In my last post, I voiced my discontent with Zeroshell as my security appliance solution for testing with my lab. My hat is off to Zeroshell developers, because it would make a great SOHO device if it were more stable, but I have been itching to give Linux based PacketFence a test drive for over a year now.
Last Saturday (8/31/13) I ordered a Supermicro server from ebay with dual Intel Xeons, 8GB RAM, and a 500GB HDD for about $200 (not bad) to use as a NAC appliance via PacketFence.
From my understanding PacketFence has NAC, RADIUS, Captive Portal, DHCP, DNS, and many more capabilities. I will attempt to deploy PacketFence in VLAN mode first, which means the device is not inline and instead is out-of-band but still actively managing network access. VLAN mode does require compatible layer 2 hardware (switches, APs, etc.). Essentially PacketFence can filter network access requests by moving suspicious clients to a quarantined VLAN or SSID.
My only other consideration to take before my PacketFence server arrives is how I will configure the server. PacketFence can be deployed by either installing and configuring CentOS or RHEL (Red Hat Enterprise Linux) first, then installing the PacketFence application, or you can use the preconfigured zero touch LIVE USB install. I'm not sure of which is more advantageous versus the other, but off the bat, configuring CentOS would be good experience. I have played with CentOS before and even configured it to support a DNS server using BIND9. Either way, I hope to deploy PacketFence in my lab atleast by next week!
After PacketFence, I plan to upgrade my wireless network (nothing too amazing) and will probably end my lab purchases for the year. After that, everything will be study and labs with existing equipment.
No comments:
Post a Comment