PacketFence, The Open Source Nac: What We've Done In The Last Two Years

Presented at DEF CON 19 (2011), Aug. 7, 2011, 11 a.m. (50 minutes)

Ever heard of PacketFence? It's a free and open source Network Access Control (NAC) software that's been out there since 2005. In the last two years we had several major releases with important new features that makes it an even more compelling solution. Trying to appeal to both attackers and defenders, this presentation will cover all of our NAC's secret sauce : Wired / Wireless RADIUS MAC authentication / 802.1X, port-security through SNMP, captive portal redirection techniques, hardware support procedure, voice over IP, FreeRADIUS, Snort and Nessus integration, and quarantine / remediation features. We will continue with the advantages of Open Source when dealing with a NAC. Then we will focus on the last two years of the project, the problems, the missteps and the good, new and shiny stuff. This will include learning about some 802.1X problems, complaining about other vendor's code, looking at our own problems and salivating on some of the technical prowess we recently achieved. Finally we will expose our World Domination Roadmap covering both short-term improvements and potential research projects (and we will beg for help to achieve it). Hopefully this talk will demystify NACs by explaining in details how our implementation works, give yet another example of why open source rocks and convince those who haven't jumped on the NAC band-wagon to give the free one a try.

Presenters:

• Olivier Bilodeau - Systems architect at Inverse inc.
  Olivier Bilodeau is a System Architect at Inverse developing PacketFence an open source Network Access Control (NAC) software. He also lectures on system security at …cole de technologie superieure University (ETS) in Montreal, Canada. His past experiences made him travel into dusty Unix server rooms, obfuscated perl code and expensive enterprise networks. On his free time he enjoys several CTFs a year (with the CISSP Groupies and Amish Security teams), hacking perl, doing open source development and brewing beer. You can read his occasional blog posts at: http://www.bottomlesspit.org/ Twitter: @packetfence

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Bilodeau2
• https://www.youtube.com/watch?v=vxTIMcglFqo

Similar Presentations:

• Kernelcon 2022 / The Tale of Sh*tty NAC
• BSidesLV 2016 / Network Access Control: The Company-Wide Team Building Exercise That Only You Know About
• DEF CON 15 (2007) / kNAC!