April 2008
Intermediate to advanced
288 pages
7h 8m
English
book
Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control
by Daniel V. Hoffman
Content preview from Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
2.4. Taking Action Based on the Security Posture
At this point, the device has been assessed and its security posture communicated to other necessary components of the NAC/NAP solution. So, now what?
This question is as much political and philosophical as it is technical. The real question is "What does your company want to do, and does it have the strength to stand behind that decision?"
There are a number of logical action items that can be taken against devices. These actions depend upon whether or not Mobile NAC or LAN-based NAC is being used.
2.4.1. Mobile NAC Action
Mobile devices are in a unique situation. It doesn't do any good to be able to quarantine a noncompliant laptop to only certain areas of the corporate LAN if the laptop is sitting at a Starbucks and isn't connected to the LAN. The restriction that will protect that device must relate to its current environment. This point will be made very clear in Chapter 3, "What Are You Trying to Protect?"
As such, here are some action options to consider for noncompliant devices with Mobile NAC:
Prohibit the device from connecting to the corporate LAN via VPN
Prohibit the device from connecting via Wi-Fi
Quarantine the mobile device so that it can only access certain areas of the Internet, such as remediation servers that can fix any security issues
Restrict the use of certain applications, such as Internet Explorer and e-mail, when in a noncompliant state
Automatically fix the problem!
Based upon the fact that the mobile device ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.