RE: Network Access Quarantine

["Kuhl, Vince (DotComm)" <vkuhl () dotcomm org>]

I know Cisco is working on a new product- Network Admission Control - which
works in that regard. I pulled this off of their website.

 Cisco Teams with Network Associates, Symantec, and Trend Micro to Address
Critical Industry Security Issues
 Cisco Network Admission Control Increases Networks' Ability to Defend
Against Security Threats

Customers using network admission control systems can allow network access
only to compliant and trusted endpoint devices (for example, PCs, servers,
personal digital assistants) and can restrict the access of non-compliant
devices. In its initial phase, the Cisco Network Admission Control
functionality enables Cisco routers to enforce access privileges when an
endpoint attempts to connect to a network. This decision can be based on
information about the endpoint device such as its current anti-virus state
and operating system patch level. Network admission control systems allow
non-compliant devices to be denied access, placed in a quarantined area, or
given restricted access to computing resources. Cisco Network Admission
Control systems will initially support endpoints running Microsoft Windows
NT, XP and 2000 operating systems.

Hope that helps.
Vince



-----Original Message-----
From: Nagy Gergely [mailto:gergely.nagy () is-energy hu]
Sent: Wednesday, January 21, 2004 1:50 AM
To: security-basics () securityfocus com
Subject: Network Access Quarantine


Hi all,

Do you have a solution for the following:

I would need a DHCP quarantine which works as a virtual lan or something.
The main role would be to check all the PCs that connect to the LAN for
security patches and viruses before leting them to connect to the real one.
If they comply to the company policy they can be forwarded to the real and
live network where they can work as usualy the do.

I have searched the net, but couldn't find anything like this. I could find
this solution for dial-in and VPN users, but not for local ones.

Any help would be kindly appreciated.

Greg



Ez a level virusellenorzesen esett at!

This message was checked against viruses!





Ez a level virusellenorzesen esett at!

This message was checked against viruses!



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------