- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Users can corral foreign wireless LAN clients trying to connect to corporate networks, and grant them limited access to specific resources, using new software from Aruba Wireless Networks and Sygate.
The Client Integrity Module software announced last week lets companies control wireless-LAN access by unmanaged WLAN clients, such as a notebook or PDA brought on-site by a supplier, contractor, salesperson or other visitor. If these foreign devices pass inspection, they can be given controlled access to specific resources. If they fail, they can be blocked or shunted to a quarantine site to get the needed anti-virus upgrades or security patches.
Aruba worked with Sygate to incorporate the Sygate On-Demand Agent into the Aruba switch operating system, linking the agent with Aruba's built-in stateful firewall. When the switch detects an unmanaged client, it can activate the client's Web browser and download the Sygate agent, which is about 500K bytes.
The agent scans the client, based on one or more policies created by an administrator. It can check for up-to-date anti-virus software from vendors such as McAfee, Norton and Trend Micro, for personal firewalls, for Windows XP patches and software updates, for specific system registry values, and even for specific files. The results of the scan are sent back to the switch. The switch can adjust the firewall settings, to control what the client can access, and download additional modules, such as a Sygate program that cleans browser and file caches.
Network administrators set up the system using a Sygate PC program, called On-Demand Manager, selecting the detailed information the agent is to check for such as the McAfee anti-virus software. The result is compiled into an XML file, which is then loaded on each Aruba switch in the wireless LAN. Separately, the administrator works on the designated Aruba master switch to set up the corresponding firewall policies. This process involves creating rules, such as "if the anti-virus check fails, redirect the client to the following location to get the latest anti-virus update."
The switch, using 802.1X authentication and Microsoft Group Policy Objects, can distinguish between managed clients, for example, a corporate notebook configured for the network, and an unmanaged client, such as an employee's personal notebook or PDA, according to Merwyn Andrade, Aruba's CTO.
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
Comment