Contents:
Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past.
Cisco NAC Appliance allows you to enforce host security policies on all hosts managed and unmanaged as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy.
Jamey joined Cisco in and currently leads its Western Security Asset team and is a field advisor for its U. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. He has been working in the IT field for 13 years and in IT security for 9 years. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks 7.
The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware 9.
Part II The Blueprint: Virtual Gateway Mode Real IP Gateway Mode Clean Access Agent Authentication Steps Agent Post-Certification Steps Web Login Authentication Steps Web Login Network Scanning Steps Post—Web Login Steps Building a Host Security Policy Normal Login Role Method for Adding Checks, Rules, and Requirements Research and Information Requirement Should Be Applied To Method for Deploying and Enforcing Security Requirements Chapter 7 The Basics: Local NAS Settings Chapter 8 The Building Blocks: Creating a Local User and Assigning a Role Creating an Admin Group Creating an Admin User Chapter 9 Host Posture Validation and Remediation: Add Exempt Device Add Floating Device Sample Agent Installation Alternative Agent Installation Methods Creating and Enforcing a Requirement For example, most appliances can quickly check services for common threats, but only some can launch a host AV scan if problems are detected.
For example, you may want lightweight assessment of guest endpoints given Internet-only access, while requiring previously quarantined employee endpoints to be thoroughly scanned. Ultimately, a NAC appliance must deny admission to non-compliant endpoints. Blocking could be accomplished through authentication failure, but to cut help desk cost, NAC must assist with self-remediation.
Most NAC appliances can quarantine endpoints into a VLAN or subnet, redirecting Web requests to a remediation server where the user can apply missing patches or remove malware. In-line appliances can directly enforce quarantine through VLAN switching or routing. This is another area where NAC appliances diverge, so look closely at enforcement reliability and granularity, as well as self-remediation and limited access controls.
For example, are quarantined endpoints isolated from each other, or do they share one "VLAN of death"? Also pay close attention to how endpoints exit quarantine -- the appliance should avoid help desk intervention for simple fixes, while escalating more serious problems via email, traps, or trouble tickets.
A small network might be satisfied with one NAC box, but NAC really appeals to larger companies where threats are difficult to cost-effectively avoid and mitigate.
Boxes are distributed for geographic reach, coverage, performance, and redundancy. In a recent CMP poll, the top technical issues associated with NAC were ensuring that failure would not compromise fault tolerance, and providing security without compromising LAN performance. This demonstrates the importance of selecting NAC appliances that are sized for your network.
In the long run, NAC appliances are expected to integrate with those infrastructure solutions. Customers with heavy Cisco investment may prefer appliance vendors that participate in the Cisco Compatible for NAC program. Large heterogeneous networks will benefit from appliances that eventually implement TNC's open interfaces. But avoid over-emphasis on today's alliances. Many NAC vendors are hedging their bets by participating in multiple programs. In addition, most network equipment vendors are adding NAC features to managed switches, wireless access points, and remote access concentrators.
She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. Data center admins gain the benefits of microservices Microservices bring perks to data center infrastructures, especially when it comes to long-term maintenance. Related Article Online Security: For example, you may want lightweight assessment of guest endpoints given Internet-only access, while requiring previously quarantined employee endpoints to be thoroughly scanned. In a recent CMP poll, the top technical issues associated with NAC were ensuring that failure would not compromise fault tolerance, and providing security without compromising LAN performance. He currently leads its Western Security Asset team and is a field advisor for the U.
These NAC-enabled devices and programs are helping to lay the foundation for infrastructure-based network admission control. Note that Cisco currently participates in both markets -- this trend is likely to expand as vendors try to capture customers by offering NAC appliances today, and hold onto them by offering NAC infrastructure solutions tomorrow. Lisa Phifer is vice president of Core Competence Inc. Phifer has been involved in the design, implementation and evaluation of data communications, internetworking, security and network management products for nearly 20 years.
She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing. Please check the box if you want to proceed. VPN services, enterprises choosing between the technologies should consider factors like Companies are approaching network infrastructure upgrades with SD-WAN deployment, but a new survey shows they're weighing issues Figuring out how to calculate bandwidth requirements is vital to ensuring your network runs smoothly, and it's best to get the Learn about the different types of noise in data communication -- including thermal, intermodulation, cross-talk, impulse and This slideshow highlights the best VPNs used in enterprise wide-area networks WANs and offers principles for designing and Twilio has acquired startup Ytica to improve the native analytics and workforce optimization tools of its Twilio Flex cloud Tsahi Levent-Levi explains how In a bid to close deals with more large organizations, Slack will soon give customers greater control over the encryption of IAM is at the heart of an organization's security strategy.
To develop a strong IAM strategy, it's important to stay on top of Mobile device management can be a challenge for IT admins. Discover one vendor's approach and how security can make or break an Learn the benefits and discover how to Data center infrastructure management is one way to track security patches and unauthorized hardware access. There are a few Microservices bring perks to data center infrastructures, especially when it comes to long-term maintenance.
But admins need to Big data player Zoomdata rolled out a new partner program for selling its data visualization and analytics technology; other In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has Cisco has changed licensing for the ASR router to let service providers pay only for the throughput they use. This was last published in November VPN virtual private network IPsec vs.
Understanding the basics context-aware network access control transparent addressing Load More View All Get started. What is ABAC and can it protect my network? New options to enable remote access in the network Cloud-based remote access: Network access security challenges: