Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: PacketFence 7.0.0

Voor het beveiligen van een netwerkomgeving kan onder andere een nac-systeem worden ingezet. Hiermee kunnen, op basis van vooraf ingestelde policies, automatisch netwerkapparaten worden geblokkeerd als zich een ongewenste situatie voordoet. Denk daarbij aan onbekende netwerkapparaten van bezoekers, een worm die zich probeert te verspreiden of een geautoriseerd apparaat dat via een bootflop of live-cd van een ander besturingssysteem is voorzien. PacketFence is zo'n nac-systeem, met ondersteuning voor 802.1x en vlan isolation, waarmee een netwerkapparaat na analyse in het juiste vlan kan worden geplaatst. Voor meer informatie verwijzen we naar deze pagina en naar het 32e [In]Secure Magazine, waarin een artikel over dit pakket is terug te vinden. De ontwikkelaars hebben versie 7.0.0 uitgebracht, met de volgende veranderingen:

PacketFence v7.0 released

The Inverse team is pleased to announce the immediate availability of PacketFence v7.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised. Here are the changes included in this release:

New Features:
  • Added provisioning support for SentinelOne
  • Added MariaDB Galera cluster support
  • All services are now handled by systemd
  • IPv6 network stack in PacketFence
  • New Golang-based HTTP dispatcher
  • New Golang-based pfsso service to handle the firewall SSO requests
  • Revamped Web administration interface
  • SNMP traps are now handled in pfqueue
  • Added the ability to grant CLI write access for Extreme Networks switches
  • Added a distributed cache for the accounting information to safely disable the SQL accounting records in active/active clusters
  • Reduced the number of ipset calls when adding ports for Active Directory
  • pfmon tasks have their own configuration file
  • new command "pfcmd pfmon" - for running pfmon tasks via pfcmd
  • CentOS repositories (packetfence and packetfence-devel) packages are now signed
  • Added way to unregister devices that were inactive for a certain amount of time (maintenance.node_unreg_window)
  • Added a new last_seen column to nodes table to track their last activity (Authentication, HTTP portal, DHCP)
  • Delete nodes based on the new last_seen column instead of looking at the last DHCP packet
  • iplog: Floored lease time for "tolerance"
  • Can now restart the switchport where a node is connected from the administration interface
  • Added interface description to location entries
  • New pffilter filtering engine
  • Ability to manage multiple "active" endpoints behind a single switchport
  • pfdhcplistner now runs as a master-worker style service
  • Added a winbindd wrapper for the PacketFence managed winbindd processes
  • Added a caddy middleware for rate limiting the concurrent connections
  • Updated the Ruckus SmartZone module to use the most recent webauth technique available
  • Added vsys support for PaloAlto firewall SSO modules
  • Portal Profile has been renamed to Connection Profile
  • Moved common flows / process of DHCP processors in base class
  • Removed PacketFence-Authorization-Status attribute from the RADIUS replies to prevent RADIUS replies from being discarded due to an unknown attribute
  • Added option to fetch users one by one in the NTLM cache instead of all together
  • New parallel testing infrastructure
  • Roles are now stored in a configuration file for easier backup and management
  • Tightened up HAproxy's SSL termination security
  • Tightened up Apache's encryption security by requiring TLS v1.2 support only and restricted cipher suites
  • Clickjacking attack prevention enforcement for recent browsers
  • Cross-site scripting (XSS) filtering is now requested from your browser
  • Dell N2000 series support
  • All logging is now done through syslog
  • IP forwarding is now activated by default per PacketFence package installation
  • Added more fine grain stats for the captive portal
  • Many documentation improvements
Bug Fixes:
  • Fixed addition of an UDP SRV record port as a TCP port
  • Restored pf::api compatibility to Sourcefire module
  • Avoid opening a double entry with wrong accounting values
  • Added the ability to "format" the CN when using PKI
  • pfdhcplistener doesn't work on a monitor interface
  • pfqueue stats: Outstanding Task Counters isn't accurate
  • pfdhcplistener: Segfaulting when keepalived transitions quickly from backup/master/backup
  • pfdhcplistener takes a minute to die
  • captive-portal: i18n labels for dynamic fields
See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.
Versienummer 7.0.0
Releasestatus Final
Besturingssystemen Linux
Website PacketFence
Licentietype GPL

Door Japke Rosink


26-04-2017 • 16:26

0 Linkedin

Bron: PacketFence


Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.

Apple iPhone SE (2020) Microsoft Xbox Series X LG CX Google Pixel 4a CES 2020 Samsung Galaxy S20 4G Sony PlayStation 5 Nintendo Switch Lite

'14 '15 '16 '17 2018

Tweakers vormt samen met Hardware Info, AutoTrack,, Nationale Vacaturebank, Intermediair en Independer DPG Online Services B.V.
Alle rechten voorbehouden © 1998 - 2020 Hosting door True