Voor het beveiligen van een netwerkomgeving kan onder andere een nac-systeem worden ingezet. Hiermee kunnen, op basis van vooraf ingestelde policies, automatisch netwerkapparaten worden geblokkeerd als zich een ongewenste situatie voordoet. Denk daarbij aan onbekende netwerkapparaten van bezoekers, een worm die zich probeert te verspreiden of een geautoriseerd apparaat dat via een bootflop of live-cd van een ander besturingssysteem is voorzien. PacketFence is zo'n nac-systeem met ondersteuning voor 802.1x en vlan isolation, waarmee een netwerkapparaat na analyse in het juiste vlan kan worden geplaatst. Voor meer informatie verwijzen we door naar deze pagina. De ontwikkelaars hebben versie 1.9.0 uitgebracht en voorzien van de volgende aankondiging:
PacketFence 1.9.0 released!
The Inverse Team is pleased to announce the immediate availability of PacketFence 1.9.0. This is a major release bringing new features, new hardware support, several enhancements, improvements to documentation and a load of small fixes. This release has been thoroughly tested in several environments and we consider it ready for production use. Here are the noteworthy changes since 1.8.7.
New:New Hardware Support:
- Official Linux 64 bit support
New Features:
- Cisco Wireless Services Module (WiSM)
- Cisco Integrated Services Routers (ISR) 1800 Series
- Cisco Catalyst 3750 Series
- Cisco Catalyst 4500 Series
- Foundry FastIron 4802 Port security and Voice over IP support (feature sponsored by an entity who preferred to remain anonymous)
- HP Procurve 3400cl (tested by roelof)
- SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle Pacific University developed with the help of SMC)
Enhancements:
- Node category support, you can assign different VLANs or whitelist violations based on a node's category (#968)
- Added support for Floating Network Devices (See Admin Guide for details)
Documentation improvements:
- Improved error reporting in the web administration panel and cli (#847, #898, #899, #964, #993)
- More information available in Node Lookup (IP, DHCP lease)
- Improved database layer (more robust and logs errors)
- pfsetvlan is more resistant to configuration mistakes and reports them (#766)
- Net-SNMP 5.4 support (#940 Thanks to Maikel)
- Freeradius 2.x support (#1007)
- @ character now allowed in person id (pid). This is very common in Active Directory environment.
- New admin authentication mechanism added (disabled by default)
- New debugging features (disabled by default)
- New DHCP fingerprints
- Optional backup script in addons/ now archives old records
- New helper synchronization scripts in addons/high-availability
- Little improvements (#866, #886, #911, #916, #952, #975)
Bug fixes:
- Install guide more accurate
- Added directions to configure PacketFence in a routed environment to the admin guide
- Updated the High-Availability section with details about DRBD and HeartBeat v1
- More MySQL tips (#951)
- Fixed Procurve 2600 switch configuration (Thanks to Andrew Niemantsverdriet!)
... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.
- Performance fixes (#908, #910)
- Captive portal stability fixes (#892, #961)
- Mitigated Net::Telnet problems with perl threads (#903, #907)
- Proper violation description shown in violation edit (#922)
- Fixed RPM spec to create package packetfence-remote-snort-sensor again (#888)
- Fixed PacketFence RPM upgrade bug if your version is lower than 1.8.5 (#931)
- Fixed rare port-security problems with stacked switches or switches with large ifIndex (#921)
- Fixed problems with DHCP Fingerprint submission
- Fixed call to non-existing script lookup_node.pl in pfdhcplistener (#858)
- Correct VLAN information shown in Node Lookup (#893)
- Minor corrections to the Admin Web UI
- Clarified some error messages
- Misc. stability and general fixes (#833, #885, #868, #869, #896, #923, #927, #946, #950)
 
                    :strip_exif()/i/1330029972.png?f=thumbmedium)