Presentation is loading. Please wait.

Presentation is loading. Please wait.

On and Off Premise Secure Access

Published byÁgata Helena Gonçalves Caminha Modified over 6 years ago

Similar presentations

Presentation on theme: "On and Off Premise Secure Access"— Presentation transcript:

1 On and Off Premise Secure Access
Secure Layer 2 Network Access What’s new AC 4.2 AnyConnect NAM Filter multiple machine certificates to ensure the correct certificate is selected without user intervention. Wireless Benefits 802.1x Better Security Enterprise user to device binding to tighter policy controls The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators. The Network Access Manager detects and selects the optimal Layer 2 access network and performs device authentication for access to both wired and wireless networks. The Network Access Manager manages user and device identity and the network access protocols required for secure access. It works intelligently to prevent end users from making connections that are in violation of administrator-defined policies. The Network Access Manager component of the AnyConnect Secure Mobility Client supports these main features: Wired (IEEE 802.3) and wireless (IEEE ) network adapters Pre-login authentication using Windows machine credentials Single sign-on user authentication using Windows logon credentials Simplified and easy-to-use IEEE 802.1X configuration IEEE MACsec wired encryption and enterprise policy control EAP methods: – EAP-FAST, PEAP, EAP-TTLS, EAP-TLS, and LEAP (EAP-MD5, EAP-GTC, and EAP-MSCHAPv2 for IEEE wired only) Inner EAP methods: – PEAP—EAP-GTC, EAP-MSCHAPv2, and EAP-TLS – EAP-TTLS—EAP-MD5 and EAP-MSCHAPv2 and legacy methods (PAP, CHAP, MSCHAP, and MSCHAPv2) – EAP-FAST—GTC, EAP-MSCHAPv2, and EAP-TLS Encryption modes: – Static WEP (Open or Shared), dynamic WEP, TKIP, and AES Key establishment protocols: – WPA, WPA2/802.11i, and CCKM (selectively, depending on the IEEE NIC card) Flexibility Manages both Wired and Wireless media End-user control optional NAM module provides end user an intuitive interface for managing wired and wireless network connections. Pre-login authentication using Windows machine credentials. Single sign-on user authentication using Windows logon credentials. Simplified IEEE 802.1X configuration. IEEE MACsec wired encryption and enterprise policy control. Multiple EAP methods supported Capabilities Improve network operations Administrative control via NAM Service Profile?

2 Cisco Network Access Manager Features - AnyConnect Client 3.1
U.S. government support (Suite B and FIPS compliance for MACsec) IPv6 support (including dual-stack IPv4 and IPv6) Corporate network designation EAP chaining Windows 8 support* Mobile broadband (3G) support (beta feature) Single sign-on enhancements Start-before-logon (SBL) enhancements Wireless radio-state enhancements Enhancements to user-created network profiles Additional statistics information for troubleshooting Detection of PSK mismatch for EAP chaining on Windows 8, you would need the following: For Network Access Manager, machine authentication using a machine password will not work on Windows 8 / Server 2012 unless a registry fix described in Microsoft KB   (  is applied to the client desktop. This fix includes adding a DWORD value LsaAllowReturningUnencryptedSecrets to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and setting this value to 1. This change permits the local security authority (LSA) to provide clients like Cisco Network Access Manager with the machine password. It is related to the increased default security settings in Windows 8 / Server Machine authentication using a machine certificate does not require this change and will work the same as it worked with pre-Windows 8 operating systems. This is specified in release notes:   So for "EAP Chaining on Windows 8" , read our release notes:   *EAP chaining on Windows 8 requires a registry fix

3 AnyConnect® NAM v3.1 or newer
EAP Chaining EAP chaining using EAP-FAST protocol extensions is supported EAP chaining ties both the machine and user credentials to the device, thus the "owner" is using a corporate asset Machine credentials are authenticated to the network using 802.1X When the user logs onto the device, the session information from the machine authentication and user credentials is sent up to the network as part of the same authentication If both the machine and user credentials are successfully validated, the "owner" is tied to the device, thus deeming it a corporate asset If both or either of these credentials fail, restricted or denied network access can be given according to the Cisco® Identity Services Engine authorization policy Cisco Identity Service Engine (ISE) or Later Credentials Machine Machine Authentication AnyConnect® NAM v3.1 or newer Machine and User Credentials Validated AD Database RADIUS User Credentials User Authentication (includes both user and machine identity types) User Authentication

4 EAP Chaining Software and Hardware Requirements
 Client A laptop or desktop computer with an Ethernet network interface card (NIC) or Wi-Fi NIC and one of the following operating systems: Windows 8/8.1 x86 (32-bit) and x64 (64-bit) Windows 7 SP1 x86 (32-bit) and x64 (64-bit) Windows Vista SP2 x86 and x64 Windows XP SP3 x86 Windows Server 2003 SP2 x86 Cisco AnyConnect® 3.1 or later with Cisco® NAM installed Cisco AnyConnect 3.1 or later Profile Editor Server Cisco Identity Services Engine (ISE) System or later Network Infrastructure Ethernet switch or Wi-Fi access point configured for 802.1X

Download ppt "On and Off Premise Secure Access"

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Clinic Security and Policy Enforcement in Windows Server 2008.

Clinic Security and Policy Enforcement in Windows Server 2008.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Similar presentations

Ads by Google