Securing your network with PacketFence


 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements UNIX and Linux RSS News Securing your network with PacketFence
# 1  
Old 09-23-2008
Securing your network with PacketFence

09-23-2008 08:00 AM
Network access control (NAC) aims to unify endpoint security, system authentication, and security enforcement in a more intelligent network access solution than simple firewalls. NAC ensures that every workstation accessing the network conforms to a security policy and can take remedial actions on workstations if necessary. For example, NACs can check if a workstation has antivirus software installed and, if not, NAC will limit the workstation's access to the network. In some cases, if NAC is capable of remedial measures, it can force-install an antivirus program on the workstation so that it will conform to the security policy. Although NAC can improve the security of your environment, most commercial NACs cost several thousand dollars. However, using NAC does not need to be that expensive. PacketFence, a free open source NAC application, gives you the security of NAC for free.



Source...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
securenets(4)							   File Formats 						     securenets(4)

NAME
securenets - configuration file for NIS security SYNOPSIS
/var/yp/securenets DESCRIPTION
The /var/yp/securenets file defines the networks or hosts which are allowed access to information by the Network Information Service ("NIS"). The format of the file is as follows: o Lines beginning with the ``#'' character are treated as comments. o Otherwise, each line contains two fields separated by white space. The first field is a netmask, the second a network. o The netmask field may be either 255.255.255.255 (IPv4), ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (IPv6) , or the string ``host'' indi- cating that the second field is a specific host to be allowed access. Both ypserv(1M) and ypxfrd(1M) use the /var/yp/securenets file. The file is read when the ypserv(1M) and ypxfrd(1M) daemons begin. If /var/yp/securenets is present, ypserv(1M) and ypxfrd(1M) respond only to IP addresses in the range given. In order for a change in the /var/yp/securenets file to take effect, you must kill and restart any active daemons using ypstop(1M) and ypstart(1M). An important thing to note for all the examples below is that the server must be allowed to access itself. You accomplish this either by the server being part of a subnet that is allowed to access the server, or by adding an individual entry, as the following: hosts 127.0.0.1 EXAMPLES
Example 1: Access for Individual Entries If individual machines are to be give access, the entry could be: 255.255.255.255 192.9.1.20 or host 192.0.1.20 Example 2: Access for a Class C Network If access is to be given to an entire class C network, the entry could be: 255.255.255.0 192.9.1.0 Example 3: Access for a Class B Network The entry for access to a class B network could be: 255.255.0.0 9.9.0.0 Example 4: Access for an Invidual IPv6 Address Similarly, to allow access for an individual IPv6 address: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0::111:abba:ace0:fba5e:1 or host fec0::111:abba:ace0:fba5e:1 Example 5: Access for all IPv6 Addresses Starting with fe80 To allow access for all IPv6 addresses starting with fe80: ffff:: fe80:: FILES
/var/yp/securenets Configuration file for NIS security. SEE ALSO
ypserv(1M), ypstart(1M), ypstop(1M), ypxfrd(1M) NOTES
The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission. SunOS 5.10 26 Apr 1999 securenets(4)