|
Title: solution against vulnerability Post by: Hack_80 on October 27, 2009, 10:00:45 PM Hi,
I am facing challenges towards the vulnerability assessment. Most of the laptops which were not present in SNX since last few months are getting connected without any intimation to IT guys.They get the IP address as becos we have Radius implemented network. The only way i come to know thru vulnerability scanner. Can any one suggest the solution in such way the machine which is vulnerable should not get connected to network until the system is patched. We have windows 2003 & 2008 AD infrastructure and Cicso devices for networks. Kindly suggest any suitable solutions. Thanks Title: Re: solution against vulnerability Post by: Ketchup on October 28, 2009, 07:13:38 AM Not exactly what you are looking for, but you can think about using DHCP snooping and/or Port Security on the Cisco switches. It will not let you identify machines that are not patched, but it could force rogue laptop owners to have to check in with IT before being allowed to plug their devices in. This will create a headache to maintain.
I know there is VPN software that will prevent users from connecting without a certain patch level and security software in place. I would be curious to see if there is a LAN version of the same. Title: Re: solution against vulnerability Post by: ajohnson on October 28, 2009, 07:33:53 PM What client OS(es) are you using? You can use NPS and 802.1x with Server 2008 and Vista (or better): http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx
Title: Re: solution against vulnerability Post by: sgt_mjc on October 29, 2009, 09:03:13 AM Look at the Forfront Security Center from MS if you are looking to stick with an all MS solution. It can do the checking when a system logs in and send it to a remediation server if it finds patches missing.
http://www.microsoft.com/forefront/en/us/default.aspx
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |