December 10, 2016

PacketFence 3.1.0 Add New Features and Support for CentOS 6.2

(LiveHacking.Com) – Version 3.1.0 of PacketFence, the open source network access control (NAC) solution, has been released with new features, new hardware support, enhancements, bug fixes and updated translations. PacketFence allows network administrators to control access to the network based on defined policies. PacketFence includes a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner.

New features include the detection of rogue DHCP Servers, wireless profile provisioning for iPhone, iPods, and iPads devices and new graphs in the web admin UI. Enchantments include startup performance improvements, performance improvements to pfdhcplistener, CentOS 6.2 support and better support of WISPr (captive portal detection).

For more information read the release announcement. PacketFence 3.1.0 can be downloaded as source or packages for RHEL/CentOS 5 and 6 from here.

PacketFence 3 Adds New Hardware Support Plus New Features

(LiveHacking.Com) – A new major, production ready, version of PacketFence has been released. The new release brings new hardware support, several new features, various enhancements, and many important bug fixes.

PacketFence 3.0 is a free and open source network access control (NAC) solution, that allows network administrators to control access to the network based on defined policies. PacketFence includes a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner.

In version 3.0, the captive portal has been redesigned and complete guest management, including self-registration of devices by email activation or SMS and pre-registered guest creation by administrators, has been added. Also support for RedHat Enterprise Linux 6 / CentOS 6 support and Snort 2.9.x has been added.

The new hardware supported includes:

  • Avaya/Nortel switches now support the floating network device feature
  • Avaya Wireless Controller support
  • Dlink DWL Access-Point support
  • LG-Ericsson iPecs 4500 support for port-security and MAC Authentication / 802.1X
  • Netgear FGS Series support for port-security
More details about the release can be found in the release announcement and in the change log. It can be downloaded as source and as RPMs for RHEL6 or CentOS 6.

PacketFence 1.9.1 released

[ad code=6 align=left]
PacketFence 1.9.1 released, this release is considered ready for production use. PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system.

Here are the noteworthy changes since 1.9.0.

New Hardware Support

  • Extreme XOS Port Security (MAC address lockdown) and Voice over IP support (feature sponsored by Extreme Networks)
  • Nortel ERS 2500 Series Port security and Voice over IP support

New Features

  • Basic Access Control in the Web Administration interface (#965, Thanks to eSubnet Enterprises for their initial contribution)
  • New parameters in switches.conf to manage Web Services enabled switches

Enhancements

  • Captive portal performance improvements. Up to 23x on some workloads (#879)
  • More than 35 new DHCP fingerprints (Thanks to Eric Kollmann and Sam Winottai!)
  • Improved Nessus failed scan error reporting (partial fix for #1032)
  • Better error reporting on Cisco ISR 1800
  • Added some documentation for Cisco (2960, 3550) and Aruba in the SNMP modules
  • Documented performance optimization regarding blocking non-browser requests in the captive portal (#1072)
  • Avoiding unnecessary load where a lot of non-trap violation are used (#857)
  • Updated (for clarification purpose) documentation for Cisco stacked and 4500 Series switches. (#1037)
  • Error handling and error messages improvements (#1052)
  • Updated documentation for FreeRadius 1.x and added some for 2.x. (#1036)

Bug fixes

  • Node categories related fixes (#1063, #1056)
  • Deleting a node no longer breaks paging in Web Admin (#1055)
  • Max number of node per user is enforced more consistently (#1057)
  • RPM packaging fixes (#1047)
  • Misc fixes (#1068)

Source: [http://www.packetfence.org/news/2010/article/packetfence-191-released.html]

[ad code=2 align=center]

DecaffeinatID: A Very Simple IDS / Log Watching Application / ARPWatch For Windows

Adrian Crenshaw from Irongeek.com developed a utility to monitor Address Resolution Protocol (ARP) in Windows OS to detect ARP related attacks.

According to the project website, DecaffeinatID is a simple application that acts as an Intrusion Detection System to notify the user whenever other users at their local Wi-Fi hotspot/ LAN are up to the kind of “reindeer games” that often happen at coffee shops and public places.

DecaffeinatID watches the Windows logs for three types of activities such as:

  • New or changed ARP table entries
  • New events in security log
  • New events in the firewall log

DecaffeinatID is Microsoft Windows XP SP2 and Vista compatible.

Visit the project page here.

Download DecaffeinatID from: http://irongeek.com/downloads/decaffeinatid0.09.zip

Razorback: Open Source Framework for Deep Data Packet Inspection

Sourcefire released a new open source framework for deep data packet inspection.

Razorback (formerly known as Near Real-Time Detection) enables users to collect, analyze and store threat data from different technologies and vendors. Therefore, they can implement customized enterprise- and threat-specific detection and remediation.

With reference to Securityweek.com, Razorback is designed to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Razorback (IDR) processes using custom built and existing security tools such as anti-virus, IDS, gateways, email, etc.

IDR allows users to utilize the information learned about specific attackers back into their security infrastructure for a customizable response. Razorback provides deep analysis and reporting by storing pieces of data identified that could indicate a compromise or attack and specifically highlights the components of that data which cause the system to trigger an alert.

Razorback is available for free and can be downloaded at: http://labs.snort.org/razorback