Cisco NAC Appliance: Enforcing Host Security with Clean Access [NOOK Book]


Cisco NAC Appliance

Enforcing Host Security with Clean Access

Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance

Jamey Heary, CCIE® No. 7680

Contributing authors: Jerry Lin, CCIE No. 6469,

Chad Sullivan, CCIE No. 6493, and Alok Agrawal

With today's security ...

See more details below
Cisco NAC Appliance: Enforcing Host Security with Clean Access

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study

Want a NOOK? Explore Now

NOOK Book (eBook)
$30.99 price
(Save 42%)$53.99 List Price


Cisco NAC Appliance

Enforcing Host Security with Clean Access

Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance

Jamey Heary, CCIE® No. 7680

Contributing authors: Jerry Lin, CCIE No. 6469,

Chad Sullivan, CCIE No. 6493, and Alok Agrawal

With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past.

Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point.

Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy.

Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years.

  • Understand why network attacks and intellectual property losses can originate from internal network hosts
  • Examine different NAC Appliance design options
  • Build host security policies and assign the appropriate network access privileges for various user roles
  • Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide
  • Set up and configure the NAC Appliance solution
  • Learn best practices for the deployment of NAC Appliance
  • Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press–Security

Covers: End-Point Security

Read More Show Less

Product Details

  • ISBN-13: 9780132796798
  • Publisher: Pearson Education
  • Publication date: 8/20/2007
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 576
  • File size: 21 MB
  • Note: This product may take a few minutes to download.

Meet the Author

About the Author

Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.

About the Contributing Authors

Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.

Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.

Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.

Read More Show Less

Table of Contents

Introduction xxii

Part I The Host Security Landscape 3

Chapter 1 The Weakest Link: Internal Network Security 5

Security Is a Weakest-Link Problem 6

Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks 7

The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware 9

Summary 10

Chapter 2 Introducing Cisco Network Admission Control Appliance 13

Cisco NAC Approaches 13

NAC as an Appliance 13

NAC as an Embedded Solution 15

Cisco NAC Integrated Implementation 16

Cisco NAC Appliance Overview 16

Cisco NAC Return on Investment 17

Summary 18

Part II The Blueprint: Designing a Cisco NAC Appliance Solution 21

Chapter 3 The Building Blocks in a Cisco NAC Appliance Design 23

Cisco NAC Appliance Solution Components 23

Cisco NAC Appliance Manager 24

Cisco NAC Appliance Server 25

Cisco Clean Access Agent 28

Cisco NAC Appliance Network Scanner 29

Cisco NAC Appliance Minimum Requirements 30

Cisco NAC Appliance Manager and Server Requirements 31

Cisco Clean Access Agent Requirements 32

Scalability and Performance of Cisco NAC Appliance 33

Summary 33

Chapter 4 Making Sense of All the Cisco NAC Appliance Design Options 35

NAC Design Considerations 35

Single-Sign-On Capabilities 36

In-Band Versus Out-of-Band Overview 36

Layer 2 Versus Layer 3 Client Adjacency Overview 37

Virtual Gateway Versus Real IP Gateway Overview 37

Deployment Options 38

How to Choose a Client/Server Adjacency Mode 39

Layer 2 Mode 40

Layer 3 Mode 40

Layer 2 Strict Mode for Clean Access Agent 41

How to Choose a Network Mode 42

Virtual Gateway Mode 42

Real IP Gateway Mode 43

In-Band Mode 43

The Certification Process in In-Band Mode 44

Certification Steps for Host with Clean Access Agent 44

Steps for Client to Acquire an IP Address 44

Clean Access Agent Authentication Steps 45

Clean Access Agent Host Security Posture Assessment Steps 45

Clean Access Agent Network Scanner Steps 46

Agent Post-Certification Steps 47

Login Steps for Host Using Web Login (No Clean Access Agent) 47

Web Login Authentication Steps 48

Web Login Network Scanning Steps 48

Post—Web Login Steps 50

Advantages of Using In-Band Mode 50

Disadvantages of Using In-Band Mode 51

Where You Can Use In-Band Mode 51

Out-of-Band Mode 52

How the Adjacency Mode Affects Out-of-Band Operation 56

Layer 3 Out-of-Band Traffic Control Methods 58

How the Network Mode Affects Out-of-Band Operation 65

Login Steps with OOB in L2 Adjacency, Virtual Gateway Mode 68

Initial Steps for OOB Clients 69

Clean Access Agent Authentication Steps in OOB 71

Agent Host Security Posture Assessment Steps for OOB 71

Agent Post-Certification Steps for OOB 72

Login Steps for OOB in L3 Adjacency, Real IP Mode 73

Initial Client Steps for L3 OOB 74

Steps to Obtain an IP Address in L3 OOB 74

Client Authentication and PBR Steps in L3 OOB 75

Client Certification and Post-Certification Steps in L3 OOB 76

Advantages of Using Out-of-Band Mode 77

Disadvantage of Using Out-of-Band Mode 78

Where You Can Use Out-of-Band Mode and Where You Cannot 78

Switches Supported by NAC Appliance Out-of-Band 78

Clean Access Agent and Web Login with Network Scanner 81

Summary 85

Chapter 5 Advanced Cisco NAC Appliance Design Topics 87

External Authentication Servers 87

Mapping Users to Roles Using Attributes or VLAN IDs 89

MAC Address Authentication Filters 92

Single Sign-On 93

Active Directory SSO 93

Active Directory SSO Prerequisites 94

How Active Directory SSO Works 94


VPN SSO Prerequisites 96

How VPN SSO Works 96

Cisco Wireless SSO 99

Cisco Wireless SSO Prerequisites 99

How Cisco Wireless SSO Works 99

NAC Appliance and IP Telephony Integration 101

IP Telephony Best Practices for In-Band Mode 101

IP Telephony Best Practices for Out-of-Band Mode 102

High Availability and Load Balancing 104

High Availability 106

Stateful Failover of NAC Appliance Manager 107

Stateful Failover of NAC Appliance Server 108

Fallback Feature on NAC Appliance Server 109

Spanning Tree N+1 110

Load Balancing 112

Cisco Content Switching Module or Standalone Content Services Switch 113

NAC Appliance Server Load Balancing Using Policy-Based Routing 116

Summary 118

Part III The Foundation: Building a Host Security Policy 121

Chapter 6 Building a Cisco NAC Appliance Host Security Policy 123

What Makes Up a Cisco NAC Appliance Host Security Policy? 123

Host Security Policy Checklist 124

Involving the Right People in the Creation of the Host Security Policy 124

Determining the High-Level Goals for Host Security 126

Common High-Level Host Security Goals 127

Defining the Security Domains 129

Understanding and Defining NAC Appliance User Roles 132

Built-In User Roles 133

Unauthenticated Role 134

Normal Login Role 134

Temporary Role 134

Quarantine Role 135

Commonly Used Roles and Their Purpose 136

Establishing Acceptable Use Policies 138

Checks, Rules, and Requirements to Consider 143

Sample HSP Format for Documenting NAC Appliance Requirements 148

Common Checks, Rules, and Requirements 149

Method for Adding Checks, Rules, and Requirements 150

Research and Information 150

Establishing Criteria to Determine the Validity of a Security Check, Rule,

or Requirement in Your Organization 152

Method for Determining Which User Roles a Particular Security

Requirement Should Be Applied To 153

Method for Deploying and Enforcing Security Requirements 153

Defining Network Access Privileges 154

Enforcement Methods Available with NAC Appliance 155

Commonly Used Network Access Policies 156

Summary 160

Part IV Cisco NAC Appliance Configuration 163

Chapter 7 The Basics: Principal Configuration Tasks for the NAM and NAS 165

Understanding the Basic Cisco NAC Appliance Concepts 165

NAM Overview 166

NAM Hardware Installation Requirements 166

NAM Software Installation Requirements 166

How to Connect NAM 166

Performing Initial NAM Configurations 167

NAC Licensing 172

NAM GUI Description 173

NAS Overview 175

NAS Hardware Installation Requirements 175

NAS Software Installation Requirements 176

NAS Software License Requirement 176

How to Connect NAS 176

Performing Initial NAS Configurations 176

NAS GUI Description 179

Configuring NAS Deployment Mode 182

In-Band Deployment Options 182

Out-of-Band Deployment Options 186

Understanding NAS Management Within the NAM GUI 186

Global Versus Local Settings 187

Global Settings 187

Local NAS Settings 193

Adding Additional NAS Appliances 201

Summary 201

Chapter 8 The Building Blocks: Roles, Authentication, Traffic Policies, and User Pages 203

Configuring User Roles 203

Creating Custom Roles 203

Editing or Deleting a Custom Role 206

Configuring Role Assignment 207

Creating a Local User and Assigning a Role 207

Assigning a Role by VLAN 209

Assigning a Role by MAC and IP Address 213

Assigning a Role by Subnet 217

Assigning a Role by External Authentication Source Attributes 219

Role Mapping Summary 219

Configuring Authentication 220

Creating Admin Users and Groups 220

Creating an Admin Group 220

Creating an Admin User 222

Adding External Authentication Sources 222

Adding a RADIUS External Authentication Source 223

Adding an LDAP/AD External Authentication Source 224

Configuring and Creating Traffic Policies 226

IP-Based Traffic Control Policy 227

Host-Based Traffic Control Policy 229

Bandwidth Policies 230

Customizing User Pages and Guest Access 232

Login Pages 232

Guest Access 236

API for Guest Access 236

Summary 237

Chapter 9 Host Posture Validation and Remediation: Cisco Clean Access Agent and Network Scanner 239

Understanding Cisco NAC Appliance Setup 239

Cisco NAC Appliance Updates 240

General Setup 242

Web Login 242

Agent Login 243

Certified Devices 245

Certified List 245

Add Exempt Device 246

Add Floating Device 246

Timer 249

Cisco Clean Access Agent 250

Agent Installation Process 250

Sample Agent Installation 251

Agent Distribution 255

Alternative Agent Installation Methods 257

Agent Policy Enforcement 258

Requirements, Rules, and Checks 258

Creating and Enforcing a Requirement 258

Creating Checks 264

Creating a Custom Rule 266

Network Scanning 266

Nessus Plug-Ins 266

Scanning Setup 267

Vulnerability Handling 269

User Agreement Configuration 271

Testing the Scanning Setup 271

Summary 273

Chapter 10 Configuring Out-of-Band 275

Out-of-Band Overview and Design 275

User Access Method 275

Switch Support 275

Central Deployment Mode or Edge Deployment Mode 276

Layer 2 or Layer 3 276

Gateway Mode for NAC Appliance Server 276

Simple Network Management Protocol Trap to Trigger the NAC Process 277

Port-Based VLAN Assignment or User Role—Based VLAN Assignment 278

Sample Design and Configuration for Layer 2 Out-of-Band Deployment 278

Step 1: Configuring the Switch 279

Configuring VLAN Trunking Protocol and VLANs 279

Configuring SVIs 280

Configuring the Switch as a DHCP Server 281

Configuring Fa1/0/1–The Interface Connecting the NAC Appliance Manager

eth0 Port 282

Configuring Fa1/0/3–The Interface Connecting the Trusted Port (eth0) of

NAC Appliance Server 282

Configuring Fa1/0/4–The Interface Connecting the Untrusted Port (eth1) of

NAC Appliance Server 283

Configuring Fa1/0/5–The Interface Connecting the Host 283

Configuring Simple Network Management Protocol 283

Step 2: Configuring NAC Appliance Manager 284

Step 3: Configuring NAC Appliance Server 286

Step 4: Logging In to NAC Appliance Manager 288

Step 5: Adding NAC Appliance Server to NAC Appliance Manager 289

Step 6: Editing Network Settings on NAC Appliance Server 290

Step 7: Configuring VLAN Mapping 291

Step 8: Configuring Managed Subnets 292

Step 9: Configuring a Switch Group 293

Step 10: Configuring a Switch Profile 294

Step 11: Configuring a Port Profile 295

Step 12: Configuring the SNMP Receiver 296

Step 13: Adding a Switch to NAC Appliance Manager 297

Step 14: Configuring Ports to Be Managed by NAC 298

Step 15: Configuring User Roles 299

Step 16: Configuring User Authentication on the Local Database 303

Step 17: Testing Whether OOB and User Role—Based VLAN Assignment

Works 304

Sample Design and Configuration for Layer 3 Out-of-Band Deployment 310

Step 1: Configuring the Switches 311

Configuring the Central Switch 311

Configuring the Edge Switch 313

Step 2: Configuring NAC Appliance Manager 318

Step 3: Configuring NAC Appliance Server 319

Step 4: Logging In to NAC Appliance Manager 322

Step 5: Adding NAC Appliance Server to NAC Appliance Manager 322

Step 6: Editing Network Settings on NAC Appliance Server 323

Step 7: Configuring Static Routes 324

Step 8: Configuring a Switch Group 325

Step 9: Configuring a Switch Profile 326

Step 10: Configuring a Port Profile 326

Step 11: Configuring the SNMP Receiver 328

Step 12: Adding the Switch to NAC Appliance Manager 328

Step 13: Configuring Ports to Be Managed by NAC Appliance 330

Step 14: Configuring User Roles 331

Step 15: Configuring User Authentication on the Local Database 334

Step 16: Changing the Discovery Host 335

Step 17: Configuring the Web Login Page 336

Step 18: Testing Whether OOB and User Role—Based VLAN Assignment

Works 337

Additional Out-of-Band Considerations 342

Summary 343

Chapter 11 Configuring Single Sign-On 345

Active Directory Single Sign-On Overview 345

Supported Devices for AD SSO 345

Basic AD SSO Configuration Steps 346

Configuring Single Sign-On for Windows AD 347

NAM Configuration 348

NAS Configuration 349

Layer 3 3550 Core Switch Configuration 352

3500XL Edge Layer 2 Switch Configuration 354

Active Directory or Domain Controller Configuration 355

Beginning Overall Setup 356

Adding an AD Server as an AD SSO Auth Server 357

Configuring Traffic Policies and Ports in the Unauthenticated Role for AD Authentication 358

Configuring AD SSO Settings in NAS 359

Configuring the AD Server and Running the ktpass Command 360

Enabling Agent-Based Windows AD SSO 364

Enabling GPO Updates 364

(Optional) Adding LDAP Lookup Server to Map Users to Multiple Roles 366

LDAP Browser (Not Required but Very Helpful) 366

Configuring LDAP Lookup Server in NAM 368

User Attributes in Active Directory 370

Enabling DHCP in NAS 379

Enabling User Login Pages in NAM 382

NAC Agent Download and Login 382

Configuring Single Sign-On for VPN 386

ACS Setup 388

ASA-5510 VPN Setup 388

Configuring NAS to Support VPN SSO 393

Configuring Single Sign-On for Cisco Wireless LAN Controller 398

ACS Server Setup 399

WLC Setup 399

NAM/NAS Setup 402

Summary 403

Chapter 12 Configuring High Availability 405

High Availability on NAC Appliance Manager 405

High Availability on NAC Appliance Server 408

Example of a High Availability Configuration for NAC Appliance Manager and Server 411

Adding NAC Appliance Managers in High Availability Mode 412

Adding a CA-Signed Certificate to the Primary NAC Appliance Manager 413

Generating a Self-Signed Temporary Certificate on the Primary NAC

Appliance Manager 414

Adding a Certificate to the Secondary NAC Appliance Manager 415

Configuring High Availability for NAC Appliance Managers 416

Adding NAC Appliance Servers in High Availability Mode 418

Configuring the eth2 Interfaces 419

Configuring the Primary Server for High Availability 420

Configuring the Secondary Server for High Availability 429

Setting Up DHCP Failover on NAC Appliance Servers 438

Troubleshooting HA 440

Summary 440

Part V Cisco NAC Appliance Deployment Best Practices 443

Chapter 13 Deploying Cisco NAC Appliance 445

Pre-Deployment Phase 446

Executive Summary 447

Scope 447

Vision 448

NAC Appliance Overview (Diagram) 448

Host Security Policy 448

Business Drivers for Deployment 448

Deployment Schedule 449

Resources 449

New Equipment 451

Support Plan 451

Communication Plan 451

Cisco NAC Appliance Training 451

Deployment Plan Overview 452

Proof of Concept Phase 454

Pilot Phase 455

Production Deployment Phases 456

Production Deployment Phase 1: Initial Introduction to User Community 456

Production Deployment Phase 2: Implementing Host Security Policy Checks

Without Enforcement 457

Production Deployment Phase 3: Host Security Policy Enforcement 458

Summary 459

Part VI Cisco NAC Appliance Monitoring and Troubleshooting 461

Chapter 14 Understanding Cisco NAC Appliance Monitoring 463

Understanding the Various Monitoring Pages and Event Logs 463

Summary Page 463

Discovered Clients and Online Users Pages 465

Discovered Clients Page 466

Online Users Page 467

Event Logs 470

Understanding and Changing Logging Levels of NAC Appliance 474

SNMP 477

Understanding Monitoring of Web Login and Clean Access Agents 480

Clean Access Agent Reports 480

Certified List 484

Manually and Automatically Clearing the Certified List 486

Requiring Certification for Every Login 488

Summary of the Behavior of the Certified List 490

Monitoring the Status of NAC Appliance Manager and NAC Appliance Servers 490

Manager and Server Monitoring Using the Linux CLI 491

Manager and Server Monitoring Using the Web GUI 492

Summary 493

Chapter 15 Troubleshooting Cisco NAC Appliance 495

Licensing Issues 495

Adding NAS to NAM 496

Policy Issues 498

Agent Issues 500

Out-of-Band Issues 504

Single Sign-On Issues 509

AD SSO 509

VPN and Wireless SSO 512

High Availability Issues 513

Useful Logs 516

NAM Logs 516

NAS Logs 516

Additional Logs 517

Common Issues Encountered by the Help Desk in the First 30 Days 517

Users Not Being Able to Get a Web Login Page, or the NAC Appliance Agent Not Popping 518

Users Not Being Able to Authenticate 518

Users Getting Stuck in the Quarantine or Temporary Role 519

Users Not Being Put in the Correct VLAN or Not Getting Access to Certain Resources 520

Summary 521

Appendix Sample User Community Deployment Messaging Material 523

Sample NAC Appliance Requirement Change Notification E-Mail 523

Sample NAC Appliance Notice for Bulletin Board or Poster 524

Sample NAC Appliance Letter to Students 526

Index 528

Read More Show Less


H4>Who Should Read This Book?

This book will be of interest to the following professionals:

  • IT directors and managers

  • Network administrators

  • Network and security engineers

  • Security analysts and consultants

  • Operating systems administrators

  • Application developers

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted August 26, 2007

    Great Volume : Consider buying

    The Cisco Self Securing Network platform is currently structured around several cornerstone technologies of which the Cisco Clean Access technology is a leading component. The Cisco Clean Access technology is one of several industry wide Network Admission Control (NAC) technologies which rely on a combination of client-server components. The Cisco Clean Access suite includes a client component which could be host-installed applet or a browser based applet that can read basic configuration data from a host machine and communicate compliance to enterprise defined rules/policies which are pre-defined on a clean access server appliance and other coorperating systems. The book, Cisco NAC Appliance is a good guide for administrators deploying this complex set of solutions brought from Perfigo Inc. after Perfigo¿s acquisition by Cisco 2006. The book¿s organization and tone is aimed at security architects, security managers and security administrators. While a security architect will better understand the various deployment options and thus the place of the Cisco NAC framework in an enterprise, security managers will get a comprehensive enough view of the Cisco NAC framework to make the judgment call on actual deployment of the infrastructure and of course make decisions on cost/facility and better grapple with the potential cost benefit requests from enterprise¿s executive and the security administrator will have a quick guide handbook to help wade through the myriads of documentations from Cisco on its evolving SAFE architecture in general and the NAC framework in particular. The organization of this book is excellent for the intended audience six parts covering the basics of host security landscape, design of Cisco NAC appliance, developing a host security policy, the Cisco NAC configuration, some deployment best practices, and of course NAC appliance maintenance and troubleshooting. The six parts are laid out in fifteen accessible chapters spanning more than 500 pages with generous amount of configuration examples and screenshots. With Cisco now having more than 45% market share in the endpoint access control market, books like these can only increase in importance as a guide to organizations grappling with the decision on what and where to deploy these technologies. And for this volume, the taste of the pudding remains in the eating. So if you don¿t have a copy yet, go grab one (so long as you are interested in some endpoint security solutions now or at some point in the future). As for rating, I¿ll give it my best rating so far, four star out of five.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)