Endpoint Compliance Systems
I have had some experience with a certain Endpoint Compliance System (ECS) and have been thinking about how I could write a cross-platform compatible ECS myself using freeRADIUS as its authenticating agent.
An ECS has an agent which is installed on a user’s machine, runs checks and reports back to a central server which then decides whether or not to allow elevated access to a wireless network.
On my development server, I already have a working RADIUS which talks to a database, and my wireless network is authenticating against the RADIUS, so all I need to do now is to write the small application which can do the following:
- Run specific checks on the client machine
- Report back to the RADIUS server on whether or not to allow the device
I think this system would be really useful for networks which can support multiple networks – have one which is locked down and one which is authenticated by RADIUS for network / Internet traffic.
