Use open-source NAC to prevent unauthorized Network Access

Use open-source NAC to prevent unauthorized Network Access

Use open-source NAC to prevent unauthorized Network Access

In the traditional method, in order to prevent external devices from accessing the enterprise network, you can set the IP-MAC binding method on the switch to make external devices unable to access the network, the following will introduce two open source NAC tools, they have more user-friendly management.

1. Introduction to PacketFence

PacketFence is an open-source network access control software. It uses NESSUS to scan network node computers for vulnerabilities to detect security risks in devices. Once the security risks in node computers are determined, this terminal will be banned from accessing the target network. PacketFence also uses the SNORT sensor to detect attack activities from the network and give corresponding warnings. PacketFence supports VLAN settings for network management Switches of many vendors and blocks insecure terminals from accessing the network by dividing different VLANs, these supported vswitches include network management switches manufactured by H3C, Cisco, DELL, and other vendors. PacketFence provides 802.1X wireless support through the FreeRADIUS module, providing us with the same security control method as wired networks. In terms of management, we can manage it through the WEB and command line interfaces. These management functions can fully meet the network access control needs of most SMEs. PacketFence can be run in RHEL, CentOS Linux, and Debian systems. We can download its Binary Package for installation, or download its integrated vmwarevm file for direct use, you can download the live CD (Latest Version 5.6.0) file from http://www.packetfence.org/download/zen.html, and put it on a USB flash drive to start the system.

Hardware configuration: for common servers, two high-performance gigabit NICs are required (one Nic is used to connect to the console, and the other Nic is used to collect information to connect to the SPAN port of the switch). The requirement for a switch is a network management switch. Access the WEB interface: https: // ip: 1443/

2. PacketFence deployment

The deployment of PacketFence is the same as that of the IDS system. You can use the bypass method to access the network, that is, the bypass access method through the SPAN port. Another method is to connect the PacketFence to the firewall, which may cause single point of failure, therefore, we recommend that you connect to the access network through a bypass.

This figure clearly shows the detailed information of the illegal access point.

Example: Operating System distribution information

Example: Packetence logs

3. FreeNAC

FreeNAC is also an open-source free NAC software. It also provides VLAN division for switches and uses MAC addresses to specify dynamic VLANs for computer terminals, this provides access control for various resources in the LAN. FreeNAC can control access to servers, workstations, printers, and IP addresses in the LAN. FreeNAC can automatically discover various terminals in the network, provide support for 802.1x and Cisco VMPS port security modules, and also provide system patch package distribution and other functions. However, although FreeNAC provides support for non-Network-managed switches, the use of non-Network-managed switches will greatly compromise its NAC function. Therefore, if you want to use all of its NAC functions, it is best to use vswitches that support VMPS. To use cisco's VMPS function, it is best to use a Cisco Network Management Switch that supports VMPS.

This article from the Unix/Linux Network Log Analysis and traffic monitoring book, the book reviews http://item.jd.com/11582561.html