DarkFoon wrote:
Hi everybody.
A friend of mine recently informed me that his college is going to be
adding some "policy enforcement" devices (Cisco brand) to their
network that will push Symantec Security software onto all computers
on the campus network. If your computer doesn't meet the policy, it is
denied internet access.
Linux computers are exempt frm this for some reason (yeah *BSD !=
linux, I know).
He doesn't want this Norton garbage pushed onto his PC, so he asked me
if a firewall like pfSense would stop this nonsense. However he says
that the machine must "look" like a Linux box to the campus "policy
enforcement" device.
My questions are: is pfSense immune to fingerprinting? Or can I alter
the values it reports back?
Also, do you think this would even work? (Would it trick the policy
enforcement and allow him access through it?)
The policy-enforcement probably only works with either some kind of
agent allready installed on the PC or via Windows Group Policies forcing
the installation of such an agent.
It's impossible to to fool such a system, IMO.
Maybe also some kind of captive portal that checks for the existence of
the above.
Then, with a bridged pfSense, you might be able do it.
I ask because you are the experts. I no longer have the free time I
once had to research this myself (being a student also), so I am
asking for the knowledge that comes with experience in the field.
Trying to circumvent the policy is not a good idea. He should be
positively sure that he can get away with it (e.g. because he "can't" be
fired).
cheers,
Rainer
