Skip to main content

NAC NEWS UPDATES

The following is a list of new things out there in the Cisco NAC World. The NAC Market is continuing to grow in 2009 and with the growth the products will continue to evolve, get better and have more options.

Security Options Abound: New NAC Release

My friends over at TechWiseTV are a huge multi-media machine, producing video, audio and podcasts. Well this PodCast is on NAC 4.5, Alok Agrawal of the NAC Business Unit and Myself dive into some of the cool features of 4.5. All of the podcasts can be subscribed to through iTunes.

To access the NAC podcast go to:

http://www.cisco.com/en/US/solutions/ns340/ns339/ns638/ns719/html_TW/tw_episode_198.html

And to get more information on all the great stuff coming from Techwise TV visit:
http://www.mytechwisetv.com/
or
http://cisco.com/go/interact

NAC Layer 3 Out of Band Design Guide That Uses VRF-Lite for Traffic Isolation

Cisco wrote a new configuration guide on using VRF-Lite for traffic isolation. This is a great configuration option for NAC, but with that said never re-design your network just for NAC. VRFs can become very complex and introducing new technology into the network should be carefully planned. Using VRFs in a enterprise network does make sense, but the reasons for moving to the new network design should be a combination of the added features/benefits for Security(NAC, Guest Access, Wireless, etc.) and Network managebility, throughput, and scalability.

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a3a8a7.shtml

New NAC Profiler Release

Last month a new maintenance release of Cisco NAC Profiler came out. 2.1.8-38 brings a good list of BugFixes and minor enhancements.

One Minor Enhancement that made it was Endpoint and Directory Timeout Unified Into Endpoint Timeout, which gives us more control on how to age out endpoints out of the database.

Find all the Fixes and information in the Release Notes.

The Release Notes can be found:
http://www.cisco.com/en/US/docs/security/nac/profiler/release_notes/218/218rn.html#wp101317

The new software can be download at:
http://www.cisco.com/cgi-bin/tablebuild.pl/nacprofiler-2.1.8 (Requires Valid Smartnet Contract)
Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco Zero Trust Architecture

 As a follow up to the previous post around Zero Trust Architecture , Cisco has been delivering zero trust architectures for customers for many years. With the platform approach provided by Cisco Zero Trust organizations gain better visibility across users, devices, containers, networks, and applications, verifying their security states with every access request. Adopting this model provides a balance between security and usability. Security teams can make it harder for attackers to collect what they need (user credentials, network access, and the ability to move laterally), and users can get a consistent and more productive security experience, regardless of where they’re located, what endpoints they’re using, or whether their applications are on-premises or in the cloud. Cisco Zero Trust provides a comprehensive approach to securing all access across applications and environment, from any user, device and location. It protects the workforce , workloads and workplac...
6 comments
Read more

Why are Virtual Private Networks and Software Defined Perimeters mutually exclusive?

Increased remote work, vulnerabilities popping up and the #killthevpn movement has the cyber security industry laser focused on the transition from VPN to SDP. Let’s start with an acceptable definition of SDP from Wikipedia: “Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.” I hope we all can agree that the “ground truth" of SDP is valid and any organizations will benefit by adopting SDP architecture and principals(including Zero Trust). How is a Remote Access VPN any different than the “Client-to-gateway” deployment model defined for SDP? “In the client-to-gateway implementation, one or more servers are protected behind an Accepting SDP Host such that the Accepting SDP Host acts as a gateway between ...
5 comments
Read more

Cisco Releases Idenity Services Engine (AKA ISE)

Introduction After years of innovation around Network Access Control, Cisco has released its next generation NAC solution: Identity Services Engine. ISE is combines existing loosely coupled devices AAA, profiling, posture and guest management - in single, scalability appliance. As part of the Cisco TrustSec solution and Cisco’s SecureX architecture for Borderless Networks, the Cisco Identity Service Engine provides a centralized policy engine for business relevant policy definition and enforcement. This policy work horse enables centralized, coordinated policy creation and consistent policy enforcement across the entire corporate infrastructure, from head office to branch office. ISE Features & Benefits Visibility: Single Platform & Pane of Glass - Let IT see who and what is on the network for advanced discovery and troubleshooting Dynamically collects & consolidates endpoint information to make adaptive policy decisions based on ‘context’ Integrates functions previously d...
5 comments
Read more