linux poison RSS
linux poison Email

Protect your network from worms - PacketFence

If your network is a breeding ground for worms, PacketFence is for you. If you have no idea who connects to your network and who owns a particular computer, PacketFence is for you. If you have no way of mapping a network policy violation to a user, PacketFence is for you

PacketFence is a Free and Open Source network access control (NAC) system. PacketFence is actively maintained and has been deployed in numerous large-scale institutions over the past years. It can be used to effectively secure networks - from small to very large heterogeneous networks.

PacketFence is an open-source network access control (NAC) system which provides an impressive list of supported features. Among them, there are:

PacketFence supports an optional registration mechanism similar to "captive portal" solutions. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. The duration of a node registration can be a relative value (eg. "four weeks from first network access") or an absolute date (eg. "Thu Jan 20 20:00:00 EST 2009").

Detection of abnormal network activities
Abnormal network activities (computer virus, worms, spyware, etc.) can be detected using local and remote Snort sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.

Proactive vulnerability scans
Nessus vulnerability scans can be performed on a scheduled or ad-hoc basis. PacketFence correlates the Nessus vulnerability ID's of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.

Isolation of problematic devices
PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors

Remediation through a captive portal
Once trapped, all HTTP, IMAP and POP sessions are terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with removal instructions for the particular infection he/she has.
    * 802.1X
      802.1X is supported through a FreeRADIUS [External] module.

Wireless integration
PacketFence intregrates perfectly with wireless networks through a FreeRADIUS module. This allows you to secure your wired and wireless networks the same way.

DHCP fingerprinting
DHCP fingerprinting can be used to automatically register specific device types (eg. VoIP phones) and to disallow network access to other device types (eg. game consoles).

RHEL/CentOS user can use rpm file to install - here

Others can use the tar file - here
untar the source file: tar -zxvf packetfence-1.8.2.tar.gz
Compile the source: ./


Post a Comment

Related Posts with Thumbnails