By Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes
Cisco community Admission Control
Volume I: NAC Framework structure and Design
A consultant to endpoint compliance enforcement
Today, a number of safety demanding situations have an effect on all companies despite dimension and site. businesses face ongoing demanding situations with the struggle opposed to malware akin to worms, viruses, and spy ware. Today’s cellular team connect a number of units to the company community which are more durable to manage from a safety coverage point of view. those host units are usually missing antivirus updates and working procedure patches, hence exposing the total community to an infection. for this reason, worms and viruses proceed to disrupt enterprise, inflicting downtime and continuous patching. Noncompliant servers and computers are a ways too universal and are tough to discover and comprise. finding and setting apart contaminated desktops is time eating and source intensive.
Network Admission regulate (NAC) makes use of the community infrastructure to implement defense coverage compliance on all units looking to entry community computing assets, thereby restricting harm from rising protection threats. NAC permits community entry simply to compliant and depended on endpoint units (PCs, servers, and PDAs, for instance) and will limit the entry of or even remediate noncompliant devices.
Cisco community Admission Control, quantity I, describes the NAC structure and gives an in-depth technical description for every of the answer elements. This booklet additionally offers layout instructions for imposing community admission rules and describes how you can deal with NAC agentless hosts. As a technical primer, this booklet introduces you to the NAC Framework resolution elements and addresses the structure in the back of NAC and the protocols that it follows so that you can achieve an entire knowing of its operation. pattern worksheets assist you assemble and set up standards for designing a NAC solution.
Denise Helfrich is a technical software revenues engineer that develops and helps international on-line labs for the area broad revenues strength improvement at Cisco®.
Lou Ronnau, CCIE® No. 1536, is a technical chief within the utilized Intelligence staff of the client coverage protection perform at Cisco.
Jason Frazier is a technical chief within the know-how platforms Engineering team for Cisco.
Paul Forbes is a technical advertising engineer within the place of work of the CTO, in the safety know-how workforce at Cisco.
- Understand how a number of the NAC parts interact to shield your community
- Learn how NAC operates and identifies the kinds of knowledge the NAC answer makes use of to make its admission judgements
- Examine how Cisco belief Agent and NAC-enabled purposes interoperate
- Evaluate the method wherein a coverage server determines and enforces a coverage
- Understand how NAC works while applied utilizing NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
- Prepare, plan, layout, enforce, function, and optimize a community admission keep an eye on solution
This safety publication is a part of the Cisco Press® Networking know-how sequence. protection titles from Cisco Press support networking pros safe severe information and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: community Admission Control
Read Online or Download Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design PDF
Similar security & encryption books
Army and intelligence leaders agree that the subsequent significant conflict isn't more likely to be fought at the battleground yet in cyber house. Richard Stiennon argues the period of cyber struggle has already began. fresh cyber assaults on usa executive departments and the Pentagon corroborate this declare. China has compromised electronic mail servers on the German Chancellery, Whitehall, and the Pentagon.
Enforce a good defense Metrics undertaking or software IT defense Metrics offers a entire method of measuring dangers, threats, operational actions, and the effectiveness of knowledge defense on your association. The booklet explains tips to decide upon and layout potent size ideas and addresses the information necessities of these suggestions.
Cellular protection and privateness: Advances, demanding situations and destiny examine instructions offers the 1st actually holistic view of cutting edge cellular safety learn from Dr. guy Ho Au and Dr. Raymond Choo-leading researchers in cellular defense. cellular units and apps became a part of way of life in either built and constructing international locations.
This up-to-date model describes, at a excessive point, the evolving company protection panorama and offers counsel for a management-level viewers approximately find out how to deal with and live on probability. whereas established totally on the author’s event and insights at significant businesses the place he has served as CISO and CSPO, the ebook additionally comprises many examples from different recognized businesses.
- Digital Citizenship in Schools
- EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide
- Securing PHP Web Applications
- Data privacy for the smart grid
- Database Recovery
Extra info for Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design
0 technology. The book does not focus on NAC Appliance. While the end result of NAC Appliance is similar, the configuration and deployment models are different than that of NAC Framework. The next section describes how hosts can gain access to a network that does not implement NAC and the problems this access can create. Then, you learn the fundamentals of how NAC can mitigate, remediate, and manage security threats. Accessing a Network That Does Not Implement NAC Prior to NAC, when a host computer connected to the network, it was given free access regardless of its posture, or in some instances, only its identity was checked to identify the machine or user.
NAC uses different modes of operation that are based on the network access device (NAD) that the host connects to. The packet flow processes and protocols involved can differ by the mode used. Hosts and endpoints that do not use NAC protocols but still need to be able to use the network, bypassing the NAC process, require special consideration.
Html. pdf. html. html#wp44545. id=34348. Review Questions You can find the answers to the review questions in Appendix A. 1 Which NAC component(s) act(s) as the policy enforcement point? Choose all that apply. a NAC-enabled Cisco router b NAC-enabled Cisco switch c NAC-enabled software application d Cisco Trust Agent e Cisco Secure ACS 2 Which NAC component(s) operate(s) as the policy decision point? Choose all that apply. a NAC-enabled Cisco router b NAC-enabled Cisco switch c Cisco Secure ACS d CiscoWorks VMS e Supported NAC partner antivirus or identity server 3 Which NAC component(s) communicate(s) host credentials to the NAD?
Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design by Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes