Your first question about a landing page is essentially the captive portal
already available in packetfence. It is completely customizable.
Your next question is also already addressed. You will want to use Nessus or
OpenVAS. Both are excellent tools with Nessus being the gold standard in its
field. That field being vulnerability assessment.
Here is where some people will muddy the waters.
The NAC people will call what you are looking for, Network Posture Assessment,
or NAP if you are in the MS world. Why they felt the need to re-arrange the
letters I will never know. However, for true NPA you need a client on the host
that reports back to the mother ship what it finds.
That is great in an environment where you control the endpoint (IE: you own the
client HW, etc.) however, in a BYOD environment a client on the host is replete
with issues.
It is implicitly true in any system that the mother ship MUST trust the client.
Clients can be spoofed, fooled, made to lie, and impersonated all without the
NAC system's knowledge.
I do not trust any info I get from a system that I do now own, why would I
want to put my security in the hands of someone who is capable and willing to
lie to me?
This is where vulnerability assessment is preferable to NPA. VA scanners tell
me exactly what my clients are vulnerable to and can give info on how to patch
/ fix the problems. The client CANNOT lie since the scan is external to them.
OpenVAS and Nessus both integrate well with PF and (through PF) can present
the user with remediation pages giving them info on how to fix the issue(s) and
give them the option to rescan.
Best part? OpenVAS = free (as in beer). Also, if you are a non-profit or
educational entity Nessus will give you a single professional license for free.
Hope that helps.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
From: Josh Bitto [mailto:[email protected]]
Sent: Saturday, April 27, 2013 4:12 PM
To: [email protected]
Subject: [PacketFence-users] Options for Packetfence
Hello,
I'm diving into packetfence to see if this will be a viable solution for our
organization. I had a couple of questions that maybe someone could answer that
I can't seem to find or may have overlooked. I understand the basic concept of
unregistered devices going into a certain vlan and quarantined going in another
and so forth.
What I'm looking for is maybe a user friendly help page for users when they are
confronted for the first time with trying to get onto the network. Maybe a
webpage or notification about getting access to the network and the steps in
order to do that.
The other question I had is......is there a way to have packetfence evaluate
the device to match it up to a standard that can be set and inform the user
that this device either meets the policies set by IT admin's or letting them
know that they need either AV or updates...etc...
To kind of dumb it down...I want a user to be able to come on site....try to
connect to a guest vlan......packetfence screen the device for a set standard
of security....let the user know "hey you need to do updates" or "hey you have
some problems with your machine meeting our standards" to "hey you have met all
requirements follow these steps to obtain internet access.....
I'm trying to get away with having to create a lot of headache for the IT
department to be the middle man with users that only come on site maybe a
handful of times throughout the year. Which for a private school is the case.
We have a byod for our regular students, but the byod is becoming more of a
trend that we have to adapt to.
/end rant...
Joshua Bitto
Information Technologist
KCC
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
