PacketFence is an app open source that allows us to control access to the network (NAC), this application is totally free and is distributed under the GPL v2 license.
It is an option quite ideal when trying to unify the different security technologies in the end equipment, such as antivirus, host intrusion prevention, vulnerability reports, user or authentication system and reinforce the security of the access network.
This application provides us with the following features- Logging, Abnormal Network Activity Detection, Proactive Vulnerability Scans, Problem Device Isolation, Remediation via Captive Portal, 802.1X, Wireless Integration, and User-Agent / DHCP Representation.
Between the main features of monitoring and control of the application we find:
- Flexible VLAN management and role-based access control
- Guest access: bring your own device (BYOD)
- Portal Profiles
- More built-in rape types
- Automatic registration
- PKI and EAP-TLS support
- Expiration
- Device management
- Firewal integration
- Bandwidth accounting
- Floating network devices
- Flexible authentication
- Microsoft Active Directory integration
- Routed networks
- Gradual deployment
- Compatible Hardware
Which we can highlight that with PacketFence we are given the possibility to monitor the devices connected in a network and power manage your stay in it in which we can limit your time on the network, amount of band to use, apply Firewall policies.
We can also use an agent, allow compliance checks, configurations and more endpoints connected to your network. PacketFence can ensure that agents (or clients) are installed during the registration process and then for each new connection.
PacketFence provides various means to automatically register a client or device.
By network device
A network device (Switch, AP, Wireless Controller) can be configured to automatically register all MAC addresses requesting access to the network. Very useful for a transition to production.
By DHCP fingerprint
DHCP fingerprints can be used to automatically enroll specific device types (eg, VoIP phones, printers).
By MAC address vendor
The provider part of a MAC address can be used to automatically register a provider's devices. For example, all Apple products can be automatically registered using such a rule and more.
About the new version of PacketFence
This application has been recently updated and is reaching its version 8 of PacketFence in which we offers many enhancements, such as a full API, a new NetData-based dashboard, Fingerbank version 2 integration, new DNS and DHCP services in Go, support for multiple entities (multi-tenancy) and more.
Between the characteristics that we can highlight in this new version we find:
- "Online" application support in the case of an active-active server group (cluster)
- Application support «online» in a network is subdivided according to their assigned functions, to put certain materials on a specific broadcast network (broadcast network)
- the use of RADIUS server cluster cache mode (cluster).
- registration of network components through a powerful captive portal.
- automatic blocking, if desired, of unwanted devices such as Apple iPods, Sony PlayStation, wireless kiosks and more.
- Braking attacks on your servers or various network components.
- verification of the conformity of the stations present on the network (installed software, particular configurations, etc.).
- integration with Active Directory,
- Simple and effective management of the guests that connect to your network.
- various sources of authentication, including Facebook and Google.
How to install PacketFence on Linux?
The application offers us two installers for the different Linux distributions, one in deb format that can be downloaded from this link and another in rpm this link.
For the rest of the distributions we can use the source code and compile the application.