Cisco NAC Appliance: Enforcing Host Security with Clean Access

( 1 )
Paperback (New Edition)
$50.35
BN.com price
$67.00 List Price (Save 25%)
Marketplace (New and Used)
from
$14.99
$67.00 List Price (Save 78%)
Usually ships in 1-2 business days
All (16)  
Used (7)  
New (9)  
Close
Sort by
Page 1 of 2
Showing 1 – 10 of 16 (2 pages)
$14.99
(Save 78%)
Books Squared
Seller since 2009

Feedback rating:

(4450)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Like New
Book appears to be new. Book selection as BIG as Texas.

Ships from: Dallas, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$23.94
(Save 64%)
Extremely_Reliable
Seller since 2007

Feedback rating:

(3210)

Condition: Very Good
Buy with confidence. Excellent Customer Service & Return policy.

Ships from: Richmond, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$24.95
(Save 63%)
SuperCheapTextbooks2020
Seller since 2012

Feedback rating:

(2)

Condition: Good

Ships from: Brentwood, TN

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
$40.75
(Save 39%)
Sandman Book Company
Seller since 2010

Feedback rating:

(87)

Condition: Good
1587053063 Used, in good condition. Book only. May have interior marginalia or previous owner's name.

Ships from: Punta Gorda, FL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$40.75
(Save 39%)
Crashing Rocks Bookstore
Seller since 2012

Feedback rating:

(9)

Condition: Good
PAPERBACK Good 1587053063 Used, in good condition. Book only. May have interior marginalia or previous owner's name.

Ships from: Punta Gorda, FL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$48.25
(Save 28%)
EuroBooks
Seller since 2008

Feedback rating:

(3504)

Condition: New
Shipped from UK in 4 to 14 business days. Established seller since 2000

Ships from: Horcott Rd, Fairford, United Kingdom

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$49.39
(Save 26%)
SuperBookDeals-
Seller since 2008

Feedback rating:

(14111)

Condition: New
Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.

Ships from: South Bend, IN

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$49.39
(Save 26%)
SuperBookDeals-
Seller since 2008

Feedback rating:

(14111)

Condition: Like New
Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.

Ships from: South Bend, IN

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$49.40
(Save 26%)
Great Book Deals
Seller since 2008

Feedback rating:

(12288)

Condition: New
Absolutely Brand New & In Stock. 100% 30-Day Money Back. Direct from our warehouse. Over 5+ Million Customers served. In business since 1997. Happy Customers is Our #1 Goal. ... Customer Service toll free upport Monday-Friday EST Hrs. 4 to 14 business day Delivery Time by US Post Office. Read more Show Less

Ships from: Oldsmar, FL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$49.87
(Save 26%)
Today's Books Today
Seller since 2012

Feedback rating:

(5)

Condition: New
All orders ship same business day via standard shipping (USPS Media Mail) if received by 1 PM CST. We do not ship to APO/FPO addresses.

Ships from: Richardson, TX

Usually ships in 1-2 business days

  • Standard, 48 States
Page 1 of 2
Showing 1 – 10 of 16 (2 pages)
Close
Sort by
NOOK Book (eBook)
$30.77
BN.com price
$53.99 List Price (Save 43%)

Available on NOOK devices and apps

  • Nook Devices
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for iPad
  • NOOK for iPhone
  • NOOK for Android
  • NOOK for Android (Tablet)
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK Study
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

More About This Book

Overview

Cisco NAC Appliance

Enforcing Host Security with Clean Access

 

Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance

 

Jamey Heary, CCIE® No. 7680

Contributing authors: Jerry Lin, CCIE No. 6469,

Chad Sullivan, CCIE No. 6493, and Alok Agrawal

 

With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past.

 

Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point.

 

Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy.

 

Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years.

 

  • Understand why network attacks and intellectual property losses can originate from internal network hosts
  • Examine different NAC Appliance design options
  • Build host security policies and assign the appropriate network access privileges for various user roles
  • Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide
  • Set up and configure the NAC Appliance solution
  • Learn best practices for the deployment of NAC Appliance
  • Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Cisco Press–Security

Covers: End-Point Security

 

Product Details

  • ISBN-13: 9781587053061
  • Publisher: Cisco Press
  • Publication date: 8/20/2007
  • Edition description: New Edition
  • Pages: 576
  • Series: Networking Technology: Security Series
  • Product dimensions: 7.45 (w) x 9.16 (h) x 1.19 (d)

Meet the Author

About the Author

Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.

 

About the Contributing Authors

Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, andhealth care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.

 

Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.

 

Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.

Table of Contents

Introduction xxii

 

Part I The Host Security Landscape 3

 

Chapter 1 The Weakest Link: Internal Network Security 5

Security Is a Weakest-Link Problem 6

Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks 7

The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware 9

Summary 10

 

Chapter 2 Introducing Cisco Network Admission Control Appliance 13

Cisco NAC Approaches 13

    NAC as an Appliance 13

    NAC as an Embedded Solution 15

    Cisco NAC Integrated Implementation 16

Cisco NAC Appliance Overview 16

Cisco NAC Return on Investment 17

Summary 18

 

Part II The Blueprint: Designing a Cisco NAC Appliance Solution 21

 

Chapter 3 The Building Blocks in a Cisco NAC Appliance Design 23

Cisco NAC Appliance Solution Components 23

    Cisco NAC Appliance Manager 24

    Cisco NAC Appliance Server 25

    Cisco Clean Access Agent 28

    Cisco NAC Appliance Network Scanner 29

Cisco NAC Appliance Minimum Requirements 30

    Cisco NAC Appliance Manager and Server Requirements 31

    Cisco Clean Access Agent Requirements 32

Scalability and Performance of Cisco NAC Appliance 33

Summary 33

 

Chapter 4 Making Sense of All the Cisco NAC Appliance Design Options 35

NAC Design Considerations 35

    Single-Sign-On Capabilities 36

    In-Band Versus Out-of-Band Overview 36

    Layer 2 Versus Layer 3 Client Adjacency Overview 37

    Virtual Gateway Versus Real IP Gateway Overview 37

Deployment Options 38

    How to Choose a Client/Server Adjacency Mode 39

        Layer 2 Mode 40

        Layer 3 Mode 40

        Layer 2 Strict Mode for Clean Access Agent 41

    How to Choose a Network Mode 42

        Virtual Gateway Mode 42

        Real IP Gateway Mode 43

In-Band Mode 43

    The Certification Process in In-Band Mode 44

    Certification Steps for Host with Clean Access Agent 44

        Steps for Client to Acquire an IP Address 44

        Clean Access Agent Authentication Steps 45

        Clean Access Agent Host Security Posture Assessment Steps 45

        Clean Access Agent Network Scanner Steps 46

        Agent Post-Certification Steps 47

    Login Steps for Host Using Web Login (No Clean Access Agent) 47

        Web Login Authentication Steps 48

        Web Login Network Scanning Steps 48

        Post—Web Login Steps 50

    Advantages of Using In-Band Mode 50

    Disadvantages of Using In-Band Mode 51

    Where You Can Use In-Band Mode 51

Out-of-Band Mode 52

    How the Adjacency Mode Affects Out-of-Band Operation 56

        Layer 3 Out-of-Band Traffic Control Methods 58

    How the Network Mode Affects Out-of-Band Operation 65

    Login Steps with OOB in L2 Adjacency, Virtual Gateway Mode 68

        Initial Steps for OOB Clients 69

        Clean Access Agent Authentication Steps in OOB 71

        Agent Host Security Posture Assessment Steps for OOB 71

        Agent Post-Certification Steps for OOB 72

    Login Steps for OOB in L3 Adjacency, Real IP Mode 73

        Initial Client Steps for L3 OOB 74

        Steps to Obtain an IP Address in L3 OOB 74

        Client Authentication and PBR Steps in L3 OOB 75

        Client Certification and Post-Certification Steps in L3 OOB 76

    Advantages of Using Out-of-Band Mode 77

    Disadvantage of Using Out-of-Band Mode 78

    Where You Can Use Out-of-Band Mode and Where You Cannot 78

    Switches Supported by NAC Appliance Out-of-Band 78

Clean Access Agent and Web Login with Network Scanner 81

Summary 85

 

Chapter 5 Advanced Cisco NAC Appliance Design Topics 87

External Authentication Servers 87

    Mapping Users to Roles Using Attributes or VLAN IDs 89

    MAC Address Authentication Filters 92

Single Sign-On 93

    Active Directory SSO 93

        Active Directory SSO Prerequisites 94

        How Active Directory SSO Works 94

    VPN SSO 96

        VPN SSO Prerequisites 96

        How VPN SSO Works 96

    Cisco Wireless SSO 99

        Cisco Wireless SSO Prerequisites 99

        How Cisco Wireless SSO Works 99

NAC Appliance and IP Telephony Integration 101

    IP Telephony Best Practices for In-Band Mode 101

    IP Telephony Best Practices for Out-of-Band Mode 102

High Availability and Load Balancing 104

    High Availability 106

        Stateful Failover of NAC Appliance Manager 107

        Stateful Failover of NAC Appliance Server 108

        Fallback Feature on NAC Appliance Server 109

        Spanning Tree N+1 110

    Load Balancing 112

        Cisco Content Switching Module or Standalone Content Services Switch 113

        NAC Appliance Server Load Balancing Using Policy-Based Routing 116

Summary 118

 

Part III The Foundation: Building a Host Security Policy 121

 

Chapter 6 Building a Cisco NAC Appliance Host Security Policy 123

What Makes Up a Cisco NAC Appliance Host Security Policy? 123

    Host Security Policy Checklist 124

    Involving the Right People in the Creation of the Host Security Policy 124

Determining the High-Level Goals for Host Security 126

    Common High-Level Host Security Goals 127

Defining the Security Domains 129

Understanding and Defining NAC Appliance User Roles 132

    Built-In User Roles 133

        Unauthenticated Role 134

        Normal Login Role 134

        Temporary Role 134

        Quarantine Role 135

    Commonly Used Roles and Their Purpose 136

Establishing Acceptable Use Policies 138

Checks, Rules, and Requirements to Consider 143

    Sample HSP Format for Documenting NAC Appliance Requirements 148

    Common Checks, Rules, and Requirements 149

    Method for Adding Checks, Rules, and Requirements 150

        Research and Information 150

        Establishing Criteria to Determine the Validity of a Security Check, Rule,

            or Requirement in Your Organization 152

        Method for Determining Which User Roles a Particular Security

            Requirement Should Be Applied To 153

        Method for Deploying and Enforcing Security Requirements 153

Defining Network Access Privileges 154

    Enforcement Methods Available with NAC Appliance 155

    Commonly Used Network Access Policies 156

Summary 160

 

Part IV Cisco NAC Appliance Configuration 163

 

Chapter 7 The Basics: Principal Configuration Tasks for the NAM and NAS 165

Understanding the Basic Cisco NAC Appliance Concepts 165

NAM Overview 166

    NAM Hardware Installation Requirements 166

    NAM Software Installation Requirements 166

    How to Connect NAM 166

    Performing Initial NAM Configurations 167

    NAC Licensing 172

    NAM GUI Description 173

NAS Overview 175

    NAS Hardware Installation Requirements 175

    NAS Software Installation Requirements 176

    NAS Software License Requirement 176

    How to Connect NAS 176

    Performing Initial NAS Configurations 176

    NAS GUI Description 179

Configuring NAS Deployment Mode 182

    In-Band Deployment Options 182

    Out-of-Band Deployment Options 186

Understanding NAS Management Within the NAM GUI 186

    Global Versus Local Settings 187

        Global Settings 187

        Local NAS Settings 193

Adding Additional NAS Appliances 201

Summary 201

 

Chapter 8 The Building Blocks: Roles, Authentication, Traffic Policies, and User Pages 203

Configuring User Roles 203

    Creating Custom Roles 203

    Editing or Deleting a Custom Role 206

Configuring Role Assignment 207

    Creating a Local User and Assigning a Role 207

    Assigning a Role by VLAN 209

    Assigning a Role by MAC and IP Address 213

    Assigning a Role by Subnet 217

    Assigning a Role by External Authentication Source Attributes 219

    Role Mapping Summary 219

Configuring Authentication 220

    Creating Admin Users and Groups 220

        Creating an Admin Group 220

        Creating an Admin User 222

    Adding External Authentication Sources 222

        Adding a RADIUS External Authentication Source 223

        Adding an LDAP/AD External Authentication Source 224

Configuring and Creating Traffic Policies 226

    IP-Based Traffic Control Policy 227

    Host-Based Traffic Control Policy 229

    Bandwidth Policies 230

Customizing User Pages and Guest Access 232

    Login Pages 232

    Guest Access 236

    API for Guest Access 236

Summary 237

 

Chapter 9 Host Posture Validation and Remediation: Cisco Clean Access Agent and Network Scanner 239

Understanding Cisco NAC Appliance Setup 239

    Cisco NAC Appliance Updates 240

    General Setup 242

        Web Login 242

        Agent Login 243

    Certified Devices 245

        Certified List 245

        Add Exempt Device 246

        Add Floating Device 246

        Timer 249

Cisco Clean Access Agent 250

    Agent Installation Process 250

        Sample Agent Installation 251

        Agent Distribution 255

        Alternative Agent Installation Methods 257

Agent Policy Enforcement 258

    Requirements, Rules, and Checks 258

        Creating and Enforcing a Requirement 258

        Creating Checks 264

        Creating a Custom Rule 266

Network Scanning 266

    Nessus Plug-Ins 266

    Scanning Setup 267

    Vulnerability Handling 269

    User Agreement Configuration 271

    Testing the Scanning Setup 271

Summary 273

 

Chapter 10 Configuring Out-of-Band 275

Out-of-Band Overview and Design 275

    User Access Method 275

    Switch Support 275

    Central Deployment Mode or Edge Deployment Mode 276

    Layer 2 or Layer 3 276

    Gateway Mode for NAC Appliance Server 276

    Simple Network Management Protocol Trap to Trigger the NAC Process 277

    Port-Based VLAN Assignment or User Role—Based VLAN Assignment 278

Sample Design and Configuration for Layer 2 Out-of-Band Deployment 278

    Step 1: Configuring the Switch 279

        Configuring VLAN Trunking Protocol and VLANs 279

        Configuring SVIs 280

        Configuring the Switch as a DHCP Server 281

        Configuring Fa1/0/1–The Interface Connecting the NAC Appliance Manager

            eth0 Port 282

        Configuring Fa1/0/3–The Interface Connecting the Trusted Port (eth0) of

            NAC Appliance Server 282

        Configuring Fa1/0/4–The Interface Connecting the Untrusted Port (eth1) of

            NAC Appliance Server 283

        Configuring Fa1/0/5–The Interface Connecting the Host 283

        Configuring Simple Network Management Protocol 283

    Step 2: Configuring NAC Appliance Manager 284

    Step 3: Configuring NAC Appliance Server 286

     Step 4: Logging In to NAC Appliance Manager 288

    Step 5: Adding NAC Appliance Server to NAC Appliance Manager 289

    Step 6: Editing Network Settings on NAC Appliance Server 290

    Step 7: Configuring VLAN Mapping 291

    Step 8: Configuring Managed Subnets 292

    Step 9: Configuring a Switch Group 293

    Step 10: Configuring a Switch Profile 294

    Step 11: Configuring a Port Profile 295

    Step 12: Configuring the SNMP Receiver 296

    Step 13: Adding a Switch to NAC Appliance Manager 297

    Step 14: Configuring Ports to Be Managed by NAC 298

    Step 15: Configuring User Roles 299

    Step 16: Configuring User Authentication on the Local Database 303

    Step 17: Testing Whether OOB and User Role—Based VLAN Assignment

        Works 304

Sample Design and Configuration for Layer 3 Out-of-Band Deployment 310

    Step 1: Configuring the Switches 311

        Configuring the Central Switch 311

        Configuring the Edge Switch 313

    Step 2: Configuring NAC Appliance Manager 318

    Step 3: Configuring NAC Appliance Server 319

    Step 4: Logging In to NAC Appliance Manager 322

    Step 5: Adding NAC Appliance Server to NAC Appliance Manager 322

    Step 6: Editing Network Settings on NAC Appliance Server 323

    Step 7: Configuring Static Routes 324

     Step 8: Configuring a Switch Group 325

    Step 9: Configuring a Switch Profile 326

    Step 10: Configuring a Port Profile 326

    Step 11: Configuring the SNMP Receiver 328

    Step 12: Adding the Switch to NAC Appliance Manager 328

    Step 13: Configuring Ports to Be Managed by NAC Appliance 330

    Step 14: Configuring User Roles 331

    Step 15: Configuring User Authentication on the Local Database 334

    Step 16: Changing the Discovery Host 335

    Step 17: Configuring the Web Login Page 336

    Step 18: Testing Whether OOB and User Role—Based VLAN Assignment

        Works 337

    Additional Out-of-Band Considerations 342

Summary 343

 

Chapter 11 Configuring Single Sign-On 345

Active Directory Single Sign-On Overview 345

Supported Devices for AD SSO 345

Basic AD SSO Configuration Steps 346

Configuring Single Sign-On for Windows AD 347

    NAM Configuration 348

    NAS Configuration 349

    Layer 3 3550 Core Switch Configuration 352

    3500XL Edge Layer 2 Switch Configuration 354

    Active Directory or Domain Controller Configuration 355

    Beginning Overall Setup 356

        Adding an AD Server as an AD SSO Auth Server 357

        Configuring Traffic Policies and Ports in the Unauthenticated Role for AD Authentication 358

        Configuring AD SSO Settings in NAS 359

        Configuring the AD Server and Running the ktpass Command 360

    Enabling Agent-Based Windows AD SSO 364

    Enabling GPO Updates 364

    (Optional) Adding LDAP Lookup Server to Map Users to Multiple Roles 366

        LDAP Browser (Not Required but Very Helpful) 366

        Configuring LDAP Lookup Server in NAM 368

        User Attributes in Active Directory 370

        Enabling DHCP in NAS 379

        Enabling User Login Pages in NAM 382

        NAC Agent Download and Login 382

Configuring Single Sign-On for VPN 386

    ACS Setup 388

    ASA-5510 VPN Setup 388

        Configuring NAS to Support VPN SSO 393

Configuring Single Sign-On for Cisco Wireless LAN Controller 398

    ACS Server Setup 399

    WLC Setup 399

    NAM/NAS Setup 402

Summary 403

 

Chapter 12 Configuring High Availability 405

High Availability on NAC Appliance Manager 405

High Availability on NAC Appliance Server 408

Example of a High Availability Configuration for NAC Appliance Manager and Server 411

    Adding NAC Appliance Managers in High Availability Mode 412

        Adding a CA-Signed Certificate to the Primary NAC Appliance Manager 413

        Generating a Self-Signed Temporary Certificate on the Primary NAC

            Appliance Manager 414

        Adding a Certificate to the Secondary NAC Appliance Manager 415

        Configuring High Availability for NAC Appliance Managers 416

    Adding NAC Appliance Servers in High Availability Mode 418

        Configuring the eth2 Interfaces 419

        Configuring the Primary Server for High Availability 420

        Configuring the Secondary Server for High Availability 429

        Setting Up DHCP Failover on NAC Appliance Servers 438

        Troubleshooting HA 440

Summary 440

 

Part V Cisco NAC Appliance Deployment Best Practices 443

 

Chapter 13 Deploying Cisco NAC Appliance 445

Pre-Deployment Phase 446

    Executive Summary 447

    Scope 447

    Vision 448

        NAC Appliance Overview (Diagram) 448

        Host Security Policy 448

        Business Drivers for Deployment 448

        Deployment Schedule 449

        Resources 449

        New Equipment 451

        Support Plan 451

         Communication Plan 451

        Cisco NAC Appliance Training 451

Deployment Plan Overview 452

Proof of Concept Phase 454

Pilot Phase 455

Production Deployment Phases 456

    Production Deployment Phase 1: Initial Introduction to User Community 456

    Production Deployment Phase 2: Implementing Host Security Policy Checks

        Without Enforcement 457

    Production Deployment Phase 3: Host Security Policy Enforcement 458

Summary 459

 

Part VI Cisco NAC Appliance Monitoring and Troubleshooting 461

 

Chapter 14 Understanding Cisco NAC Appliance Monitoring 463

Understanding the Various Monitoring Pages and Event Logs 463

    Summary Page 463

    Discovered Clients and Online Users Pages 465

        Discovered Clients Page 466

        Online Users Page 467

    Event Logs 470

        Understanding and Changing Logging Levels of NAC Appliance 474

    SNMP 477

Understanding Monitoring of Web Login and Clean Access Agents 480

    Clean Access Agent Reports 480

    Certified List 484

        Manually and Automatically Clearing the Certified List 486

        Requiring Certification for Every Login 488

        Summary of the Behavior of the Certified List 490

Monitoring the Status of NAC Appliance Manager and NAC Appliance Servers 490

    Manager and Server Monitoring Using the Linux CLI 491

    Manager and Server Monitoring Using the Web GUI 492

Summary 493

 

Chapter 15 Troubleshooting Cisco NAC Appliance 495

Licensing Issues 495

Adding NAS to NAM 496

Policy Issues 498

Agent Issues 500

Out-of-Band Issues 504

Single Sign-On Issues 509

    AD SSO 509

    VPN and Wireless SSO 512

High Availability Issues 513

Useful Logs 516

    NAM Logs 516

    NAS Logs 516

    Additional Logs 517

Common Issues Encountered by the Help Desk in the First 30 Days 517

    Users Not Being Able to Get a Web Login Page, or the NAC Appliance Agent Not Popping 518

    Users Not Being Able to Authenticate 518

    Users Getting Stuck in the Quarantine or Temporary Role 519

    Users Not Being Put in the Correct VLAN or Not Getting Access to Certain Resources 520

Summary 521

 

Appendix Sample User Community Deployment Messaging Material 523

Sample NAC Appliance Requirement Change Notification E-Mail 523

Sample NAC Appliance Notice for Bulletin Board or Poster 524

Sample NAC Appliance Letter to Students 526

 

Index 528

Preface

H4>Who Should Read This Book?

This book will be of interest to the following professionals:


  • IT directors and managers


  • Network administrators


  • Network and security engineers


  • Security analysts and consultants


  • Operating systems administrators


  • Application developers


© Copyright Pearson Education. All rights reserved.

Customer Reviews

Average Rating 4
( 1 )

Rating Distribution

5 Star

(0)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Review Guidelines
Add Recommendations
Your Name: Create a Pen Name or Leave Anonymously

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identiy on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

We're sorry, but penname is already taken.

Please select one of the following:
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

penname is available!

By visiting the BN.com website or marking a purchase on BN.com, a User is deemed to have accepted the Terms of Use.

Continue Anonymously

Welcome, penname

You have successfully created your Pen Name. Start enjoying the benefits of the BN.com Community today.

Sort by: Showing 1 Customer Review

  • Anonymous

    Posted August 26, 2007

    Great Volume : Consider buying

    The Cisco Self Securing Network platform is currently structured around several cornerstone technologies of which the Cisco Clean Access technology is a leading component. The Cisco Clean Access technology is one of several industry wide Network Admission Control (NAC) technologies which rely on a combination of client-server components. The Cisco Clean Access suite includes a client component which could be host-installed applet or a browser based applet that can read basic configuration data from a host machine and communicate compliance to enterprise defined rules/policies which are pre-defined on a clean access server appliance and other coorperating systems. The book, Cisco NAC Appliance is a good guide for administrators deploying this complex set of solutions brought from Perfigo Inc. after Perfigo¿s acquisition by Cisco 2006. The book¿s organization and tone is aimed at security architects, security managers and security administrators. While a security architect will better understand the various deployment options and thus the place of the Cisco NAC framework in an enterprise, security managers will get a comprehensive enough view of the Cisco NAC framework to make the judgment call on actual deployment of the infrastructure and of course make decisions on cost/facility and better grapple with the potential cost benefit requests from enterprise¿s executive and the security administrator will have a quick guide handbook to help wade through the myriads of documentations from Cisco on its evolving SAFE architecture in general and the NAC framework in particular. The organization of this book is excellent for the intended audience six parts covering the basics of host security landscape, design of Cisco NAC appliance, developing a host security policy, the Cisco NAC configuration, some deployment best practices, and of course NAC appliance maintenance and troubleshooting. The six parts are laid out in fifteen accessible chapters spanning more than 500 pages with generous amount of configuration examples and screenshots. With Cisco now having more than 45% market share in the endpoint access control market, books like these can only increase in importance as a guide to organizations grappling with the decision on what and where to deploy these technologies. And for this volume, the taste of the pudding remains in the eating. So if you don¿t have a copy yet, go grab one (so long as you are interested in some endpoint security solutions now or at some point in the future). As for rating, I¿ll give it my best rating so far, four star out of five.

    Was this review helpful? Yes  NoThank you for your feedback.   Report this reviewThank you, this review has been flagged.
Sort by: Showing 1 Customer Review
If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)
500 character limit