This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- RE: WLAN Authentication based on Client Status wit...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
WLAN Authentication based on Client Status with Kaspersky Endpoint orchestration server
WLAN Authentication based on Client Status with Kaspersky Endpoint orchestration server
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-04-2016 09:11 AM
Currently WLAN Authentication is based on the Microsoft Active Directory computer-account. This works well and guarantees that only company own notebooks are connected to our WLAN network. We use Extreme wireless (identify) and Extreme Control (NAC Gateway + Netsight ADV).
Now we want to enhance that authentication mechanism regarding the anti-virus (update) status. Some road-warriors are not able to update the local antivirus pattern if the are on the road around the globe. We have some problems with virus polluted notebooks.
So we want to depend the successfull WLAN connection additionally with the status of the client within our enterprise antivirus solution (Kaspersky Endpoint-Security 10). Only if the client have current av patterns or the server tell us a complaint (good) state the client should be able to connect to wlan. Otherwise the client should be move over to a quarantine network which have the possibility to update and scan the client. After this process is successfull the client should move to the normal enterprise network. It was very usefull that the client get some information about the current state during the remediation process.
So i am interesseted how can i connect the NAC Gateway with Kaspersky Server - Netsight API (Fusion / OneFabic Connect). And how can i inform the client during remediation process.
Are there some experience how i can achieve this goal ? Maybe especially also with Kaspersky Endpoint Security?
Now we want to enhance that authentication mechanism regarding the anti-virus (update) status. Some road-warriors are not able to update the local antivirus pattern if the are on the road around the globe. We have some problems with virus polluted notebooks.
So we want to depend the successfull WLAN connection additionally with the status of the client within our enterprise antivirus solution (Kaspersky Endpoint-Security 10). Only if the client have current av patterns or the server tell us a complaint (good) state the client should be able to connect to wlan. Otherwise the client should be move over to a quarantine network which have the possibility to update and scan the client. After this process is successfull the client should move to the normal enterprise network. It was very usefull that the client get some information about the current state during the remediation process.
So i am interesseted how can i connect the NAC Gateway with Kaspersky Server - Netsight API (Fusion / OneFabic Connect). And how can i inform the client during remediation process.
Are there some experience how i can achieve this goal ? Maybe especially also with Kaspersky Endpoint Security?
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-26-2016 12:44 PM
Hi Ryan,
you are right but one big disadvantage is that during the NAC authentication i do not know the status of the client so i have to allow an unkown client access to my network. Only after that i can get the needed information. Because network login need a lot of access (to Active Directory, file servers, mails servers etc) in a worst case scenario have allow the bad guiy to my network.
So having these information via NAC API from the Kaspersky Server immediately during NAC Authentication it will be more safe.
Regards
you are right but one big disadvantage is that during the NAC authentication i do not know the status of the client so i have to allow an unkown client access to my network. Only after that i can get the needed information. Because network login need a lot of access (to Active Directory, file servers, mails servers etc) in a worst case scenario have allow the bad guiy to my network.
So having these information via NAC API from the Kaspersky Server immediately during NAC Authentication it will be more safe.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-23-2016 05:16 PM
Hello Matthias,
It sounds like you may have use for the Extreme NAC Agent and an assessment implementation. The Extreme NAC Agent should be able to do exactly what you are looking to do.
The Agent has the ability to check into the Microsoft Security Center to determine what AV is running, and the last time it was updated. You can configure the assessment tests to quarantine an end system if they do not have AV, or if it hasn't been updated and the solution also allows you to configure self-remediation so the user is informed of their infractions and can remedy and re-attempt network access once updated.
The NetSight/NAC solution does not currently have an API integration with Kaspersky, so I'm thinking that agent based assessment is the best option.
Thanks
-Ryan
It sounds like you may have use for the Extreme NAC Agent and an assessment implementation. The Extreme NAC Agent should be able to do exactly what you are looking to do.
The Agent has the ability to check into the Microsoft Security Center to determine what AV is running, and the last time it was updated. You can configure the assessment tests to quarantine an end system if they do not have AV, or if it hasn't been updated and the solution also allows you to configure self-remediation so the user is informed of their infractions and can remedy and re-attempt network access once updated.
The NetSight/NAC solution does not currently have an API integration with Kaspersky, so I'm thinking that agent based assessment is the best option.
Thanks
-Ryan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-04-2016 09:12 AM
Is it possible to connect via API to Microsoft WSUS Server to get the client status regarding OS Updates ?
