Packet Fence v2.0.1

PacketFence is a Open Source network access control (NAC) system.

packetfence

Many of us are familiar with network access control systems. A Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define & implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.

What you can do with PacketFence :

• Block iPods wireless access
• Forbid rogue access points
• Perform compliance checks
• Eliminate Peer-to-Peer traffic
• Provide guest access
• Simplify VLAN management

PacketFence has very good advance features.

Registration

PacketFence supports an optional registration mechanism similar to “captive portal” solutions. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. The duration of a node registration can be a relative value (eg. “four weeks from first network access”) or an absolute date (eg. “Thu Jan 20 20:00:00 EST 2009″).

Detection of abnormal network activities

Abnormal network activities (computer virus, worms, spyware, etc.) can be detected using local and remote Snort sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.

Proactive vulnerability scans

Nessus vulnerability scans can be performed on a scheduled or ad-hoc basis. PacketFence correlates the Nessus vulnerability ID’s of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.

Isolation of problematic devices

PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors


Remediation through a captive portal
Once trapped, all HTTP, IMAP and POP sessions are terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with removal instructions for the particular infection he/she has.

802.1X

802.1X is supported through a FreeRADIUS module.

Wireless integration

PacketFence intregrates perfectly with wireless networks through a FreeRADIUS module. This allows you to secure your wired and wireless networks the same way.

DHCP fingerprinting

DHCP fingerprinting can be used to automatically register specific device types (eg. VoIP phones) and to disallow network access to other device types (eg. game consoles).


A good list of switches are also supported.


We have just started to test it in a test environment. Before the actual implementation, we will keep you updated and you can leave your comments .


Download PacketFence v2.0.1 (packetfence-2.0.1.tar.gz) here.

Continue Reading

How to Secure your Wireless Network:

Before to Drive a Truck, Lets learn how to drive, and Wats in it..!! Here are the few Terminologies, You shud know About Wireless networked systems..!! if u don understand this underlyin concepts, it lll be a hard time for u to guarding yo Wireless network..

 SSID: (Service Set Identifier) If u having a wireless router or modem the Hardware must have SSID(Like Namin a New born Baby, Yo can name ur Router How it wann be called ba others,But If u take any BSNL Connection Wi fi ASDL Modem Comes With SSID name May be second name of yo father) ,

Router has a

Device Burned With MAC &SSID Found in the Picture(WANADOO-02DB)
functionality that it can broadcast or stealth broadcast Which means if u scan for wireless networks u often find networks in Broadcast mode (I.e Tikona 1800 204 3333)Like that…In stealth Broadcast we cant identify the wireless network.. MODEM Don have this fuckin option, so that’s y weneva u scan any, u find some home networks modem range..but u can proceed only after Given SSID in the prompt box..!!


 WEP: (Wired Equivalence privacy) this Protocol givea Base level security for all wi fi vendors and system Can benefit from OSI Standardization effort..Tha fat ass option is one can Set in “ON” Or
“OFF”To use this…But Mostly all jerks n Geeks Forcibly set this “ON”

 WPA: (Wi Fi Protected Access) A security protocol tat was designed to secure Wireless Technology and To overcome the WEP Limitations..!! (WPA & WPA2 )

 TKIP: (Temporal Key Intergrity protocol) It’s a More secure version of WEP and it utilize the WPA For Network Security, It uses Some Diff kinda Algorithms than WEP, More trusted Encryption tunnels.(But trust me, most admin will not use this, But the Company Security policy wants to maintain diff security scheme for each heirerachy of the employes in the Org…Admins will deploy this feature)

MAC: (Media Access Control) Its used to get Multiple access in a Networked Environment,But MAC Address is a 12Digit Hexa decimal number that is associated with Network adapter, MAC Address is unique to each IP Address…(00-12-FA-WE-3R-TR) First 6 digits Says 00-12-FA Manufacturer Code Which say Network Adapter belongs to Whom, And next 6 digit Was assigned to unique Persons WE-3R-TR.

 DHCP : (Dynamic Host Configuration Protocol)  its one of the inbuilt features of Router..It services for the User who restarts the system, Generates the fresh IP address to them to frame the Device address in the network


Whether you are in Wired or wireless Environment..Yo are under Scan by some1 eye, TCP Monitor Or Any one Can use Sniffer tools like packetyzer to and can read your communication Coz all the transportations are not encrypted..

POSSIBLE ATTACKS: 

EAVESDROPPING (Installing Malicious tools and Make ur machine as a listener, And he hacker gets all packet information coz it was redirected by him to server)

DoS Attacks  Injecting Noise Or Interfrences in the wireless network Infinitely, Cause inturn Denial for particular service which tey Requested,Remember A Hacker Can Extract the SSID name of the network in Response to His ICMP Packets..This gives u a Glimpse of Dos Attacks

[i] 3 Scenarios about Yo And Ur SSID:
 Yes we can, Set the SSID Manually
 When yo Buy a Router it Burned With MAC Address, And SSID That is always as “default” name
 Manufacturer of Router Provides a methodology to change ur SSID To secure the Network, Follow that,And Change it With Mixed Alphas Like THIS(H4CK07IC)

[ii] WEP Encryption “TURN ON “ For GodSake..
WEP Encrytion is the standard Encryption scheme for all OSI Network Complicance Products, It comes With Encryption, But doesn’t” TURNED ON” Automatically, Do it And Change all the defaults in the Newly purchased Router..So yo have changed SSID, And Turned On WEP…. I Assume.

                                                                

This can be done by ntering your MAC Address into your Network access point devices.Doin this Ensures Great level of security..

[iv] DUMP THE DEFAULTS  Change all your defaults passwords.And keep this Security checklist With you…! Which also Includes Changing the Default Subnet that is 192.168.1.0

If you don’t experience routine changes in your network,once in a 3 months keep this checklist and review how your network security is Doing ! Such check ups not only help you to check its tampered or not , But help you to have a peace of mind that you all doing well By Showing ur middle finger Who tryina gain access..!!

Drop yo comments to interact !!

Continue Reading