HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 53 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow solution against vulnerability
EH-Net
May 25, 2012, 02:26:33 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: solution against vulnerability  (Read 3304 times)
0 Members and 1 Guest are viewing this topic.
Hack_80
Jr. Member
**
Offline Offline

Posts: 59


Black buck


View Profile
« on: October 27, 2009, 10:00:45 PM »
Hi,
 I am facing challenges towards the vulnerability assessment. Most of the laptops which were not present in SNX since last few months are getting connected without any intimation to IT guys.They get the IP address as becos we have Radius implemented network. The only way i come to know thru vulnerability scanner.
Can any one suggest the solution in such way the machine which is vulnerable should not get connected to network until the system is patched. We have windows 2003 & 2008 AD infrastructure and Cicso devices for networks.
Kindly suggest any suitable solutions.

Thanks
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #1 on: October 28, 2009, 07:13:38 AM »
Not exactly what you are looking for, but you can think about using DHCP snooping and/or Port Security on the Cisco switches.   It will not let you identify machines that are not patched, but it could force rogue laptop owners to have to check in with IT before being allowed to plug their devices in.  This will create a headache to maintain.

I know there is VPN software that will prevent users from connecting without a certain patch level and security software in place.  I would be curious to see if there is a LAN version of the same.   
Logged
~~~~~~~~~~~~~~
Ketchup
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 650


aka dynamik


View Profile WWW
« Reply #2 on: October 28, 2009, 07:33:53 PM »
What client OS(es) are you using? You can use NPS and 802.1x with Server 2008 and Vista (or better): http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx
Logged
WIP: OSCP | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #3 on: October 29, 2009, 09:03:13 AM »
Look at the Forfront Security Center from MS if you are looking to stick with an all MS solution.  It can do the checking when a system logs in and send it to a remediation server if it finds patches missing.

http://www.microsoft.com/forefront/en/us/default.aspx
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 5.116 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.