Security

Recommended network access control (NAC) tools

By // February 4, 2011, 4:10 AM PST // jlwallen

Image 1 of 10

  • PacketFence Adminstration tab

    PacketFence is one of the strongest, most flexible, and easy to administer network access control software stacks you will find coming from the FOSS community. Here you see the Administration tab from within the web-interface. From here you can see, first hand, what services are running or stopped. You can start, stop, or restart each service from this interface. This installation was done on a CentOS 5.0 distribution. If you're looking to install PacketFence, I highly recommend CentOS as your target distro.

  • PacketFence configuration

    Another screenshot from the PacketFence NAC tool. This is one of the most important tabs in the interface as here you actually configure the various services and systems for PacketFence. Shown is the Trapping configuration. As you can see, I have the trapping configuration set up to trap all IP addresses on my 192.168.1.0 network. All network addresses on that scheme will be fed through this gateway and are required to register with PacketFence before they can access the external network.

  • PacketFence device discovery

    In this screenshot, you see the node listing which includes all devices found on my internal network. From this listing you can edit the information of each device which includes the ability to register a device. If a device is not registered, and you have registration enabled, that device will not be able to access the external network.

  • Cisco NAC login page

    A much more familiar piece of software/equipment to the larger enterprise users will be the Cisco NAC Appliance. Here you see one of the screens for the process of creating a Login page so that users can register their machines. In this screen we are creating a hotspot for users for IP address 192.168.1.12. For the Cisco NAC login page you actually need to create the html page and then copy that page (as shown in this image) to /guest/www/html/sites/hotspot. That directory, of course, can change depending upon how you have your web server set up.

  • Cisco NAC Access Plan

    Another shot of the Cisco NAC. Here we set up the Access Plan for the hotspot we are creating.  For this configuration you need to give it a name, configuration, select a time profile from the dropdown, Guest Role from the dropdown, and set a price (if applicable). Of course if there is no price associated with the plan set this at 0. The Cisco NAC is one of the more complex network access control tools you will find. It is also one of the most powerful available.

  • Dans Guardian configuration file

    If you're looking for a very easy-to-install and configure proxy server, look no further than Dans Guardian. This FOSS software, available for many Linux distributions as well as various BSDs, Mac OSX, HP-UX, and Solaris, is one of the easiest proxy servers you will ever find. It is all hand-coded and runs very silently in the background. Once installed, you simply add the sites you want to ban and point your desktop machines to the IP address of the server hosting Dans Guardian. The configuration file (shown here) is /etc/dansguardian/dansguardian.conf.

  • Dans Guardian bannedsitelist

    Here you see the bannedsitelist configuration file that is used to block specific sites with your proxy. This file is found in /etc/dansguardian/lists/ and can be edited using any text editor. In this screen I have it showing where you enter the specific domains you want to block. By default, the domain badboys.com is blocked. Remember, if you make changes to this file, restart dansguardian with a command similar to sudo /etc/rc.d/dansguardian restart.

  • Gnome Nanny

    The GNOME Nanny application is a very user-friendly, reliable way to control access to various web-based tools on a desktop machine. This tool is set up using the admin user rights and then put into place such that only users with the admin password can change any of the settings. With this tool you can block specific web sites and control what time of day (or how long) each of the configurable applications can be used (Web, Email, Instant Messaging). You can even control when and how long someone can use the computer.

  • OpenDNS

    I have seen a significant uptick in clients, organizations, and businesses taking advantage of the amazing amount of controls offered to them thanks to OpenDNS. With one of the best filtering systems available, OpenDNS allows you to very specifically control what your employees can visit during work hours (or all hours or specific hours). Of course to get the best out of OpenDNS you will need to pay for either the OpenDNS Deluxe package or the OpenDNS Enterprise package. Visit the Start Page to see the difference in the packages.

  • WebContentControl GUI : Dans Guardian, Tiny Proxy, FireHol

    The WebContentControl GUI is a graphical frontend for controlling the proxy power-trio Dans Guardian, TinyProxy, and FireHol. With this tool you can get very granular with the configuration of the various tools. You can set up blacklists, whitelists, configure presets, start/stop daemons, read logs, block websites, add permissions for specific programs, and much more. You can also set this up on a per-user basis, so each user has different settings. If you need more power than what only one of these proxy servers gives you, nothing will make you feel like a Modern Day Warrior more than this power trio front end.

PacketFence Adminstration tab

PacketFence is one of the strongest, most flexible, and easy to administer network access control software stacks you will find coming from the FOSS community. Here you see the Administration tab from within the web-interface. From here you can see, first hand, what services are running or stopped. You can start, stop, or restart each service from this interface. This installation was done on a CentOS 5.0 distribution. If you're looking to install PacketFence, I highly recommend CentOS as your target distro.

Related Topics:

Security Software CXO Hardware Mobility Data Centers Cloud

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.