|
List Info Thread: OT: authenticating users, was Re: SE Linux vs SE NetBSD !!
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
OT: authenticating users, was Re: SE Linux vs SE NetBSD !! |
|
List Info Thread: OT: authenticating users, was Re: SE Linux vs SE NetBSD !!
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
victoria.tc.ca> wrote:
> This is where things like Cisco's NAC (Network
Admission Control)
> comes into play. Basically, it prevents machines from
connecting to
> the network if they aren't running the latest patches,
anti-virus, etc.
> (whatever you put into your policy). It can either
block the machine
> completely or quarantine it in a subnet where it can
only get updates.
> There may be other products that do similar things, but
I'm not aware
> of any.
I think you could write this up in a script using nmap and
authpf.
> Of
> course, there is the issue of authenticating users and
making sure they
> don't try to fake the credentials of a different user.
I think some of
> the other options are better for that.
Yeah, well nowadays there's so many PCs relative to the
number of
users, and it's reasonable to assume one user per
workstation.
I think Kerberos is designed with this assumption.
Certainly
network security devices like firewalls are. A person with
physical access can probably get any other user's
privileges
anyway.
--
"If you're not part of the solution, you're part of
the precipitate."
Unix "guru" for rent or hire -><-