Networking Technology
2 total works
Cisco Network Admission Control, Volume II
by Jazib Frahim, Omar Santos, and David C Jr White
Cisco Network Admission Control
Volume II: NAC Framework Deployment and Troubleshooting
The self-defending network in action
Jazib Frahim, CCIE® No. 5459
Omar Santos
David White, Jr., CCIE No. 12,021
When most information security professionals think about threats to their networks, they think about the threat of attackers from the outside. However, in recent years the number of computer security incidents occurring from trusted users within a company has equaled those occurring from external threats. The difference is, external threats are fairly well understood and almost all companies utilize tools and technology to protect against those threats. In contrast, the threats from internal trusted employees or partners are often overlooked and much more difficult to protect against.
Network Admission Control (NAC) is designed to prohibit or restrict access to the secured internal network from devices with a diminished security posture until they are patched or updated to meet the minimum corporate security requirements. A fundamental component of the Cisco® Self-Defending Network Initiative, NAC enables you to enforce host patch policies and to regulate network access permissions for noncompliant, vulnerable systems.
Cisco Network Admission Control, Volume II, helps you understand how to deploy the NAC Framework solution and ultimately build a self-defending network. The book focuses on the key components that make up the NAC Framework, showing how you can successfully deploy and troubleshoot each component and the overall solution. Emphasis is placed on real-world deployment scenarios, and the book walks you step by step through individual component configurations. Along the way, the authors call out best practices and tell you which mistakes to avoid. Component-level and solution-level troubleshooting techniques are also presented. Three full-deployment scenarios walk you through application of NAC in a small business, medium-sized organization, and large enterprise.
“To successfully deploy and troubleshoot the Cisco NAC solution requires thoughtful builds and design of NAC in branch, campus, and enterprise topologies. It requires a practical and methodical view towards building layered security and management with troubleshooting, auditing, and monitoring capabilities.”
–Jayshree V. Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco Systems®
Jazib Frahim, CCIE® No. 5459, is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security.
Omar Santos is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He has more than 12 years of experience in secure data communications.
David White, Jr., CCIE No. 12,021, has more than 10 years of networking experience with a focus on network security. He is currently an escalation engineer in the Cisco TAC, where he has been for more than six years.
- Effectively deploy the Cisco Trust Agent
- Configure Layer 2 IP and Layer 2 802.1x NAC on network access devices
- Examine packet flow in a Cisco IOS NAD when NAC is enabled, and configure Layer 3 NAC on the NAD
- Monitor remote access VPN tunnels
- Configure and troubleshoot NAC on the Cisco ASA and PIX security appliances
- Install and configure Cisco Secure Access Control Server (ACS) for NAC
- Install the Cisco Security Agent Manage-ment Center and create agent kits
- Add antivirus policy servers to ACS for external antivirus posture validation
- Understand and apply audit servers to your NAC solution
- Use remediation servers to automatically patch end hosts to bring them in compliance with your network policies
- Monitor the NAC solution using the Cisco Security Monitoring, Analysis, and Response System (MARS)
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Network Admission Control
This book provides an overview of Intercloud technologies, discussing the theory and providing specific examples of how these technologies work. The key value of this book is its unique perspective on cloud architecture, focusing on technology components such as virtualization, on-demand and autonomic management, security, and protocols that will enable Intercloud capabilities. Because the nascent Intercloud assumes a federated relationship amongst cloud providers, this book also addresses the new business issues faced by service providers in the Intercloud. In many ways, the Interclouds’ infancy can be likened to pre-Internet days with the potential to disrupt communications and IT as a whole, and this book will describe a phased plan that illustrates the path to a coherent Intercloud utility.
The plan takes the three primary Cloud service layers (IaaS, PaaS, & SaaS) and adds to them a new dimension paralleling the evolution of today’s networks (and network topology / connectivity paradigms). Intercloud exchange/Market place, service fulfillment, service assurance, billing, identity, security, visibility, control, optimization, application peering and federations are just a few of the many technology and business components analyzed in this book. Early use cases for the new utility include delivery of applications and services via a "public cloud". Also, "private clouds" are illustrated, where an enterprise extends its own data center dynamically in-house. And hybrid clouds are explained, in which private clouds are extended through the services of a provider, eliminating the need to inefficiently build out new capacity for each application and thus leading to a peak utilization strategy.
The authors’ unique knowledge of Cloud technology and infrastructure, as well as experience with the evolution of today’s Internet businesses, makes this book one of the most valuable titles for any IT decision maker and a must-read for anybody involved in the Cloud industry.