Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: Fabrikant

Voor het beveiligen van een netwerkomgeving kan onder andere een nac-systeem worden ingezet. Hiermee kunnen, op basis van vooraf ingestelde policies, automatisch netwerkapparaten worden geblokkeerd als zich een ongewenste situatie voordoet. Denk daarbij aan onbekende netwerkapparaten van bezoekers, een worm die zich probeert te verspreiden of een geautoriseerd apparaat dat via een bootflop of live-cd van een ander besturingssysteem is voorzien. PacketFence is zo'n nac-systeem, met ondersteuning voor 802.1x en vlan isolation, waarmee een netwerkapparaat na analyse in het juiste vlan kan worden geplaatst. Voor meer informatie verwijzen we naar deze pagina en naar het 32e [In]Secure Magazine, waarin een artikel over dit pakket is terug te vinden. De ontwikkelaars hebben versie 5.4.0 uitgebracht en voorzien van de volgende aankondiging:

PacketFence v5.4 released

The Inverse team is pleased to announce the immediate availability of PacketFence 5.4.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes in v5.4.0:

New Features:
  • PacketFence now supports SCEP integration with Microsoft's Network Device Enrollment Service during the device on-boarding process when using EAP-TLS
  • Improved integration with social media networks (email address lookups from Github and Facebook sources, kickbox.io support, etc.)
  • External HTTP authentication sources support which allows an HTTP-based external API to act as an authentication source to PacketFence
  • Introduced a 'packetfence_local' PKI provider to allow the use of locally generated TLS certificates to be used in a PKI provider / provisionner flow
  • New filtering engine for the portal profiles allowing complex rules to determine which portal will be displayed
  • Added the ability to define custom LDAP attributes in the configuration
  • Add the ability to create "administrative" or "authentication" purposes rules in authentication sources
  • Added support for Cisco SG300 switches
Enhancements:
  • RADIUS Diffie-Hellman key size has been increased to 2048 bits to prevent attacks such as Logjam
  • HAProxy TLS configuration has been restricted to modern ciphers
  • Improved error message in the profile management page
  • Allow precise error messages from the authentication source when providing invalid credentials on the captive portal
  • Aruba WiFi controllers now support wired RADIUS MAC authentication and 802.1X
  • Added Kickbox.io authentication source which can allow a new Null type source with email validation
  • Now redirecting to HTTP for devices that do not support self-signed certificates on the captive portal if needed
  • httpd.portal now serves static content directly (without going through Catalyst engine)
  • Introduction of a new configuration parameter (captive_portal.wispr_redirection) to allow enabling/disabling captive-portal WISPr redirection capabilities
  • File transfers through the webservices are now atomic to prevent corruption
  • New web API call to release all violations for a device
  • Added better error message propagation during a cluster synchronization
  • Added additional in-process caching for pfconfig proxied configuration
  • The server hostname is now displayed in the admin info box
  • Added a warning in the configurator when the user is configuring multiple interfaces in the same network
  • Added synchronization of the Fingerbank data in an active/active cluster
  • Client IP and MAC address are now available though direct variables in the captive portal templates
  • The IPlog can now be updated through RADIUS accounting
  • Devices in the registration VLAN may now be allowed to reach an Active Directory Server
  • Added an option to centralize deauthentication on the management node of an active/active cluster
  • Added the option to use only the management node as the DNS server in active/active clustering
  • Improved Ruckus ZoneDirector documentation regarding external captive portal
  • pfconfig daemon can now listen on an alternative unix socket
  • Improved handling of updating the /etc/sudoers file in packaging
  • Improved roles handling on AeroHive devices
Bug Fixes:
  • Fix case where status page links would be pointing to the wrong protocol (HTTP vs HTTPS)
  • set_unreg_date and set_access_duration actions now have the same priority when matching rule and actions (#816)
  • Fixes the database query hanging in the captive portal
  • The person attributes lookup will now be made on the stripped username if needed (#888)
  • Active/active load balancing will now be dispatched based on the Calling-Station-Id attribute.
  • Fix unaccessible portal preview when no internal network is defined (#790)
  • Fixed a case where the wrong portal profile can be instantiated on the first connection
  • Improved error message in the profile management page (#858)
  • Do not use the PacketFence multi-domain FreeRADIUS module unless there are domains configured in PacketFence (#868)
  • We now handle gracefully switches sending double Calling-Station-Id attributes (#864)
  • Prevent OMAPI from being configured on the DHCP server without a key (#851)
  • Switched to the memcached binary protocol to avoid memcached injection exploit
  • Fixed ipset error if the device switches from one inline network to another
  • Fixed wrong configuration parameters for redirect url (now a per-profile parameter)
  • Fix bug with validation of mandatory fields causing exceptions in signup
  • Made DHCP point DNS only on cluster IP if passthroughs are enabled in active/active clusters (#820)
  • Defined the maximum message size that SNMP get can return (fixes VOIP LLDP/CDP detection on switch stacks #738)
See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.
Moderatie-faq Wijzig weergave

Reacties (1)

De screenshots zijn een beetje verouderd, ze gebruiken nu een op bootstrap gebaseerde interface ;)

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True