NAC
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Thu Jul 12 16:20:38 CEST 2007
A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>
>> Right, but machines on a residential network are generally going to be
>> personal machines, I for one would protest greatly if I was forced to
>> install an AV solution just to use the network in my halls of residence.
>>
>
> our terms and conditions state that an AV solution must be installed
> on such systems. the users are free to choose their own one
> if they want to, or they can freely install a fully managed
> McAfee AV with the anti-spyware module for free as part of the
> service.
Same, though we offer F-Secure.
> we dont want to be a breeding ground for external attacks,
> we try to protect our students from losing all their coursework due to
> an MSN installed trojan or virus and we want to instill them with
> a bit of knowledge of protecting their computers. whilst they're
> here, their systems are a little more 'looked after' from the net.
> when those machines go home for holidays etc they will be largely
> wide open to attack....
Same, though computers are counted as students own responsibility. To
combat infections spreading from computer to computer, we assign
everyone on resnet/roaming an ip with a cidr subnet mask of 24. Though I
think this is pretty standard practise on most residential networks
these days.
> we didnt like the huge surge of bad traffic
> after the holiday season when their systems came back with more
> diseases than i would have if I went down to the Congo with not a
> single jab and a penchant for swimming in the local rivers.
>
Or urinating in the local rivers ... Nasty little fishys
> we've looked at various NAC systems over the past few years and
> although its very desirable for systems to 'pass a test' before
> they are allowed on the main network (imagine you start on a
> side road...you havent got AV..install AV..get onto main
> road..you are not patched...patch system...get onto motorway)
> none of the current solutions were desirable for various niggling
> issues - and for simpler reasons such cross-platform
> support, dealing with dumb systems etc.
>
>
Yes, Macs *nixes, *nuxs... etc
Impossible to support them all ... you could just require that all
windows boxes have AV, as they're the ones most at risk.
Or just ban all windows pcs by default, due to inherent insecurities in
the operating system :)
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list