I did a quick search on Cisco policy enforcement and apparently they have user agents available for Windows and Linux systems. You say Linux is exempt which could be for any number of reasons and if so, I would expect BSD to also be exempt but I would never count on consistency in policy from a college information services department.
The more recent of these systems have been designed to deal with firewalls and NAT with various degrees of success (hence the switch to user agents instead of network scans) but whether your friend could use a BSD firewall to protect his Windows system from detection depends on the details of what the college is implementing. I would think twice before attempting to disguise my Windows machine without more information. The use of external firewall devices is common enough however that trying it as a matter of course should be safe and unremarkable. pfsense or m0n0wall should at the minimum just look like any other external NAT/firewall device. On Mon, 16 Oct 2006 01:02:20 -0700, you wrote: >Hi everybody. >A friend of mine recently informed me that his college is going to be adding >some "policy enforcement" devices (Cisco brand) to their network that will >push Symantec Security software onto all computers on the campus network. If >your computer doesn't meet the policy, it is denied internet access. >Linux computers are exempt frm this for some reason (yeah *BSD != linux, I >know). >He doesn't want this Norton garbage pushed onto his PC, so he asked me if a >firewall like pfSense would stop this nonsense. However he says that the >machine must "look" like a Linux box to the campus "policy enforcement" device. > >My questions are: is pfSense immune to fingerprinting? Or can I alter the >values it reports back? >Also, do you think this would even work? (Would it trick the policy >enforcement and allow him access through it?) > >I ask because you are the experts. I no longer have the free time I once had >to research this myself (being a student also), so I am asking for the >knowledge that comes with experience in the field. > >I understand that this question is a little "out there" and highly off-topic; >my apologies if it belongs elsewhere. > >Thanks you very much in advanced. >-a Rossi
