9781587053061

Summary

The ultimate reference guide for the Cisco NAC (Network Access Control) Appliance with easy-to-follow guides to major security applications.

Author Biography

About the Author

Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.

About the Contributing Authors

Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.

Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.

Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.

Introduction	p. xxii
The Host Security Landscape	p. 3
The Weakest Link: Internal Network Security	p. 5
Security Is a Weakest-Link Problem	p. 6
Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks	p. 7
The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware	p. 9
Summary	p. 10
Introducing Cisco Network Admission Control Appliance	p. 13
Cisco NAC Approaches	p. 13
NAC as an Appliance	p. 13
NAC as an Embedded Solution	p. 15
Cisco NAC Integrated Implementation	p. 16
Cisco NAC Appliance Overview	p. 16
Cisco NAC Return on Investment	p. 17
Summary	p. 18
The Blueprint: Designing a Cisco NAC Appliance Solution	p. 21
The Building Blocks in a Cisco NAC Appliance Design	p. 23
Cisco NAC Appliance Solution Components	p. 23
Cisco NAC Appliance Manager	p. 24
Cisco NAC Appliance Server	p. 25
Cisco Clean Access Agent	p. 28
Cisco NAC Appliance Network Scanner	p. 29
Cisco NAC Appliance Minimum Requirements	p. 30
Cisco NAC Appliance Manager and Server Requirements	p. 31
Cisco Clean Access Agent Requirements	p. 32
Scalability and Performance of Cisco NAC Appliance	p. 33
Summary	p. 33
Making Sense of All the Cisco NAC Appliance Design Options	p. 35
NAC Design Considerations	p. 35
Single-Sign-On Capabilities	p. 36
In-Band Versus Out-of-Band Overview	p. 36
Layer 2 Versus Layer 3 Client Adjacency Overview	p. 37
Virtual Gateway Versus Real IP Gateway Overview	p. 37
Deployment Options	p. 38
Table of Contents provided by Publisher. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

= 0) {slash = '\\';} else {slash = '/';}openLoc = figLoc.substring(0, figLoc.lastIndexOf(slash) + 1);while (pPage.substring(0,3) == '../') {openLoc = openLoc.substring(0, openLoc.lastIndexOf(slash, openLoc.length - 2)+ 1);pPage = pPage.substring(3, pPage.length + 1);}popUpWin =window.open('','popWin','resizable=1,scrollbars=1,location=0,toolbar=0,width=525,height=394');figDoc = popUpWin.document;zhtm= ' ' + pPage + ' ';zhtm += ' ';zhtm += ' ';zhtm += ' ';zhtm += '' + pPage.substring(pPage.lastIndexOf('/') + 1, pPage.length) + '';zhtm += ' ';figDoc.write(zhtm);figDoc.close();}// modified 3.1.99 RWE v4.1 --> Cisco NAC Appliance: Enforcing Host Security with Clean Access Cisco NAC Appliance: Enforcing Host Security with Clean Access IntroductionAlmost every contemporary corporation and organization has acquired and deployed security solutions or mechanisms to keep its networks and data secure. Hardware and software tools such as firewalls, network-based intrusion prevention systems, antivirus and antispam packages, host-based intrusion prevention solutions, and vulnerability scanners have proven effective to a certain degree, but only if they are kept up to date. For example, classic virus attacks sent via e-mail attachments, such as netsky and MyDoom, can easily be detected and prevented by any up-to-date antivirus and antispam software package. The key to stopping host attacks is being able to proactively enforce security policies that ensure all hosts must be fully patched and have up-to-date security software running before allowing them full network access. Existing security solutions do not proactively stop a PC from entering the network if its security software and operating system software are not current. Frequently, users will manually disable their host security software because it either reduces the overall performance of their PC or prevents an application from installing. When antivirus and antispam packages are out of date or not running, the likelihood of PC virus infections increases. This in turn increases the overall security risk to the organization.The same principle applies to OS hotfixes. Take Microsoft Windows as an example. If you fail to implement new Windows security hotfixes in a timely manner to address newly discovered vulnerabilities, the probability of those unpatched hosts being compromised, or "owned," greatly increases. This can result in a loss of productivity due to system downtime, theft of company and personal confidential information, or unauthorized access to sensitive information. Unfortunately, loss of a client's confidential information us

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Cisco NAC Appliance Enforcing Host Security with Clean Access

1587053063

Summary

Author Biography

Table of Contents

Supplemental Materials

Excerpts

Rewards Program