Quarantining a System using Freeradius
Michael Schwartzkopff
misch at multinet.de
Tue Nov 28 11:24:29 CET 2006
Am Dienstag, 28. November 2006 11:11 schrieb Dev Anand:
> Hi All ,
>
> Is it possible to quarantine a system by placing it in different vlan
> by OpenRadius ?
>
> If so can somebody guide me on the steps that can be tried .
>
> The situation is like this :
> System already having an IP address , but found to be infected with a
> virus-worm.
> So it needs to be quarantined automatically .
>
> Thanks in advance,
> -Deva
It is possible to setup the NAS (Switch) to adjust VLANs according to user or
computer. But you have to introduce authentication via EAP or MAC address
based auth to do this.
But there is another problem: How do you tell FR which system to be put into a
quarantaine VLAN? Manually? You would have to install some kind of agent on
all machines which test the machine for integrity and tell FR about the
result.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061128/88b1acc0/attachment.pgp>
More information about the Freeradius-Users
mailing list