Barthel, Frank wrote:
Look at Cisco NAC or McAfee ePO with MPE.
These are implementations that first put the client in a quarantine VLAN, then
check the client and push the needed updates to the client.
After that, the port of the switch (NAC) or the desktop-firewall-policy (MPE)
will grant the network access.
I agree. Network Access Controls (NACs) would do exactly what Gopi is
looking for.
NACs typically comprise of an interrogation engine that scans hosts
against predefined computing policy criteria before granting network
access. Such policies could ensure that all hosts on your network have
a desktop firewall, OS patches up-to-date, AV definitions up-to-date, no
known malicious files or entries in registry etc... Depending on the
severity/magnitude of non-compliance, the machine can either be provided
limited access to the network or their access can be blocked entirely.
In addition to the products that Frank mentioned above, you might also
want to take a look at Forescout's CounterACT which in addition to
providing NAC services, can also block fast propagating malware on your
network.
Nortel also has a similar product called NSNA that you might want to
check out as well.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
