PacketFence is a fully supported, Free and Open Source network access control (NAC) system. PacketFence is actively maintained and has been deployed in numerous large-scale institutions over the past years. It can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved. Among the different markets are :
banks
colleges and universities
engineering companies
manufacturing businesses
school boards (K-12)
... and many more!
PacketFence is an open-source network access control (NAC) system which provides an impressive list of supported features. Among them, there are:
Registration
PacketFence supports an optional registration mechanism Similar to "captive portal" solutions. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. The duration of a node registration can be a relative value (eg. "four weeks from first network access") or an absolute date (eg. "Thu Jan 20 20:00:00 EST 2009").
Detection of abnormal network activities
Abnormal network activities (computer virus, worms, spyware, etc.) can be detected using local and remote Snort [External] sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.
Proactive vulnerability scans
Nessus [External] vulnerability scans can be performed on a scheduled or ad-hoc basis. PacketFence correlates the Nessus vulnerability ID's of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.
Isolation of problematic devices
PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors.
