April 2008
Intermediate to advanced
288 pages
7h 8m
English
book
Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control
by Daniel V. Hoffman
Content preview from Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
7.2. The Technical Components of the Cisco NAC Framework
As discussed in Chapter 2 and Chapter 6, all NAC/NAP solutions consist of the same basic elements. Not all NAC/NAP solutions will contain all of the elements, and some vendors will be better at some elements than others. This section analyzes the following NAC components as they relate directly to the Cisco NAC Framework:
A technology to analyze the security posture of the device
A policy-related component to configure and set the policy on what specific security criteria will be analyzed on the device
A technology to communicate the security state of the device to other facets of the NAC/NAP solution
A mechanism that receives the security posture of the device and performs an action based upon those results
A policy-related component to configure and set the policy regarding what action will take place
A remediation technology whose purpose is to bring the device back into compliance
7.2.1. Analyzing the Security Posture of a Device
There are two methods by which the security posture of a device can be assessed:
Client — Cisco Trust Agent (CTA) and vendor-specific posture plugins (PPs) are installed on each device accessing the network.
Clientless — No assessment software is installed on a device accessing the network. Cisco refers to these types of systems as NAC Agentless Hosts (NAH).
As mentioned previously, client-based analysis can reveal much greater detail than clientless analysis. With this solution, it's important to ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.