Validating machines before they connect to the network

MasterPlan1 · 11 Oct 2011 at 09:39

Just had a bit of an outbreak here - and it was because of some machine which didn't have AV on it. I remember at my previous company when using McAfee we had Rogue System Detection - but we use Symantec Endpoint Protection, I don't think that SEP has anything like RSD built in, so I'm wondering if there is anything out there which is a 3rd party tool or anything of the sorts?

Also, if it could stop it connecting if it doesn't have AV etc that would be awesome - I know such a thing exists as my missus had to have AV etc on her laptop before she connected up to her Uni network, but haven't a clue what it was called.

TIA.

-Rich

Rob7865 · 11 Oct 2011 at 10:10

If using Server 2008 there is NAP (http://www.microsoft.com/en-us/server-cloud/windows-server/network-access-protection-nap.aspx)

Rob

Skidilliplop · 14 Oct 2011 at 21:31

Generally speaking being 100% sure an unknown machine is secure is impossible so I tend to recommend using dot1x or port security on switches so nothing can connect to the network proper without you being aware of it.

We use McAfee but it's rogue system detection is far from bullet proof and i wouldn't rely on it if you've had major issues from rogue machines.

J.B · 15 Oct 2011 at 13:45

If you have money to spend you could look into Cisco NAC

SMN · 16 Oct 2011 at 12:40

Yeah Cisco clean access can do this.

sidethink · 17 Oct 2011 at 09:12

Have used Cisco Clean Access (and NAC) which is pretty awesome, although ti can get very expensive.

Have also deployed Symantec NAC (SNAC) in environments where there is already a significant Symantec infrastructure. The R&D phase was long since we picked the product up in it's infancy but it works pretty well now.

Goliath · 17 Oct 2011 at 16:48

MasterPlan1 said:
Also, if it could stop it connecting if it doesn't have AV etc that would be awesome - I know such a thing exists as my missus had to have AV etc on her laptop before she connected up to her Uni network, but haven't a clue what it was called.

-Rich

As stated, clean access or NAC was probably what they had, a lot of universities have gone down this route. Cisco is one option, Bradford Networks do another that seems pretty useful. Either will be pretty expensive and will require some heavy duty re-engineering of your network etc.

Westyfield2 · 18 Oct 2011 at 14:31

802.1x to put anything that isn't yours on a separate VLAN.

Dazza_Random · 20 Oct 2011 at 23:39

It probably was the Bradford Campus manager...

MasterPlan1 said:
Just had a bit of an outbreak here - and it was because of some machine which didn't have AV on it. I remember at my previous company when using McAfee we had Rogue System Detection - but we use Symantec Endpoint Protection, I don't think that SEP has anything like RSD built in, so I'm wondering if there is anything out there which is a 3rd party tool or anything of the sorts?

Also, if it could stop it connecting if it doesn't have AV etc that would be awesome - I know such a thing exists as my missus had to have AV etc on her laptop before she connected up to her Uni network, but haven't a clue what it was called.

TIA.

-Rich