- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Lockdown Networks plans to announce at Interop New York this week software for its network access control gear that pushes enforcement of security policies to unmanaged Layer 2 devices.
The new software version for its Enforcer appliance can enlist low-end switches and hubs to divert computers that fail to meet network security profiles to LAN segments where they can download software needed to bring them into compliance.
The devices scan each machine as it tries to log into the network for such things as properly patched operating systems and updated anti-virus software, for example.
The appliance has dramatically cleaned up student computers at the U.S. Merchant Marine Academy in Hunts Point, N.Y., says the school's CIO Howard Weiner. The security scans found more than 4,000 infections that could turn the roughly 1,000 student laptops into slaves on bot nets, he says. The appliance will help keep the network safe from these laptops, which accompany students on their year away at sea for the school. "They come back severely compromised," Weiner says.
The school also wants to protect confidential student information from being compromised, which in the academic community is similar to the financial community's worries about database exploits that steal credit card and Social Security numbers, he says. "We've been very worried about that," Weiner says.
Previously, Lockdown gear could enforce via managed switches, which meant that small switches that end users might install themselves on corporate networks could not enforce policies. With the new software, two Enforcer boxes can be tied together so that if one fails the other takes over as a means to boost reliability.
The software also supports more detailed policy settings so that Active Directory groupings can be incorporated into polices, for example. An individual's department could be used to determine what policy applies when he logs on. A medical doctor at a hospital might be authorized to reach patient information if his machine is up-to-date, but if not access might be restricted to Internet access and reading e-mail, for example.
With the new software, the devices can now scan each machine to ensure that personal firewalls and anti-spam applications are running before they area allowed admission to the network.
The new software is available now.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment