DHCP. It was a
LOT of work to set up, but maintaining it isn't too bad if you script the
changes.




"Mario Platt"
<mplatt@xxxxxxxxx
> To
Sent by: "Jaime Ruiz" <jruiz@xxxxxxxxxxxx>
listbounce@securi cc
tyfocus.com WALI <hkhasgiwale@xxxxxxxxx>,
Subject
Re: How to securing endpoints?
01/23/2007 06:51
PM








The Cisco solution can also be clientless. And it's also independent
of the operating system as in windows, mac ox, and linux. I suppose
things can be arranged for the rest of the OSs...

On 1/23/07, Jaime Ruiz <jruiz@xxxxxxxxxxxx> wrote:
You sould take a look at the NAC technology from Mirage Networks. This is
a clientless aproach to NAC in opposite to Cisco and independant of the
operating system.

http://www.miragenetworks.com

Regards,

Jaime Ruiz V.
============================================================
Jaime Ruiz Villegas
Gerente de Proyectos Especiales, NeoSecure S.A. - Web:
www.neosecure.net
Email: jruiz@xxxxxxxxxxxx - Phone:+56.2 2905919 - Mobile:+56.9 7995848
CHILE - Phone:+56-2.2905900, Fax:+56.2 2905959
Providencia 1760 Of. 1601, Santiago. CP7500498
ARGENTINA - Phone:+54-11.48501310, Fax:+54.11.48501201
Bouchard 557/599 Piso 20 C 1106 ABG, Buenos Aires
===================== Nota de Confidencialidad ==================
La información contenida en este mail es confidencial y ha sido enviada
en
forma exclusiva al destinatario del mismo, quién no debe divulgarla sin
previo consentimiento de NeoSecure.
============================================================


-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de WALI
Enviado el: Sábado, 20 de Enero de 2007 3:59
Para: security-basics@xxxxxxxxxxxxxxxxx
Asunto: How to securing endpoints?


Seeking pointers on how to secure endpoints within the LAN.

With an AD domain running, without any Radius authentication mechanism, I
am wondering whether it would be worth investing yet, in the nascent
Microsoft/CISCO NAC technology.

My main concern is, to find ways to prohibit anyone/everyone to be able
to just plugin their PC/laptop into the UTP wall socket and get a lease
from my DHCP servers. We are looking at a network of about 1000 pc's here.

MAC learning and locking at the switch layer is an option but I foresee a
huge administrative overhead in my scenerio where helpdesk rolls out
several new PC's daily.

Any other options??