Upload
daniel-daniel
View
2
Download
0
Embed Size (px)
DESCRIPTION
eww
Citation preview
Cisco NAC
Cisco NACNAC FrameworkSoftware module embedded within NAC-enabled productsIntegrated framework leveraging multiple Cisco and NAC-aware vendor productsIn-band Cisco NAC Appliance solution can be used on any switch or router platformSelf-contained, turnkey solution
The purpose of NAC: Allow only authorized and compliant systems to access the networkTo enforce network security policyCisco NAC ApplianceSolucin embebida Solucin con equipo The NAC FrameworkAAA ServerCredentialsCredentialsEAP/UDP,EAP/802.1xRADIUSCredentialsHTTPSAccess RightsNotificationCisco Trust AgentComply?Vendor ServersHosts Attempting Network AccessNetwork Access DevicesPolicy Server Decision Points and RemediationEnforcement
NAC ComponentsCisco NASServes as an in-band or out-of-band device for network access controlCisco NAMCentralizes management for administrators, support personnel, and operators
Cisco NAAOptional lightweight client for device-based registry scans in unmanaged environmentsRule-set updatesScheduled automatic updates for antivirus, critical hotfixes, and other applications
MGRCisco NAC Appliance Process
THE GOALIntranet/Network2.Host is redirected to a login page.Cisco NAC Appliance validates username and password, also performs device and network scans to assess vulnerabilities on device.Device is noncompliant or login is incorrect.Host is denied access and assigned to a quarantine role with access to online remediation resources.3a.3b.Device is clean.Machine gets on certified devices list and is granted access to network.Cisco NASCisco NAM1.Host attempts to access a web page or uses an optional client.Network access is blocked until wired or wireless host provides login information.AuthenticationServer
MGR
QuarantineRole3.The host is authenticated and optionallyscanned for posture compliance