Re: Firewall with MAC address ACL that is dynamic
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Firewall with MAC address ACL that is dynamic

From: Mark <nothere@notthere.com>
Date: Fri Sep 30 2005 - 04:23:04 CEST



"bjriffel@ho__tmail.com" <bjriffel@hotmail.com> wrote in message 


news:1127925275.618407.237510@g14g2000cwa.googlegroups.com...


> Any input is appreciated!


>


> We are a small college in Kansas and need a way to force our users in


> the dormitories to install our McAfee VirusScan software.  We won't be


> able to physically install it, or put them into a domain.  Here is our


> plan so far.


>


> We have created a silent install of VirusScan that runs a batch file


> after completion.  This batch file records the computer's MAC address


> to a text file on a remote server.  This server has a python script


> that running frequently that can format the text file to our liking.


>


> What we'd like is when the user first plugs in to our network and tries


> to access a web site, they will get a default page (similar to what


> most hotels have).  This page will welcome them to our network and


> provide a link to install the University supplied antivirus software.


> After they approve the installation popups from their browser, they


> would then have antivirus silently installed in the background.  Their


> computer would then automatically restart (via the batch file after


> installation).


>


> Now that their MAC address is in the text file on our server, we need


> to allow them external network access.  I've spoke with several people


> about how to do this, but I'd really like more advice from others.


>


> Right now our network looks like this:


>


> 4 T1's providing internet access to the "student network"


> 1 Tasman 1400 router (which is also the CSU for the T1's I think)


> 1 Cisco PIX 506E


> Several Cisco 2900 series switches providing the network infrastructure


> and a Windows 2000 DHCP server (which could also be a IIS web server)


>


> We are prepared to build a new box to act as a proxy, firewall, or


> router, which ever is needed.  I'm not picky as to whether it is Linux


> or Widnows.


>


> We have a limited budget (almost $0).


>


> If we can somehow get the PIX or tasman to redirect all trafic not


> comming from MACs on our list to the web server with the download link,


> then allow all traffic that IS on the MAC list, that would be perfect.


> We just don't know how to set up a ACL or something that checks an


> external list.


>



Sonicwalls will enforce AV compliance (as well updated-ness) through they're 


rebadged version of McAfee Virusscan ASAP. 


Received on Sat Oct 15 04:35:34 2005