Posts Tagged ‘Bypassing NAC’

About My Upcoming Defcon 15 Presentation – kNAC!

July 18, 2007

I will be speaking at Defcon 15 about NAC vulnerabilities and bypass issues.

The talk has a considerable amount of new vulnerability information, which I have collected in the past year and kept quite about. So you should stay tuned for some interesting new stuff.

Don’t be a stranger and come say hello.

My Shmoocon 2007 presentation is now available in Video

April 20, 2007

The folks over at Shmoocon have uploaded the video of my Shmoocon 2007 talk to their web site. You can find it here. I have much enjoyed the conference and I highly recommend it.

ShmooCon ‘07 – Some tough questions about NAC

March 28, 2007

I have just got back home from ShmooCon ’07 where I gave a presentation about bypassing NAC (an updated presentation). Overall the conference was a very good one (content wise), and well organized with about 1200 attendees.

From the number and type of questions I have been asked during my presentation and afterwards, it seems IT professionals are now asking more tough questions about NAC. It is surly a trend I have identified after my BlackHat 2006 presentation, where a growing number of people now understands what NAC is; what it should and should not provide, and that asking the right questions about NAC.

A NAC solution that can be bypassed or does not identify elements operating on the network is not a solution someone should consider. It actually creates a false sense of security and cannot meet an organization’s compliance requirements.

Richard Bejtlich of Tao Security did a nice write-up about the conference and about my talk.

From BlackHat to BlackHat, any changes to bypass-able NAC solutions?

February 24, 2007

Last week I was asked by a reporter whether any of the NAC bypass issues I discussed in my BlackHat USA 2006 presention (August, 2006) have been remedied in the six months since then.

My answer was no. In other words, those that could be bypassed then can still be bypassed today.

The question was in light of the upcoming BlackHat DC 2007 (February, 2007) conference where I will be giving an updated presentation about bypassing NAC. In fact, I will present more ways to bypass NAC and with more examples of NAC solutions that are vulnerable.

One trend I have identified in the last six months is the growing number of IT professionals who understand what NAC is; what it should and should not provide. They are asking the right questions when examining NAC solutions (see: The Definition of NAC and Questions to ask in a NAC RFI/RFP)

A NAC solution that can be bypassed or does not identify elements operating on the network is not a solution someone should consider. It actually creates a false sense of security and cannot meet an organization’s compliance requirements.