Recommended network access control (NAC) tools

By Jack Wallen February 4, 2011, 3:28 AM PST

Image
1
of 9

Recommended network access control (NAC) tools

PacketFence configuration

ntAnother screenshot from the PacketFence NAC tool. This is one of the most important tabs in the interface as here you actually configure the various services and systems for PacketFence. Shown is the Trapping configuration. As you can see, I have the trapping configuration set up to trap all IP addresses on my 192.168.1.0 network. All network addresses on that scheme will be fed through this gateway and are required to register with PacketFence before they can access the external network.

PacketFence device discovery

ntIn this screenshot, you see the node listing which includes all devices found on my internal network. From this listing you can edit the information of each device which includes the ability to register a device. If a device is not registered, and you have registration enabled, that device will not be able to access the external network.

Cisco NAC login page

ntA much more familiar piece of software/equipment to the larger enterprise users will be the Cisco NAC Appliance. Here you see one of the screens for the process of creating a Login page so that users can register their machines. In this screen we are creating a hotspot for users for IP address 192.168.1.12. For the Cisco NAC login page you actually need to create the html page and then copy that page (as shown in this image) to /guest/www/html/sites/hotspot. That directory, of course, can change depending upon how you have your web server set up.

Cisco NAC Access Plan

ntAnother shot of the Cisco NAC. Here we set up the Access Plan for the hotspot we are creating. For this configuration you need to give it a name, configuration, select a time profile from the dropdown, Guest Role from the dropdown, and set a price (if applicable). Of course if there is no price associated with the plan set this at 0. The Cisco NAC is one of the more complex network access control tools you will find. It is also one of the most powerful available.

Dans Guardian configuration file

ntIf you’re looking for a very easy-to-install and configure proxy server, look no further than Dans Guardian. This FOSS software, available for many Linux distributions as well as various BSDs, Mac OSX, HP-UX, and Solaris, is one of the easiest proxy servers you will ever find. It is all hand-coded and runs very silently in the background. Once installed, you simply add the sites you want to ban and point your desktop machines to the IP address of the server hosting Dans Guardian. The configuration file (shown here) is /etc/dansguardian/dansguardian.conf.

Dans Guardian bannedsitelist

ntHere you see the bannedsitelist configuration file that is used to block specific sites with your proxy. This file is found in /etc/dansguardian/lists/ and can be edited using any text editor. In this screen I have it showing where you enter the specific domains you want to block. By default, the domain badboys.com is blocked. Remember, if you make changes to this file, restart dansguardian with a command similar to sudo /etc/rc.d/dansguardian restart.

Gnome Nanny

ntThe GNOME Nanny application is a very user-friendly, reliable way to control access to various web-based tools on a desktop machine. This tool is set up using the admin user rights and then put into place such that only users with the admin password can change any of the settings. With this tool you can block specific web sites and control what time of day (or how long) each of the configurable applications can be used (Web, Email, Instant Messaging). You can even control when and how long someone can use the computer.

OpenDNS

ntI have seen a significant uptick in clients, organizations, and businesses taking advantage of the amazing amount of controls offered to them thanks to OpenDNS. With one of the best filtering systems available, OpenDNS allows you to very specifically control what your employees can visit during work hours (or all hours or specific hours). Of course to get the best out of OpenDNS you will need to pay for either the OpenDNS Deluxe package or the OpenDNS Enterprise package. Visit the Start Page to see the difference in the packages.

WebContentControl GUI : Dans Guardian, Tiny Proxy, FireHol

ntThe WebContentControl GUI is a graphical frontend for controlling the proxy power-trio Dans Guardian, TinyProxy, and FireHol. With this tool you can get very granular with the configuration of the various tools. You can set up blacklists, whitelists, configure presets, start/stop daemons, read logs, block websites, add permissions for specific programs, and much more. You can also set this up on a per-user basis, so each user has different settings. If you need more power than what only one of these proxy servers gives you, nothing will make you feel like a Modern Day Warrior more than this power trio front end.

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen.

Account Information

Contact Jack Wallen

Your message has been sent
|
See all of Jack's content

Cybersecurity demands and the stakes of failing to properly secure systems and networks are high. While every organization’s specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks ...

In this guide from TechRepublic Premium we’re going to explore the various things you can do with a Linux server. We won’t leave out any steps, so you won’t have to refer to another tutorial to complete the process. The only step we will leave out is the installation of Linux, as we’ll assume you ...

If you want to deploy applications into a Kubernetes cluster, be warned — it’s not the easiest task. There are a lot of moving pieces that go into these scalable containers. Don’t you wish you had a complete roadmap, from start to finish, to walk you through the process of deploying the Kubernetes cluster, deploying ...