© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.

Slides:

Advertisements

Similar presentations

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

Advertisements

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.

A Secure Network for All Team Excel. Requirements Business Add visitor, customer, and competitor access Use non-company laptops onto corporate network.

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Wireless and Switch Security NETS David Mitchell.

Larry Edie & Annie Ballew.  Who are you users?  What do you know about your users?  How can you cost-effectively manage this information?  How can.

Security and Policy Enforcement Mark Gibson Dave Northey

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

Information Security in Real Business

Wireless Network Security

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Network Registration and User Tracking An Open Source Approach Mark Berman Ashley Frost Williams College.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using a Cisco Router as a DHCP Server.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

Network Access Control for Education

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Implementing Network Access Protection

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Basic Wireless Concepts & Configuration Chapter.

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

Module 8: Configuring Network Access Protection

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Cisco’s Secure Access Control Server (ACS)

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Configuring Network Access Protection

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Defense-in-Depth using Network Virtualization and Network Admission.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Chapter 6: Securing the Local Area Network

NAC-NAP Interoperability

Välkommen till Forefront Tour 2008!. Forefront Partners här idag.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Module 6: Network Policies and Access Protection.

Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.

Module 5: Network Policies and Access Protection

So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.

Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008.

Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.

Maintaining a Secure and Usable Wireless Network

Implementing Network Access Protection

Security of a Local Area Network

Free Dumps With Real Exam Question Answers | Free Update

Implementing Client Security on Windows 2000 and Windows XP Level 150

Presentation transcript:

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission Control Design and Policy implications

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 2 What is NAC ? Gives differentiated access to the network based on – Who you are (staff, student, visitor etc) – What you have (Platform/OS, patch level, AV status etc)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 3 Why do you want NAC  Major threat is still malware on Windows 2K upwards  Primary motivation is fear or ‘mass outbreak’  Also reducing helpdesk/support workload  Also makes ports/SSIDs ‘dynamic’ – access/acl’s vary by user/group

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 4 NAC on Wireless LANs  WLAN users are more likely to – Have been off the network for periods of time – Have been on another network – Be non-standard – Be new (to you) – Need an authentication system*  All of these increase the risks and/or support overhead

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 5 Key Requirements of NAC Solution  Securely identify users  Enforce policy specific to type of users  Quarantine and Remediate  Be easy to set up and keep up to date  Play nicely with network operating systems

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 6 Securely identify users  Check username and password directly or  Trust some other authentication like 802.1x, Windows domain, VPN concentrator etc  Should use existing directory structure LDAP, Radius etc  Use this information to get group/role of user e.g staff, student, contractor etc.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 7 Enforce policy specific to type of users  Staff – policy might be very prescriptive: – specify the allowed types of OS, one AV agent, required software etc, but then allow unrestricted access  Students – policy may be more flexible – allow any AV, any OS, but restrict access to finance and admin networks  Guests – policy may be light touch – may warn about OS health (patch levels) but not enforce, and allow access to anything but local IP addresses

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 8 Quarantine and Remediate “as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know.” Donald Rumsfeld

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 9 Quarantine and Remediate  Protect the network from unknown users  Protect unknown users from each other  Give users who do not comply with policy enough access to self help  Guide these users through the steps they have to take  Take steps to prevent abuse

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 10 Be easy to set up and keep up to date  Ideally turn written policy in to NAC configuration in easy steps  If the system is not kept up to date its value diminishes  If remediation is not straightforward users are more likely to phone/queue up at help-desk

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 11 Play nicely with Network OS NAC solutions may restrict or change network access during boot up and log on process Boot scripts, network drives, Group Policy objects may suffer It’s important to understand what the impact of a NAC deployment would be, and work around or fix these issues

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 12 Dynamic VLANs  Post assessment control delegated to VLAN –VLAN dictates IP network –ACLs from that network to others control access –Make sure you test your DHCP regime  VLANs do not need to be global* E.g. in building 1 vlan named ‘staff’ is vlan10 In building 2 vlan named ‘staff’ is vlan 110  Need Mechanism to detect change of host Link down, client keep alive etc

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 13 Side benefits of NAC Can also be used to check for required/undesirable s/w Generates a wealth of information about clients Can make ports/networks multi-use Can present an AUP for regular acceptance

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 14 Summary  NAC tailors network access to different user types  NAC enforces your policy (good or bad)  NAC can update/reconfigure users who don’t comply  NAC can reduce your exposure to ‘mass outbreaks’  NAC need to work with network OS for prime-time

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 15