Security Basics mailing list archives
RE: NAC solutions
From: Nick Schroedl <NSchroedl () mullen-group com>
Date: Wed, 3 Aug 2011 10:07:34 -0600
It was a while back when we purchased it, I just remember that it was one of the more expensive systems we looked at. However we built ours with full redundancy at a separate data center which doubled the cost. We have around 1500 systems across North America and we use Bradford to do on the fly dynamic vlans. So basically if we don't trust a system based on our policies the Bradford system will auto log into the switch via ssh and enter the command to switch the port to either a "black hole" VLan or our "internet only" VLan which still goes through our proxy system. We are mostly Cisco and HP switches and we have not run into an issue except with older Cisco gear that just needed an update. Bradford Sales is very helpful, and they are a great company to work with. I would recommend with starting at their website and arranging a web conference to get more info straight from them. Nick -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of James Jelinek Sent: Wednesday, August 03, 2011 9:56 AM To: security-basics () securityfocus com Subject: RE: NAC solutions We're in a similar position as Andi. Looking for a NAC/IDS solution for our network of 100 workstations, 7 subnets (long story), and multiple ACL nightmares. I'm looking into Packetfence as well since it will supposedly work with the HP Procurve switches we have. It will only shut ports with these switches, it won't do any layer-3 blackholing/etc. Definitely worth a look. I'd like to check out Bradford, what is the average cost? Or is that an arbitrary question? -James -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Schroedl Sent: Wednesday, August 03, 2011 10:42 AM To: 'Morris, Andi'; security-basics () securityfocus com Subject: RE: NAC solutions We have the Bradford Networks solution running and it is SLICK! Control right down to the switch level and not dependent on MAC addresses. The system its self will work on wireless, and wired, and will work with pretty much any managed switch. Downside is it is a tad bit pricy. You will have to have a fairly large network to justify the cost. Nick -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Morris, Andi Sent: Wednesday, August 03, 2011 2:45 AM To: security-basics () securityfocus com Subject: NAC solutions I'm about to do some investigating in to NAC solutions for our network. Is there a good list of solutions with pros and cons around? The main one that is grabbing my eye at the moment is PacketFence due to the open source nature and seemingly large flexibility of the product. I'm looking at a network integrated solution, rather than one that would need endpoint client installation, and it would need to work seamlessly with our Cisco infrastructure. Cheers, Andi ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f7 27 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- NAC solutions Morris, Andi (Aug 03)
- RE: NAC solutions Nick Schroedl (Aug 03)
- RE: NAC solutions James Jelinek (Aug 03)
- RE: NAC solutions Nick Schroedl (Aug 03)
- RE: NAC solutions James Jelinek (Aug 03)
- RES: NAC solutions Alexandre Fernandes (Aug 03)
- Re: NAC solutions John Morrison (Aug 03)
- RE: NAC solutions James Jelinek (Aug 03)
- RE: NAC solutions Nick Schroedl (Aug 03)
- <Possible follow-ups>
- Re: NAC solutions flanny16 (Aug 03)
- Re: Re: NAC solutions dgat16 (Aug 03)