[unisog] Managed host based firewalls
Alexander Clouter
alex at digriz.org.uk
Tue Jun 16 23:01:26 GMT 2009
Brian Grime <bgrime at bgsu.edu> wrote:
>
> I have been asked by our windows server team to find a managed host
> based firewall that they can use that will at the least report back to
> a central server. They are not looking for a complete endpoint
> solution just a firewall to replace the windows firewall. Any
> suggestions?
>
Might work for you, but for our summer break I'm looking at deploying
per-port network switch ACL's. We have stacks of Cisco 3750's and
802.1X with mac-auth fallback authorising hosts onto the network. In
those RADIUS accept packets you can include firewalling ACL's (or apply
a default filter list).
Obviously that would be an OS-independent system, could be applied to
printers, etc etc and is centrally managed. Logging is obviously via
syslog which you probably are already logging anyway?
The limitation, it's an 'extended' access-list so not hugely stateful
but I think very flexible; just got to put my mind into ipchains-esque
thinking rather than iptables :)
Of course:
1) you need to be using 802.1X/mac-auth via RADIUS (if not you will be
stuck with static ACL's per port which makes management a pain)
2) only protects workstations on your network, not useful if you were
hoping to deal with firewall for laptops out in the field
Cheers
--
Alexander Clouter
.sigmonster says: Something's rotten in the state of Denmark.
-- Shakespeare
More information about the unisog
mailing list