Monitor Your Network with PacketFence - Supported Features
(Page 2 of 2 )
PacketFence refers to these features as the system’s “supported features.” According to the PacketFence website, this is what they are and how they work:
Out-of-band: PacketFence's operation is completely “out of band,” which allows the solution to scale geographically and to be more resilient to failures. So, when a consumer is using the correct technology (like port security), a single PacketFence server can secure hundreds of switches along with the thousands of nodes connected to them.
VoIP support: Also called IP Telephony (IPT), VoIP is a wide array of communication protocols and transmission technologies that deliver voice communications and multimedia over Internet Protocol (IP) networks, such as the Internet. In other words, its communications services such as voice, fax, text (or SMS), and/or voice-messaging applications are being transported via the Internet, as opposed to over a public telephone network. PacketFence has full VoIP support (even in heterogeneous environments) for multiple switch vendors, such as Cisco, Edge-Core, HP, LinkSys, Nortel Networks, and many, many others.
802.1X: 802.1X is a standard port-based Network Access Control (PNAC); it is part of a wider group of networking protocols. Essentially, it works to provide an authentication mechanism for devices attempting to attach to a LAN or WLAN. In the PacketFence system, wireless and wired 802.1X is supported through a FreeRADIUS module. In case you’re not familiar with the FreeRADIUS module, it is the most popular open source RADIUS server and the most widely-deployed RADIUS server in the world. The server is known to be incredibly fast, and is considered feature-rich and modular.
Wireless integration: According to PacketFence, the system perfectly integrates with wireless networks through the FreeRADIUS module. What this means is that it enables home users to secure their wired and wireless networks the same way, using the same user database and the same captive portal, which is believed to provide a more consistent user experience. According to the system’s creators, mixing Access Points (AP) vendors and Wireless Controllers is also supported.
Registration: According to the makers of PacketFence, the system also supports an optional registration mechanism very similar to "captive portal" solutions. The most common captive portal technique is forcing an HTTP client on a network to view a specific web page for authentication purposes before being able to use the Internet normally.
Essentially, a captive portal turns a web browser into an authentication device by intercepting every packet, no matter the port or address, until the user opens a browser and tries to access the Internet. PacketFence takes a slightly different and more convenient approach. According to the system site, contrary to most captive portal solutions, PacketFence remembers users who previously registered and will automatically give them access without another authentication.
If users are uncomfortable with this approach, this exact supported feature can be configured to different specifications. For example, an “Acceptable Use Policy” can be specified, making it so that users cannot enable network access without first accepting it.
Detection of abnormal network activities: Home users may not be familiar with the exact term “abnormal network activities,” but surely they’ve encountered everything that falls under its heading: computer viruses, worms, spyware, traffic denied by establishment policy, etc. All of these horribly inconvenient, common, and unsafe computer problems can be detected using local and remote Snort sensors.
To understand what a Snort sensor is, you must first have a grasp of NIDS, or Network Intrusion Detection Systems, which are an independent platform that identifies intrusions by examining network traffic. NIDS are able to gain access to network traffic by connecting to a network hub, network switch, or network tap. Sensors are located at choke points in the network being monitored, often at network borders. It is a sensor's job to capture all of the network traffic and analyze its individual packets for any malicious traffic that may be present.
This is where it all comes together: an example of a NIDS is a Snort sensor. So, the PacketFence system goes beyond simple detection by layering its own alerting and suppression mechanism on each alert type. According to the system’s site, this particular support feature is also configurable, enabling each set of actions for each violation to be available to network administrators.
Proactive vulnerability scans: When it comes to computer security, Nessus has become synonymous with safety. This is because it’s a comprehensive vulnerability scanning program that aims to detect potential vulnerabilities on systems. The PacketFence system provides Nessus vulnerability scans, which can be performed upon registration. They can also be scheduled or performed on an ad-hoc basis. According to the system’s website, PacketFence correlates the Nessus vulnerability IDs of each scan to the violation configuration. Then, it returns content-specific web pages pertaining to the vulnerabilities the host may have.
Isolation of problematic devices: According to the system’s website, PacketFence also supports several isolation techniques, including VLAN isolation with VoIP support -- even in heterogeneous environments -- for multiple switch vendors.
Remediation through a captive portal: This support feature works by trapping network traffic, and when this task is completed, the network traffic is terminated by the PacketFence system. Then, based on the nodes’ current status (which can be unregistered, open violation, etc), the user will be redirected to the appropriate URL. Should a violation occur for any reason, the user will be given specific instructions for that particular situation. According to PacketFence, instructions are given in this fashion as a way of reducing the often exorbitant cost of help desk intervention.
Command-line and Web-based management: According to PacketFence, the system provides web-based and command-line interfaces for all management tasks. Also important to note: the system’s web-based administration supports different permission-levels for users and authentication of users against Active Directory (AD).
Importance of PacketFence’s Registration System
We’ve covered nearly every useful aspect of PacketFence, except for the most important (arguably): its registration system. PacketFence does what many systems costing hundreds to thousands of dollars do, and it’s completely free to use. One of the major factors that make the system a fully viable solution for countless situations is its registration system.
What situations might those be? We touched on them earlier, but they’re worth repeating. PacketFence is so unique that the system is ideal for varied industries: corporations, cafes, institutions, small and large businesses, and home wireless networks. According to longtime Tech Republic writer Jack Wallen, “when the PacketFence registration system is in place, every network-enabled machine on a net will have to register before they can gain access to the outside world. Without registering, a machine will be blocked.” Obviously, this is incredibly useful for a business of any kind.
According to Wallen, the PacketFence registration system is similar to those found within proprietary systems like Bluesocket and NoCatAuth, and the authentication of users is based on HTTP authentication over SSL. This authentication can be handled with any of the models accepted by HTTP, such as LDAP, local, or RADIUS, which we discussed earlier. Setting up the PacketFence registration can be a little tricky, but for those interested in learning how to set it up using the simplest method – local, Wallen offers a tutorial on his Tech Republic blog.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |