Data Center is our focus

We help to build, access and manage your datacenter and server rooms

Structure Cabling

We help structure your cabling, Fiber Optic, UTP, STP and Electrical.

Get ready to the #Cloud

Start your Hyper Converged Infrastructure.

Monitor your infrastructures

Monitor your hardware, software, network (ITOM), maintain your ITSM service .

Our Great People

Great team to support happy customers.

Wednesday, January 30, 2013

Network Access Control dgn PacketFence

Dalam salah satu diskusi dengan client, tercetus keinginan untuk mengimplementasi Network Access Control. Meskipun sekarang ini BYOD telah menjamur, pendekatan dengan NAC masih dapat dilakukan, khususnya untuk jaringan enterprise.


Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.



PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks.


Out-of-band Deployment

PacketFence's operation is completely out-of-band which allows the solution to scale geographically and to be more resilient to failures. When using the right technology (like port security), a single PacketFence server can be used to secure hundreds of switches and many thousands nodes connected to them.

Inline Deployment

While out-of-band is the preferred way of deploying PacketFence, an inline mode is also supported for unmanageable wired or wireless equipment. Deploying PacketFence using the inline mode can also be accomplished in minutes! Note also that the inline mode can coexist very well together with an out-of-band deployment.

Authentication & Registration

802.1X Support

Wireless and wired 802.1X is supported through a FreeRADIUS [External] module which is included in PacketFence.

Voice over IP (VoIP) Support

Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Edge-Core, HP, LinkSys, Nortel Networks and many more).

Wireless Integration

PacketFence integrates perfectly with wireless networks through a FreeRADIUS [External]module. This allows you to secure your wired and wireless networks the same way using the same user database and using the same captive portal, providing a consistent user experience. Mixing access points (AP) vendors and wireless controllers is supported.

Registration of Devices

PacketFence supports an optional registration mechanism similar to "captive portal" solutions. Contrary to most captive portal solutions, PacketFence remembers users who previously registered and will automatically give them access without another authentication. Of course, this is configurable. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it.


Detection of Abnormal Network Activities

Abnormal network activities (computer virus, worms, spyware, traffic denied by establishment policy, etc.) can be detected using local and remote Snort [External] sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.

Statement of Health

While doing a 802.1X user authentication, PacketFence can perform a complete posture assessment of the connecting device using the TNC Statement of Health protocol. For example, PacketFence can verify if an antivirus is installed and up-to-date, if operating system patches are all applied and much more - all without any agent installed on the endpoint device!

Proactive Vulnerability Scans

Nessus [External] or OpenVAS [External] vulnerability scans can be performed upon registration, scheduled or on an ad-hoc basis. PacketFence correlates the Nessus/OpenVAS vulnerability ID's of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.

Remediation Through a Captive Portal

Once trapped, all network traffic is terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with instructions for the particular situation he/she is in, reducing costly help desk intervention.

Isolation of Problematic Devices

PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors.


Command-line and Web-based Management

Web-based and command-line interfaces for all management tasks. Web-based administration supports different permission-levels for users and authentication of users against LDAP or Microsoft Active Directory.

Flexible VLAN Management and Role-Based Access Control

The solution is built around the concept of network isolation through VLAN assignment. For more details on how this work see the Technical Introduction page. Because of its long experience and several deployments, the VLAN management of PacketFence grew to be very flexible over the years. Your VLAN topology can be kept as it is and only two new VLAN will need to be added throughout your network: registration VLAN and isolation VLAN. Moreover, PacketFence can also make use of roles support from many equipment vendors.
VLAN and roles can be assigned using the various means:
  • Per switch (default for VLAN)
  • Per client category (default for roles)
  • Per client
  • Using any arbitrary decision (if you use our perl extension points)
Also, the per-switch method can be combined with the others. For example, with a default PacketFence setup, a VLAN or a role can be assigned to your printers and your PCs (if categorized properly) based on what equipment they are connected to. This implies that you can easily have per-building per-device type VLANs.

Guest Access - Bring Your Own Device (BYOD)

Nowadays, most organizations deal with a lot of consultants from various companies on-site that require Internet access for their work. In most cases, an access to the corporate network is given with little to no audit of the individual or device. Also, it is rarely required that they have access to the internal corporate infrastructure, it is done that way to avoid administrative burden (per-port VLAN management).

PacketFence supports a special guest VLAN or role out of the box. If you use a guest VLAN, you configure your network so that the guest VLAN only goes out to the Internet and the registration VLAN and the captive portal are the components used to explain to the guest how to register for access and how his access works. This is usually branded by the organization offering the access. Several means of registering guests are possible:
  • Manual registration of the guests (in advance or by)
  • Password of the day
  • Self-registration (with or without credentials)
  • Guest access sponsoring (employee vouching for a guest)
  • Guest access activated by email confirmation
  • Guest access activated by mobile phone confirmation (using SMS)
PacketFence does also support guest access bulk creations and imports. PacketFence also integrates with online billing solution such as [External]. Using this integration, you can handle online payments, required to get proper network access.

More Built-in Violation Types

Looking at automatically blocking particular devices on your network? PacketFence is for you. In addition to using Snort, OpenVAS or Nessus as a source of information, PacketFence can combine the following detection mechanisms to effectively block network access from those unwanted devices :
  • DHCP Fingerprint
    PacketFence can block devices based on their DHCP fingerprint. Nearly every operating systems out there have an unique DHCP fingerprint. PacketFence can make use of this information and block network access from those devices. Based on DHCP fingerprints, you could automatically block, for example :
    • Sony PlayStation devices or any other game consoles
    • Wireless access points (WAPs)
    • VoIP phones
  • User-Agent
    PacketFence can block devices based on the provided User-Agent when those particular devices perform network activity using their embedded Web browser. Using this, you could automatically block, for example :
    • Apple iPod or iPhone devices
    • Everyone using an old Microsoft Internet Explorer (IE) release
  • MAC addresses
    PacketFence can block network access to devices having a specific MAC address pattern. Using this, you could automatically block, for examples, all devices from a specific network vendor.

Automatic Registration

Because most networks in production are already very large and complex, PacketFence provides several means to automatically register a client or device.
  • By network device
    A network device (Switch, AP, Wireless Controller) can be set to automatically register all the MAC addresses that request access to the network. Very helpful for a transition into production.
  • By DHCP fingerprinting
    DHCP fingerprinting can be used to automatically register specific device types (eg. VoIP phones, printers).
  • By MAC address Vendor
    The vendor portion of a MAC address can be used to automatically register devices from a vendor. For example, all Apple products could be automatically registered using such a rule.
  • and more
    Snort, Nessus, OpenVAS, Browser User-Agent and even more techniques could also be used to automatically register devices.


The access duration to the network can be controlled with configuration parameters. It can either be an absolute date (eg. "Thu Jan 20 20:00:00 EST 2011"), a window (eg. "four weeks from first network access") or as soon as the device becomes inactive. On expiration registered devices become unregistered. With little customization it is also possible to do this on a device category basis. Expiration can also be manually edited on a per-node basis.

Bandwidth Accounting

PacketFence can automatically track the amount of bandwidth devices consume on the network. With its built-in violations support, it can quarantine or change access level of devices that are consuming too much bandwidth during a particular time window. PacketFence also has reports on bandwidth consumption.

Floating Network Devices

A Floating Network Device is a Switch or Access Point (AP) that can be moved around your network and that is plugged into access ports. Once configured properly, PacketFence will recognize your Floating Network Devices and will configure the access ports appropriately usually allowing multiple VLANs and more MAC addresses. At this point, the Floating Network Device can also perform network access through PacketFence or not. Once the device is disconnected PacketFence will then re-configure back to its original configuration.

Flexible Authentication

PacketFence can authenticate your users using several protocols/standards. This allows you to integrate PacketFence in your environment without requiring your users to remember yet another username and password. Known to work authentication sources are:
  • Microsoft Active Directory
  • Novell eDirectory
  • OpenLDAP
  • Cisco ACS
  • RADIUS (FreeRADIUS, Radiator, etc.)
  • Local user file

Routed Networks

PacketFence's architecture allows it to work over routed networks. The server can be located in your datacenter and can still effectively secure branch offices.

Gradual Deployment

Because of the intrusive nature of network access control, PacketFence comes with finely-grained controls when it comes to deployment. As described elsewhere, you can automatically pre-register nodes but you can also control on a per-switch and per-port level wether or not should PacketFence perform its duties. This enables you to deploy at the speed you want, per-switch, per-floor, per-location, etc.

The same level of control is also available on the isolation features. At first, you can only log on violation events. Then, as you feel more familiar with who would be isolated and validated against false-positive, you can enable VLAN isolation.

Together, these two features makes the deployment of a PacketFence as easy as it could be.


PacketFence can be configured to allow access to specified resources even when the node is in isolation. This allows you to give access to specific tools or patches through the captive portal.


PacketFence is developed with high-availability in mind. All our deployments are made using active-passive high-availability so the solution is proven in that regard. Information on how to configure PacketFence in that mode of operation is available in our Administration Guide.

Supported Hardware

PacketFence supports hardware from several network vendors all in an integrated fashion. See the Supported Switches and AP page for the whole list. If you are a vendor and you would like to see your hardware supported contact us.


PacketFence is built using open standards to avoid vendor lock-in. Among the standards we support and use, there are:
  • 802.1X
  • Simple Network Management Protocol (SNMP)
  • Standard SNMP management information base (MIB) like BRIDGE-MIB, Q-BRIDGE-MIB, IF-MIB, IEEE8021-PAE-MIB
  • Netflow / IPFIX
  • Wireless ISP Roaming (WISPR)

Extensible / Easily Customizable

PacketFence has a couple of extension points where you can override PacketFence's default behavior with a little bit of Perl code. The API has been designed to be easy to understand with only a couple of high-level entry points. Several examples are already there in the source code but commented. Also, when upgrading, PacketFence doesn't replace the files in the extensions points, this way you keep your modified behavior on upgrades.

The captive portal templates are also easily customizable with HTML and CSS knowledge. They are built using Perl's Template Toolkit [External].

Something is Missing?

If something you require for Network Access Control is not on this list, first check if it is in ourRoadmap, otherwise there are good chances that someone in the community did what you are looking for so engage in the community and send an email to the packetfence-users mailing list. No one ever tried or wanted that feature? If you know Perl you can try to do it yourself or you can sponsor the development of the feature.

Tuesday, January 29, 2013

Harga Khusus Nagios Incident Manager Pricing

Nagios Incident Manager


Pricing for Incident Manager licenses is determined by the number of instances you intend to deploy. Each deployment of Incident Manager requires a separate license.
Customers who purchase Nagios Incident Manager receive special access to a customer-only email support service that includes up to five (5) support incidents each year.
Special: Purchase Nagios Incident Manager before April 1st, 2013 and receive a special promotional discount.
Regular PricePromotional Price
$995 USD$495 USD

Purchasing Information

Ready to order your copy of Nagios Incident Manager? Buy Online Now
We can also accept payment via check or purchase order (U.S. customers only), credit card via fax orders, and wire transfer. License keys are provided once payment clears. Contact us for information on these payment methods or to obtain a quote.

Distribution Formats

Nagios Incident Manager is distributed in the following format:
  • Source installer for installation to virtual or physical Linux servers running RHEL and CentOS 5 or 6.

Need assistance with deploying Nagios Incident Manager?  We can help. Contact us for more information.

What's Included?

A licensed copy of Nagios Incident Manager provides customers with a number of benefits, including:

Technical Support

Nagios Enterprises offers technical support for Nagios Incident Manager via a special customer-only section of our support forum and a customer-only email support service with up to five (5) support incidents each year.

Perpetual License

You can use it as long as you'd like even if you don't renew future support and maintenance contracts.

Nagios Library

Get a full year of access to the Nagios Library with special customer-only tutorials, videos, and tech tips.

Product Influence

We listen to all Nagios users when determining our product roadmaps, but your feature requests will get bumped up to the front of the line. Tell us what you'd like to see and we'll build our future products to include the newest features you're looking for.

SIEM dengan ManageEngine

ManageEngine Delivers SIEM for Cost-Conscious SMBs, Enterprises

November 13, 2012No Comments
SOURCE ManageEngine
PLEASANTON, Calif.— November 13, 2012 — ManageEngine, the real-time IT management company, today announced the availability of its Security Information and Event Management (SIEM) software for cost-conscious SMBs and enterprises, EventLog Analyzer. Previously dedicated to log analytics and compliance reporting duties, the latest version of EventLog Analyzer enters the SIEM arena with the addition of IT data indexing, universal log parsing and universal log search capabilities as well as a streamlined user interface.
Recent security breaches at Yahoo!, LinkedIn, eHarmony and others highlight the need for companies to protect themselves against criminal hacks. Meanwhile, regulatory mandates demand more companies to comply with Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and other compliance acts. SIEM is becoming a key technology to help companies of all sizes thwart increasingly-sophisticated cyber attacks as well as comply with internal and third-party regulations.
“For IT departments, SIEM offers a way to swiftly discover security threats and compliance violations and inform immediate, remediating action,” said Chenthil Kumaran, product manager, ManageEngine. “However, SIEM has traditionally been priced out of reach for the value-seeking SMBs and enterprises. Those that could afford it were often overwhelmed by complex solutions that were difficult to implement and operate. EventLog Analyzer brings SIEM to the masses, with potent features in an affordable solution that’s easy to deploy and use.”
EventLog Analyzer: SIEM for the Masses
The revamped EventLog Analyzer provides the industry’s most cost-effective IT SIEM solution, meeting all critical SIEM capabilities — log management, compliance reporting, user and application monitoring, and simple deployment and support. With EventLog Analyzer in place, organizations can automate the entire process of managing terabytes of machine-generated logs by collecting, analyzing, reporting, archiving and searching from one central location.
The latest version of EventLog Analyzer introduces advanced functionality that facilitates effortless and effective network log forensics and SIEM, with features such as:
  • Streamlined user interface: The sleek, new user interface offers improved flexibility and functionality. Support for customizable dashboard views and the enhanced user experience provide better visibility into network user activities, policy violations, network anomalies, system downtime, and network threats.
  • Universal Log Parsing and Indexing (ULPI): EventLog Analyzer can now receive ANY human-readable log and break it down into meaningful field-value pairs to enhance indexing and searching capabilities. [Feature video:]
  • Enhanced IT search: Users can search any kind of log formats with the flexibility to construct custom search expressions to perform wild-card search, phrase search, Boolean search, grouped search and range search. [Feature video:]
  • Log field extraction: Provides an interactive regular expression (regex) syntax builder for extracting one or more raw log fields, which further adds intelligence to the universal log parser. [Feature video:]
The new features above complement long-standing EventLog Analyzer highlights such as its web-based user interface, agentless architecture (with optional agents), support for all log types, ability to import log data, and a wide variety of reporting options including compliance reports and customizable reports.
“EventLog Analyzer helps us mitigate threats, conduct log forensic analysis, monitor server usage and meet regulatory compliance requirements,” said Dimitri Yioulos, chief information officer, Onpoint Financial Corporation. “Beyond the security and compliance advantages, EventLog Analyzer plays an important role in optimizing network uptime. Finding the root cause of network problems can be like finding the proverbial needle in the haystack. EventLog Analyzer is a very useful tool, providing a simple, powerful log parser to greatly accelerate and simplify that root-cause analysis.