Cisco NAC network access control White Paper

This article describes in detail how to set up the Cisco NAC network, and introduces the advantages of NAC and Its Implementation options. I believe this article will help you.

Cisco network access control (NAC) is specially designed to ensure adequate protection for all terminal devices (such as PCs, laptops, servers, smart phones, and PDAs) that access network resources, to defend against network security threats. As a market-leading program involving renowned manufacturers of anti-virus, security, and management products, NAC has attracted the attention of media, analysis companies, and institutions of all sizes.

This article explains how NAC plays a key role as part of a policy-based security strategy and describes and defines available NAC methods.

Advantages of NAC

According to the 2005 CSI/FBI Security Report, although security technology has been developing for many years and its implementation is even more costly than millions of dollars, however, viruses, worms, spyware, and other forms of malware are still the main problems facing various organizations. The large number of security incidents that organizations encounter each year cause system interruptions, loss of income, data damage or destruction, and reduced productivity. This has brought a huge economic impact to institutions.

Obviously, traditional security solutions alone cannot solve these problems. Cisco Systems Company? Developed a comprehensive security solution that combines advanced anti-virus, security, and management solutions to ensure that all devices in the network environment comply with security policies. NAC allows you to analyze and control all devices attempting to access the network. By ensuring that each terminal device complies with the enterprise's security policies (for example, the most relevant and advanced security protection measures ), the number of terminal devices that can be used as a common source of infection or damage to the network can be greatly reduced or even eliminated by the Organization.

Greatly improve network security

Although most organizations use identity management and authentication, authorization, and accounting (AAA) Mechanisms to authenticate users and assign them network access permissions, however, these methods have almost no effect on verifying the security of user terminal devices. If you do not use an accurate method to assess the device's 'status', even the most trusted user may accidentally pass the infected device or the device that is not properly protected, expose all users in the network to great risks.

Is NAC built on Cisco Systems? A series of technologies and solutions based on the industry plan. NAC uses network infrastructure to perform security policy checks on all devices attempting to access network computing resources, thus limiting emerging security threats such as viruses, worms, and spyware to damage network security. Customers implementing NAC can only allow trusted terminal devices (PCs, servers, and PDAs) that comply with the security policy to access the network, and control access to networks from devices that do not comply with the policy or are not manageable.

The advantages of NAC are designed and integrated into the network infrastructure, so they are unique. So why should we implement policy compliance and validation strategies on the Network (rather than elsewhere?

1. Data of each bit of interest or interest to the organization is transmitted over the network.

2. Each device of interest or relationship to the Organization is connected to the same network.

3. Implement network access control so that organizations can deploy as extensive security solutions as possible, including as many network devices as possible.

4. This strategy leverages the Organization's existing infrastructure, security, and management deployment to minimize IT overhead.

By running NAC, as long as the terminal device tries to connect to the network, the network access device (LAN, WAN, wireless or remote access device) will automatically apply for installed clients or evaluation tools to provide terminal device security information. Then compare the information with the network security policy, and determine how to process network access requests based on the device's compliance with the policy. The network can allow or deny access. You can also restrict network access by redirecting devices to a CIDR block to avoid being exposed to potential security vulnerabilities. In addition, the network can isolate the device, which redirects the device that does not comply with the policy to the patch server, so that the device can meet the policy compliance level through component update.

Some security policy compliance checks executed by NAC include:

Determine whether the device is running the authorized version of the operating system.

Check whether the operating system has installed appropriate patches or has completed the latest hotfix.

Determine whether the device has installed anti-virus software and whether it has the latest series of signature files.

Make sure that the anti-virus technology is enabled and running.

Determine whether the personal firewall, intrusion protection, or other desktop system security software has been installed and correctly configured.

Check whether the enterprise image of the device has been modified or tampered.

NAC then makes policy-based informed Network Access decisions based on the answers to the above questions.

Some advantages of implementing the NAC solution include:

1. It helps ensure that all network devices of users comply with security policies, greatly improving network security and avoiding the impact of scale and complexity. By actively defending against worms, viruses, spyware, and malware attacks, organizations can focus on active defense (rather than passive response ).

2. Extend the value of existing CISCO networks and anti-virus, security, and management software through the extensive deployment and integration of well-known manufacturers.

3. Detect and control all devices attempting to connect to the network, without affecting their access methods (such as routers, switches, wireless networks, VPN and dial-up), so as to improve the enterprise's permanent deployment and scalability.

4. Prevent uncompliant and unmanageable terminal devices from affecting network availability or user productivity.

5. Reduce operating costs related to identifying and repairing vulnerable, unmanageable, and infected systems.

NAC Implementation Options

Cisco also provides product and architecture-based NAC framework methods to meet the functional and operational requirements of any organization, whether simple security policy requirements, there are also complicated security implementation requirements related to a large number of security vendors and Enterprise Desktop System Management Solutions.