Re: [Network Access Quarantine]

[Ed Spencer <espencer () usa net>]

Here at the college we perform something similar to what you describe using
the netreg package (open source - http://www.netreg.org).

The user turns on the computer and has an IP address assigned from the DHCP
pool.  We don't allow external DNS servers, all dns queries return to one site
locally where they go to 'register', and this pool has router restrictions to
prevent them from going anywhere off campus.  We then have them click through
a website where we scan the machines for a number of worms (with local links
for downloading the fixes), and then have them authticate using a variety of
methods.  This allows the network card to be used on the network and after a
reboot the dhcp server gives them new dns and ip information outside the scope
of the restrictions.

I understand this isn't real detailed and doesn't match your needs 100% but it
may give you some ideas for a 'homebrew' solution.

Good luck,
Ed Spencer
MCSE/MCT/MCP/CNA/A+/Network+Security+
University of Alaska Fairbanks

"Nagy Gergely" <gergely.nagy () is-energy hu> wrote:

> Hi all,
>
> Do you have a solution for the following:
>
> I would need a DHCP quarantine which works as a virtual lan or something.
> The main role would be to check all the PCs that connect to the LAN for
> security patches and viruses before leting them to connect to the real one.
> If they comply to the company policy they can be forwarded to the real and
> live network where they can work as usualy the do.
>
> I have searched the net, but couldn't find anything like this. I could find
> this solution for dial-in and VPN users, but not for local ones.
>
> Any help would be kindly appreciated.
>
> Greg
>
>
>
> Ez a level virusellenorzesen esett at!
>
> This message was checked against viruses!
>
>
>
>
>
> Ez a level virusellenorzesen esett at!
>
> This message was checked against viruses!
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
> course! All of our class sizes are guaranteed to be 10 students or less. 
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,

> and many other technical hands on courses. 
> Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
> any course!  
----------------------------------------------------------------------------
>




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------