Home page logo

basics logo Security Basics mailing list archives

Re: NAC Question
From: aditya mukadam <aditya.mukadam () gmail com>
Date: Tue, 7 Apr 2009 12:19:50 +0530

Let the worm, not be the only reason to use NAC.

Using NAC has many advantages w.r.t mitigating worms :
1) It can perform check on laptops connecting devices for the AV, Firewall etc
2) Wireless guest users can be authenticated and checked for security.
3) You can enforce policy if NAC is integrated with FW/ URL filtering
server on per user basis.

Hope this helps.

Aditya Govind Mukadam

On Tue, Mar 24, 2009 at 10:19 PM, <avghacker () gmail com> wrote:

Well we have the downadup worm floating around our network and are slowly trying to deal with it.  Our environment 
has a lot of users who are local admins so they basically are allowed to download anything here and at home.  I 
wanted a way to keep them off the network unless they have patches and an AV solution.  Many users only pull out 
their laptops every couple of weeks so obviously the update server isn't reaching them.

Side note: already have and ids in place
------Original Message------
From: exzactly
To: avghacker () gmail com
To: security-basics () securityfocus com
Subject: Re: NAC Question
Sent: Mar 24, 2009 12:34 PM

Are you sure NAC is the way to go for your issue? An IPS may be a better
option to keep the spread of Malware down. NAC can be expensive, messy to
implement and time consuming, it has it's place but I don't know if your
requirements would warrant it. Can you add a little more information to your

From: <avghacker () gmail com>
Sent: Friday, March 20, 2009 4:39 AM
To: <security-basics () securityfocus com>
Subject: NAC Question

Hey all was wondering if anyone had any experience with deploying or
maintaining a NAC?  I'm looking for recommendations, advice, gotchas,

Having some serious malware issues in a place that doesn't have patch
management and I'm looking to turn to a NAC to help bring the network
under control.....advice?

This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by
an expert with years of real pen testing experience.


Sent from my Verizon Wireless BlackBerry

This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]