The Cisco® NAC Guest Server adds a new Secure Guest service to existing Cisco Network Admission Control (NAC) services such as authentication, posture, and profiling. The new Cisco NAC Guest Server enables simple, efficient, and secure management of guest network access. Cisco NAC Guest Server works with either Cisco NAC Appliance or Cisco wireless LAN controllers to manage the entire lifecycle of guest access, including:
• Provisioning: Allows any internal sponsor to create guest accounts
• Notification: Provides access details to the guest by print, e-mail, or text message
• Management: Makes it easy to modify and suspend accounts
• Reporting: Provides full reporting on guest accounts and guest activity
Cisco NAC Guest Server helps IT staff deal with administrative challenges commonly associated with supporting corporate visitors. The Secure Guest service enhances IT's ability to protect its own organization's assets, employees, and information from guests and their devices while providing secure and flexible network access to meet visitors' business needs. Cisco NAC Guest Server with its Secure Guest service delivers the following business benefits:
• Decreases deployment and management costs. Cisco NAC Guest Server allows trusted employees to create guest accounts quickly and securely. This removes the burden from IT and helpdesk personnel.
• Improves productivity. Streamlined account provisioning and notification processes help increase both guest usage and the productivity benefits for internal users and their guests.
• Improves customer and partner satisfaction. Providing guest access for visitors enables greater collaboration. Customers and partners alike appreciate this capability.
To learn more about Cisco NAC Guest Server and its Secure Guest service, visit the following resources:
• Product bulletin (including ordering information): http://www.cisco.com/en/US/products/ps6128/prod_bulletin0900aecd806f3235.html
• Data sheet: http://www.cisco.com/en/US/products/ps6128/products_data_sheet0900aecd806e98c9.html
• Q&A: http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd806f525a.shtml
Volume I: NAC Framework Architecture and Design (Networking Technology) (Paperback)
Volume II: NAC Deployment and Troubleshooting (Networking Technology) (Paperback)
Product Description
Cisco Network Admission Control
Volume I: NAC Framework Architecture and Design
A guide to endpoint compliance enforcement
Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today’s mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive.
Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices.
Cisco Network Admission Control, Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution.
Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®.
Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco.
Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.
Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco.
Understand how the various NAC components work together to defend your network
Learn how NAC operates and identifies the types of information the NAC solution uses to make its admission decisions
Examine how Cisco Trust Agent and NAC-enabled applications interoperate
Evaluate the process by which a policy server determines and enforces a policy
Understand how NAC works when implemented using NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
Prepare, plan, design, implement, operate, and optimize a network admission control solution
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Network Admission Control
1587052415120506
About the Author
Denise Helfrich
is currently a technical program sales engineer developing and supporting global
online labs for the Worldwide Sales Force Delivery. For the previous six years, she was a technical marketing
engineer in the Access Router group, focusing on security for Cisco Systems. She is the author of
many Cisco training courses, including Network Admission Control. She has been active in the voice/
networking industry for over 20 years.
Lou Ronnau,
CCIE No. 1536, is currently a technical leader in the Applied Intelligence group of the
Customer Assurance Security Practice at Cisco Systems. He is the author of many Cisco solution guides
along with
Implementing Network Admission Control: Phase One Configuration and Deployment.
He
has been active in the networking industry for over 20 years, the last 12 years with Cisco Systems.
Jason Frazier
is a technical leader in the Technology Systems Engineering group for Cisco Systems.
He is a systems architect and one of the founders of Cisco’s Identity-Based Networking Services
(IBNS) strategy. Jason has authored many Cisco solution guides and often participates in industry
forums such as Cisco Networkers. He has been involved with network design and security for seven
years.
Paul Forbes
is a technical marketing engineer in the Office of the CTO, within the Security Technology
Group. His primary focus is on the NAC Partner Program, optimizing the integration between vendor
applications and Cisco networking infrastructure. He is also active in other security architecture initiatives
within the Office of the CTO. He has been active in the networking industry for ten years, as both a
customer and working for Cisco.
Product Description
Cisco Network Admission Control
Volume II: NAC Framework Deployment and Troubleshooting
The self-defending network in action
Jazib Frahim, CCIE® No. 5459
Omar Santos
David White, Jr., CCIE No. 12,021
When most information security professionals think about threats to their networks, they think about the threat of attackers from the outside. However, in recent years the number of computer security incidents occurring from trusted users within a company has equaled those occurring from external threats. The difference is, external threats are fairly well understood and almost all companies utilize tools and technology to protect against those threats. In contrast, the threats from internal trusted employees or partners are often overlooked and much more difficult to protect against.
Network Admission Control (NAC) is designed to prohibit or restrict access to the secured internal network from devices with a diminished security posture until they are patched or updated to meet the minimum corporate security requirements. A fundamental component of the Cisco® Self-Defending Network Initiative, NAC enables you to enforce host patch policies and to regulate network access permissions for noncompliant, vulnerable systems.
Cisco Network Admission Control, Volume II, helps you understand how to deploy the NAC Framework solution and ultimately build a self-defending network. The book focuses on the key components that make up the NAC Framework, showing how you can successfully deploy and troubleshoot each component and the overall solution. Emphasis is placed on real-world deployment scenarios, and the book walks you step by step through individual component configurations. Along the way, the authors call out best practices and tell you which mistakes to avoid. Component-level and solution-level troubleshooting techniques are also presented. Three full-deployment scenarios walk you through application of NAC in a small business, medium-sized organization, and large enterprise.
“To successfully deploy and troubleshoot the Cisco NAC solution requires thoughtful builds and design of NAC in branch, campus, and enterprise topologies. It requires a practical and methodical view towards building layered security and management with troubleshooting, auditing, and monitoring capabilities.”
—Jayshree V. Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco Systems®
Jazib Frahim, CCIE® No. 5459, is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security.
Omar Santos is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He has more than 12 years of experience in secure data communications.
David White, Jr., CCIE No. 12,021, has more than 10 years of networking experience with a focus on network security. He is currently an escalation engineer in the Cisco TAC, where he has been for more than six years.
Effectively deploy the Cisco Trust Agent
Configure Layer 2 IP and Layer 2 802.1x NAC on network access devices
Examine packet flow in a Cisco IOS NAD when NAC is enabled, and configure Layer 3 NAC on the NAD
Monitor remote access VPN tunnels
Configure and troubleshoot NAC on the Cisco ASA and PIX security appliances
Install and configure Cisco Secure Access Control Server (ACS) for NAC
Install the Cisco Security Agent Manage-ment Center and create agent kits
Add antivirus policy servers to ACS for external antivirus posture validation
Understand and apply audit servers to your NAC solution
Use remediation servers to automatically patch end hosts to bring them in compliance with your network policies
Monitor the NAC solution using the Cisco Security Monitoring, Analysis, and Response System (MARS)
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press—Security
Covers: Network Admission Control
$60.00 USA / $75.00 CAN
About the Author
Jazib Frahim, CCIE No. 5459, has been with Cisco Systems for more than seven years. With a Bachelor’s degree in computer engineering from Illinois Institute of Technology, he started out as a TAC engineer with the LAN Switching team. He then moved to the TAC Security team, where he acted as a technical leader for the security products. He led a team of 20 engineers as a team leader in resolving complicated security and VPN technologies. Jazib is currently working as a Senior Network Security Engineer in the Worldwide Security Services Practice of Cisco’s Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus in network security. He holds two CCIEs, one in Routing and Switching and the other in Security. He also authored the Cisco Press book Cisco ASA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance(ISBN: 1-58705-209-1). Additionally, Jazib has written numerous Cisco online technical documents and has been an active member on Cisco’s online forum, NetPro. He has presented at Networkers on multiple occasions and has taught many onsite and online courses to Cisco customers, partners, and employees.
Jazib is currently pursuing a Master of Business Administration (MBA) degree from North Carolina State University.
Omar Santos is a Senior Network Security Consulting Engineer in the Worldwide Security Services Practice of Cisco’s Advanced Services for Network Security. He has more than 12 years of experience in secure data communications. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and Department of Defense (DoD). He is also the author of the Cisco Press book Cisco ASA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance(ISBN: 1-58705-209-1) and many Cisco online technical documents and configuration guidelines. Prior to his current role, he was a technical leader of Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within the organization. He is an active member of the InfraGard organization, a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law-enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers, partners, and other organizations.
David White, Jr., CCIE No. 12021, has more than ten years of networking experience with a focus on network security. He is currently an Escalation Engineer in the Cisco TAC, where he has been for more than six years. In his role at Cisco, he is involved in new product design and implementation and is an active participant in Cisco documentation, both online and in print. David holds a CCIE in Security and is also NSA IAM certified. Before joining Cisco, David worked for the U.S. government, where he helped secure its worldwide communications network. He was born and raised in St. Petersburg, Florida, and received his Bachelor’s degree in computer engineering from the Georgia Institute of Technology.
Enforce Security Policy Compliance
Enforce your organization's security policies on all devices seeking network access. Cisco Network Admission Control (NAC) allows only compliant and trusted endpoint devices, such as PCs, servers, and PDAs, onto the network, restricting the access of noncompliant devices, and thereby limiting the potential damage from emerging security threats and risks. Cisco NAC gives organizations a powerful, roles-based method of preventing unauthorized access and improving network resiliency.
Business Benefits
Security policy compliance: Ensures that endpoints conform to security policy; protects infrastructure and employee productivity; secures managed and unmanaged assets; supports internal environments and guest access; tailors policies to your risk level
Protects existing investments: Is compatible with third-party management applications; flexible deployment options minimize need for infrastructure upgrades
Mitigates risks from viruses, worms, and unauthorized access: Controls and reduces large-scale infrastructure disruptions; reduces OpEx and helps enable higher IT efficiency; integrates with other Cisco Self-Defending Network components to deliver comprehensive security protection
NAC Deployment Scenarios
Cisco NAC can be deployed in all infrastructure scenarios, including corporate LAN, WAN, wireless, and remote access (VPN). Cisco NAC deployments include the following options:
Cisco NAC Appliance is the recommended deployment solution for most customers. It is an appliance-based product that provides
Rapid deployment
Self-contained endpoint security posture assessment
Policy management
Integration with identity, remediation, and other services
Cisco NAC Appliance In-Band Option
This is the ideal option for wireless, remote access, and branch office applications, and works in heterogeneous network environments.
Cisco NAC Appliance Out-of-Band Option
This option is ideal for larger campus LAN deployments in which enforcement is controlled at the switch. Cisco NAC Out-of-Band can be combined with the Cisco NAC In-Band deployment option.
Cisco NAC Framework, through the Cisco Network Admission Control Partner Program, provides the option of integrating an intelligent network infrastructure with solutions from more than 75 manufacturers of leading antivirus and other security and management software.
NAC Deployment Services (PDF)
Cisco Security NAC Services provide rigorous requirements analysis, planning, design, and implementation consulting—essential to deploying an effective NAC solution.
Brochure
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Cisco Expands Its NAC Leadership with the Cisco NAC Network Module and Cisco NAC Profiler
The new Cisco NAC Network Module for Cisco 2800 and 3800 Series Integrated Services Routers is the industry’s first full Network Admission Control (NAC) module. The Cisco NAC Network Module provides exceptional security for branch and remote offices, adds more NAC deployment options, and assists customers by simplifying deployment, troubleshooting, and management.
Cisco is also introducing the Cisco NAC Profiler, which adds new capabilities for endpoint device handling (including “dumb” devices such as IP phones, printers or scanners). The Cisco NAC Profiler provides visibility, intelligence, and automation to simplify initial NAC deployments and to reduce the ongoing NAC maintenance cost.
Read the complete Cisco NAC Network Module and Cisco NAC Profiler announcement.
For more technical information, read the Cisco NAC Network Module data sheet and the Cisco NAC Profiler data sheet.
Printed in USA C02-434732-00 9/07 All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
No comments:
Post a Comment