PacketFence is a Open Source network access control (NAC) system.
Many of us are familiar with network access control systems. A Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define & implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
What you can do with PacketFence :
* Block iPods wireless access
* Forbid rogue access points
* Perform compliance checks
* Eliminate Peer-to-Peer traffic
* Provide guest access
* Simplify VLAN management
PacketFence has very good advance features.
PacketFence supports an optional registration mechanism similar to “captive portal” solutions. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. The duration of a node registration can be a relative value (eg. “four weeks from first network access”) or an absolute date (eg. “Thu Jan 20 20:00:00 EST 2009″).
Detection of abnormal network activities
Abnormal network activities (computer virus, worms, spyware, etc.) can be detected using local and remote Snort sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.
Proactive vulnerability scans
Nessus vulnerability scans can be performed on a scheduled or ad-hoc basis. PacketFence correlates the Nessus vulnerability ID’s of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.
Isolation of problematic devices
PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors
Remediation through a captive portal
Once trapped, all HTTP, IMAP and POP sessions are terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with removal instructions for the particular infection he/she has.
802.1X is supported through a FreeRADIUS module.
PacketFence intregrates perfectly with wireless networks through a FreeRADIUS module. This allows you to secure your wired and wireless networks the same way.
DHCP fingerprinting can be used to automatically register specific device types (eg. VoIP phones) and to disallow network access to other device types (eg. game consoles).
A good list of switches are also supported.
We have just started to test it in a test environment. Before the actual implementation, we will keep you updated and you can leave your comments In Forum.
Download PacketFence v2.0.1 (packetfence-2.0.1.tar.gz)Click here
This post was written by: Rishikesh
Rishikesh is a 17 years old part time blogger, web designer and front end web developer. Follow him on Twitter