Skip to main content

Cisco NAC Appliance Book

Finally after many years the first Cisco NAC Appliance book will be released in this coming August! A lot of very good engineers have contributed to this book, including the NACA TMEs! It is definately going to be something worth picking up and reading!

Cisco NAC Appliance: Enforcing Host Security with Clean Access

Book Description:

The ultimate reference guide for the Cisco NAC (Network Access Control) Appliance with easy-to-follow guides to major security applications
- Learn how Network Admission Control can make your network more secure
- Prevent security breaches by checking for and enforcing a host security policy at the network edge
- Master the design, configuration, deployment, and troubleshooting of the NAC Appliance solution

Cisco NAC Appliance from Cisco Press presents an overview of real world Cisco NAC Appliance (formerly known as Clean Access) deployment scenarios. The book provides best practices for communicating to the user community before deploying the NAC Appliance and how best to plan/design for the eventual merger of NAC framework and NAC Appliance solutions. The majority of viruses and worms in existence today would be successfully stopped using an up to date operating system along with an up to date anti-virus client. The concept of checking how up to date a host's operating system, antivirus client, and spyware removal tools are before they are given access to the network is relatively new. It is not so much the operating system's or anti-virus client's lack of ability to stop the majority of attacks so much as it is a company's lack of ability to enforce, at the network layer, security policies that require endpoint systems to have updated patches and AV software installed. This ability is the essence of what the Cisco NAC Appliance provides. This book is the ultimate reference to the Cisco NAC Appliance, and is an essential book in the library of any networking professional that works on host security or security policy enforcement.


About the Author:

Jamey Heary, CCIE No. 7680 is a Security Consulting Systems Engineer at Cisco. James also holds CISSP, CCSP, CCNP, CCDP, and Microsoft MCSE certifications, as well as a certified HIPAA Security Professional. He has a B.S. from St. Lawrence University.

Book Details:

Paperback: 550 pages
Publisher: Cisco Press; 1 edition (August 8, 2007)
Language: English
ISBN-10: 1587053063
ISBN-13: 978-1587053061

Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco Zero Trust Architecture

 As a follow up to the previous post around Zero Trust Architecture , Cisco has been delivering zero trust architectures for customers for many years. With the platform approach provided by Cisco Zero Trust organizations gain better visibility across users, devices, containers, networks, and applications, verifying their security states with every access request. Adopting this model provides a balance between security and usability. Security teams can make it harder for attackers to collect what they need (user credentials, network access, and the ability to move laterally), and users can get a consistent and more productive security experience, regardless of where they’re located, what endpoints they’re using, or whether their applications are on-premises or in the cloud. Cisco Zero Trust provides a comprehensive approach to securing all access across applications and environment, from any user, device and location. It protects the workforce , workloads and workplac...
6 comments
Read more

Why are Virtual Private Networks and Software Defined Perimeters mutually exclusive?

Increased remote work, vulnerabilities popping up and the #killthevpn movement has the cyber security industry laser focused on the transition from VPN to SDP. Let’s start with an acceptable definition of SDP from Wikipedia: “Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.” I hope we all can agree that the “ground truth" of SDP is valid and any organizations will benefit by adopting SDP architecture and principals(including Zero Trust). How is a Remote Access VPN any different than the “Client-to-gateway” deployment model defined for SDP? “In the client-to-gateway implementation, one or more servers are protected behind an Accepting SDP Host such that the Accepting SDP Host acts as a gateway between ...
5 comments
Read more

Cisco Releases Idenity Services Engine (AKA ISE)

Introduction After years of innovation around Network Access Control, Cisco has released its next generation NAC solution: Identity Services Engine. ISE is combines existing loosely coupled devices AAA, profiling, posture and guest management - in single, scalability appliance. As part of the Cisco TrustSec solution and Cisco’s SecureX architecture for Borderless Networks, the Cisco Identity Service Engine provides a centralized policy engine for business relevant policy definition and enforcement. This policy work horse enables centralized, coordinated policy creation and consistent policy enforcement across the entire corporate infrastructure, from head office to branch office. ISE Features & Benefits Visibility: Single Platform & Pane of Glass - Let IT see who and what is on the network for advanced discovery and troubleshooting Dynamically collects & consolidates endpoint information to make adaptive policy decisions based on ‘context’ Integrates functions previously d...
5 comments
Read more