Re: Automatically Scan for unauthorised computers
- From: "Matthew X. Economou" <xenophon+usenet@xxxxxxxxxx>
- Date: 17 Dec 2007 11:09:47 -0500
"Simon" == Simon <simon@xxxxxxxxxx> writes:
Simon> Are there any 'automatic' applications to scan for
Simon> unauthorised machines, as random manual scans are ok but
Simon> not practical.
Both Nmap and Nessus can be run by a Windows Task Scheduler job. You
can even script the Nessus plug-in update. This still doesn't give
you real-time detection, but it does automate the scanning task
itself.
If you have McAfee's ePolicy Orchestrator, you can install a Rogue
System Sensor on your network. It detects systems by listening for
ARP "who has" broadcasts (limited to the broadcast domains to which
the sensor is directly connected), which gives you real-time detection
of any active device on the network.
You might be able to approximate McAfee's rogue system detection
feature with free tools such as WinDump or Snort.
If you have the right kinds of network infrastructure, you can create
multiple VLANs, with unauthorized devices going automatically into a
quarantine network. Unfortunately, this requires the sort of network
infrastructure that is out of the reach of most small businesses
(e.g., Cisco Catalyst switches capable of being VLAN membership policy
servers).
You could also take a look at IPSEC AH group policies, although that
might be difficult to implement or to maintain.
Best wishes,
Matthew
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
.
- References:
- Automatically Scan for unauthorised computers
- From: Simon
- Automatically Scan for unauthorised computers
- Prev by Date: Re: Remote Desktop to Vista Client
- Next by Date: Re: Network printer lost IP address
- Previous by thread: Automatically Scan for unauthorised computers
- Next by thread: Re: Remote workesrs mail (IMAP?)
- Index(es):
Relevant Pages
|
Loading
