Am Dienstag, 28. November 2006 11:11 schrieb Dev Anand: > Hi All , > > Is it possible to quarantine a system by placing it in different vlan > by OpenRadius ? > > If so can somebody guide me on the steps that can be tried . > > The situation is like this : > System already having an IP address , but found to be infected with a > virus-worm. > So it needs to be quarantined automatically . > > Thanks in advance, > -Deva
It is possible to setup the NAS (Switch) to adjust VLANs according to user or computer. But you have to introduce authentication via EAP or MAC address based auth to do this. But there is another problem: How do you tell FR which system to be put into a quarantaine VLAN? Manually? You would have to install some kind of agent on all machines which test the machine for integrity and tell FR about the result. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42
pgp0x2Tea5blg.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
