Cisco NAC

Cisco NACNAC FrameworkSoftware module embedded within NAC-enabled productsIntegrated framework leveraging multiple Cisco and NAC-aware vendor productsIn-band Cisco NAC Appliance solution can be used on any switch or router platformSelf-contained, turnkey solution

The purpose of NAC: Allow only authorized and compliant systems to access the networkTo enforce network security policyCisco NAC ApplianceSolucin embebida Solucin con equipo The NAC FrameworkAAA ServerCredentialsCredentialsEAP/UDP,EAP/802.1xRADIUSCredentialsHTTPSAccess RightsNotificationCisco Trust AgentComply?Vendor ServersHosts Attempting Network AccessNetwork Access DevicesPolicy Server Decision Points and RemediationEnforcement

NAC ComponentsCisco NASServes as an in-band or out-of-band device for network access controlCisco NAMCentralizes management for administrators, support personnel, and operators

Cisco NAAOptional lightweight client for device-based registry scans in unmanaged environmentsRule-set updatesScheduled automatic updates for antivirus, critical hotfixes, and other applications

MGRCisco NAC Appliance Process

THE GOALIntranet/Network2.Host is redirected to a login page.Cisco NAC Appliance validates username and password, also performs device and network scans to assess vulnerabilities on device.Device is noncompliant or login is incorrect.Host is denied access and assigned to a quarantine role with access to online remediation resources.3a.3b.Device is clean.Machine gets on certified devices list and is granted access to network.Cisco NASCisco NAM1.Host attempts to access a web page or uses an optional client.Network access is blocked until wired or wireless host provides login information.AuthenticationServer

MGR

QuarantineRole3.The host is authenticated and optionallyscanned for posture compliance