Skip to main content

Posts

Showing posts from August, 2007

NAC Network Modules

I just wanted to give everyone the update on the NEW NME-NAC-K9 module. They are supported as of version 4.1(2). The Cisco NAC Network Module (NME-NAC-K9) implements the Clean Access Server functionality on the next generation service module for the Cisco 2811/2821/2851 and 3825/3845 access routers. The NAC network module is pre-installed with Cisco NAC Appliance software release 4.1(2) (or later), with the Clean Access Server software running as the application code. The Clean Access Server operating system is based on an optimized version of Linux. The NAC network module is an ideal NAC solution for small groups of users in remote locations where an integrated services router is used. The NAC network module can be equipped with either a 50-user or 100-user license to support branch offices. The following are some documents to get you started with the new NAC Network Module: Getting Started with Cisco NAC Network Modules in Cisco Access Routers http://www.cisco.com/en/US/products/ps6...
1 comment
Read more

Book Review - Cisco NAC Appliance Book

Title: Cisco NAC Appliance: Enforcing Host Security with Clean Access Author: Jamey Heary, CCIE #7680 Contributing Authors: Jerry Lin, CCIE #6469, Chad Sullivan, CCIE #6493, and Alok Agrawal Publisher: Cisco Press I want to start out by saying that this book completely exceeded my expectations for the first NAC Appliance book. I wish this was published 3 years ago. The author clearly articulates the business benefits of NAC, including how NAC provides return on investment (ROI), which gives any reader the know-how to wisely purchase Cisco NAC Appliance. He also shows his technical expertise by diving extremely deep into the inner workings of Cisco NAC Appliance, which gives engineers, consultants, and operations the information they need to successfully deploy or maintain the product. This book shows great details into the process flows of In-Band & Out-of-Band users, Clean Access Agent (CAA) users and network scanning users. The information on the different deploymen...
Post a Comment
Read more

NAC WSUS Requirement Type

Background: New to 4.1.1, WSUS Requirements gives NAC Appliance administrators the ability to seamlessly integrate with local WSUS servers or utilize Microsoft Servers to ensure users are up to date on their microsoft service packs and patches. Configuring WSUS Requirements: The following are a list of options when configuring a WSUS Requirement: Update Validation source - This involves checking to see if a particular client machine is up to date with patches. This check can be done against the WSUS server itself OR against Cisco rulesets. Cisco Rules - In this case, the new “WSUS Server Update services” requirement needs to be mapped to the standard Cisco rule sets such as XP_hotfixes etc. Standard registry scans will be performed on the client machine based on these rule sets. WSUS Server - In this case, the CCA Agent makes an API call to the WSUS Agent on the client machine to check compliance. Since our rule set is ...
1 comment
Read more

CAA Requirement Best Practices - Enforce Types

In the world of NAC Appliance, when using the NAC Agent, there are 3 different type of enforcement types. At first look you have the ability to use the following enforce types: Audit —Silently audit. The client system is checked "silently" for the requirement without notifying the user, and a report is generated. The report results (pass or fail) do not affect user network access. Optional —Do not enforce requirement. The user is informed of the requirement but can bypass it if desired (by clicking "Next"). The client system does not have to meet the requirement for the user to proceed or have network access. Mandatory —Enforce requirement. The user is informed of this requirement and cannot proceed or have network access unless the client system meets it. So why is this so important for NAC Deployments.... This gives administrators the ability to deploy with the least impact as possible. All deployments should start with AUDIT type requirements. By doing this we a...
Post a Comment
Read more

Jamey Heary's Cisco NAC Blog on Network World

Make sure to check out the new blog on Cisco Subnet. Jamey Heary the author of the New Cisco NAC Appliance Book is writing it. It can be checked out here: http://www.networkworld.com/community/heary About the Blogger: Jamey Heary, CCIE No. 7680, is a security consulting systems engineer at Cisco. He leads its Western Security Asset team and is a field advisor for Cisco's global security virtual team. Jamey is the author of the recently published Cisco NAC Appliance: Enforcing Host Security with Clean Access. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey has been working in the IT field for 14 years and in IT security for 9 years
Post a Comment
Read more