Network Access Control Approaches
|
|
- Alberta Goodman
- 5 years ago
- Views:
Transcription
1 Network Access Control Approaches Experiences Future Issues John Hayward Phd Wheaton College
2 No Access Control The good The Bradford and the ugly John Hayward Phd Wheaton College
3 Agenda Background Experiences o Blaster fall response o Network Registration Approaches to NAC o DHCP o Arp manipulation o Switch port manipulation Verifying Security Policies o Internal / External scans - Monitoring compliance o Quality of scan o Range of Policies Bradford Experiences o o Documentation, Support, Version, Wireless, etc Current and future issues o Virtualization, Non computer devices
4 Background Experiences - Fall 2003 Context Blaster just before Fall Term Aug 11 Sent notification to all students to get computer updated - MS had a patch available July 16 earlier Over 2000 computers owned and administered by students Registration system for students Students on different network than Employees Access to internet via IIS proxy server Flat network Results Good: o Employees unaffected o Students with patch could register (exceptions)
5 Background Experiences - Fall 2003 Results Bad : o Any unpatched computer in registration was nailed by the virus and became a carrier o Issue with proxy server or MS update server attacked with dos difficult to obtain update Ugly o So much traffic on our radio connections to some apartments they were effectively lost networking Response Student lab workers distributed CD with patch and removal tools Hand monitoring/shutdown ports which had malware Some students were not on network for 3 weeks
6 Background Experiences Design Goals (Spring) Require current patches Require Sophos Require Sophos Def current Require last scan current and no virus Allow Registration if requirements satisfied Registration machines should be isolated from each other Turn on Auto Updates Results - Good: Web registration site with security checks Shavlik command line check of patch levels bought by MS and available via MBSA Download bat to check - MBSA in command line, check sohpos status and return results
7 Background Experiences Results - Bad: MS unleashed SP2 Aug 6 - Blaster 2 Decided to require SP2 Problems with IIS proxy server or MS site Design linear - hard for users to follow Fall good security - rough user experience Fall 2005 redesign site After turning on updates One button CheckMe Results of success failure on same page Fall good security OK user experience Returning Great -Freshmen some challenges
8 Background Experiences Fall 2006 Fully implemented remote preregistration Fairly smooth Spring 2007 New Director of Computing Services Wanted professional support with lower internal resources to support home grown solution MBSA was taking longer - loosing command line facilities Vista was had come Many students had their own virus programs Read reports - seriously considered o Open source packet fence zero effort o Commercial Bradford Networks Bradford Selected - Experiences later in talk
9 NAC Approaches Getting Attention of User DHCP o Homegrown Network Registration o Clients use DHCP to get IP o Database keeps track of who is and is not registered - if not registered give IP and subnet for registration o After passing security Policy give production IP o What about hard coded IP??? Arp Manipulation o Packet Fence can use this o Server monitors apr announcements o If not registered poison arp to direct packets to server
10 NAC Approaches Getting Attention of User (cont) Port Vlan Switching o Bradford (and later Packet Fence) use this o Switch sends trap to server on linkup o Server asks switch for mac address o Server switches to correct vlan - if not registered then registration vlan o Server needs to know how to operate switch Inline server o Packet Fence can use this o Server acts a router to rest of network o Single point of failure? All approaches provide special DNS to achieve captive portal
11 NAC Approaches Verifying Security Policy Internal scanning o Registration Scans Bradford dissolvable agent home grown - batch file o Periodic scans - require software on client Bradford persistent agent - scheduled scans Patchlink - Bradford and homegrown External scans o Bradford can use nessus o Packet Fence can use snort o Can be independent of NAC
12 NAC Approaches Verifying Security Policy Scan quality o Light and quicker (Bradford) Check registry entires Check AV/AS def versions o Deeper (more intense) Homegrown Use MBSA Shavlik - use CAB/xml file to determine patches - check actual validity of patches Verify last AV scan had clean report Range of Security Policy Bradford 20+ AV, 20+AS Bradford individual registry keys Bradford check for software
13 NAC Bradord Experience Fall 2007 Preparation work started spring 2007 o All switches had to be adjusted for Bradford Traps programmed Self discovery help populate topology Orientation lab summer 2007 o Goal was to have network configure by end of lab o Problem we did not have network mapping finished before lab o Practiced examples on "practice lab" environment not our production network o Helped some but not effective as it could be
14 NAC Bradord Experience Fall 2007 Over 600 freshmen arriving Aug 2007 o Finally had networking mapped o Bradforized the dorm switches o Discovered scanning not working 1 week before bulk of freshmen arriving o Bradford support worked remotely - Networking staff put in lots of extra hours o Registration scanning issue resolved less than 30 minutes before Freshmen started to use network!
15 NAC Bradord Experince Scheduled scanning to require policy compliance o Put some machines in quarantine and then move them back to production o Some machines not being scanned o Quickly gave up on scheduled scans - no way to require compliance other than re-register! Discover High Availability fail over did not work Fall 2008 New 2.0.x client - support for more AV - transparent update Upgraded server 4.x shortly before fall Discovered transparent update did not work
16 NAC Bradord Experince Fall 2008 (cont) If more than 22 AV clients checked then old client reported inconsistent results - some passed without having required - others failed having all required - backed off on allowed AV Vista issues - eventually resolved 2009 AVG 8.0 definitions changed require upgrade to client AVG 8.5 definitions changed Bradford working on it ( ) Attempted upgrade client - proposed to be transparent failed Earlier fail over assumed both servers went down - seems to be resolved but db not synced
17 NAC Bradord Experience Support Now web interface - before phone call only Support people generally try to be helpful varying level of competency Support normally focus on configuration issues more complicated issues referred to engineers which you don't have direct access to Support thin during fall just before school starts Documentation Documentation looks nice Lacks conceptual model - says link goes to this page Lacks how to do x Rapid version changes - documentation not current Overloads terms - What is a scan? depends Command Line way out of date
18 NAC Bradord Experience Versions Large number of version started this fall we are at now upgrading to x Some required due to new mac addresses for non computer devices and new switches. Administration Organization of GUI non intuitive - Campus manager configuration in network topology. Requires more effort to support than home grown Up to x server only administrators could manually register problem machines - now operators can be granted that privilege. Massive number of number of alarms going off (apparently required to have an action associated with an event) - hard to see what is important
19 NAC Bradord Experince Broken Items Role based port mapping fails - work around Still don't have scanning working reliably Wireless Continuing issues with Meru wireless and Bradford related to registration -> production vlan switching - we tell users to reboot Support for other vendors hardware Supports an amazing number of switches Large number of AV/AS Many game controllers, other non computer IP devices - Need to keep versions current Trouble shooting Client cannot initiate scan - no information on client
20 NAC Future Issues Non Computer Nodes Existing facility to register devices by mac addr Only approved vendor mac prefix addresses allowed o Requires keeping server current version or o Requires manual entry of allowed mac prefix Some devices need generic USB Ethernet - These are not on vendor prefix list - how to know if device or computer?
21 NAC Future Issues Virtualization and Port Management vmware, xen, virtual box, virtual PC Networking - two approaches - Bridge - NAT Bridge - now multiple mac addresses from same port o New mac - port moved to registration - other VMs loose network access NAT - now possibly multiple OSs from same mac address o How do we know all VMs satisfy security policies? How to support Faculty with VMs who need to be on employee, student and lab vlans? Vlan switching needs to be on the node if at all.
22 Questions? Thank you!
Managing user access through NAC
Managing user access through NAC Darren Wheatcroft Senior Systems Developer, Information Services University of Nottingham 30 th June 2010 Contents Development of NAC at the University of Nottingham Guest
More informationAugust knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO
knac! 10 (or more) ways to bypass a NAC solution August 2007 Ofir Arkin, CTO In Memory of Oshri Oz September 13, 1972 - May 27, 2007 Agenda What is NAC? NAC Basics 10 (or more) ways to bypass NAC Ofir
More informationNetworks with Cisco NAC Appliance primarily benefit from:
Cisco NAC Appliance Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrators to authenticate, authorize, evaluate,
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationSymbols. Numerics I N D E X
I N D E X Symbols /var/log/ha-debug log, 517 /var/log/ha-log log, 517 Numerics A 3500XL Edge Layer 2 switch, configuring AD SSO, 354 355 access to resources, troubleshooting issues, 520 access VLANs, 54
More informationSecurity best practices
Security Best Practices CARRIER CORPORATION 2017 A member of the United Technologies Corporation family Stock symbol UTX Catalog No. 11-808-562-01 10/3/2017 Verify that you have the most current version
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationCisco NAC Appliance Agents
10 CHAPTER This chapter presents overviews, login flow, and session termination dialogs for the following Cisco NAC Appliance access portals: Cisco NAC Agent, page 10-1 Cisco NAC Web Agent, page 10-28
More informationDhcp With Manual Address Windows Server 2008 R2 Vlans
Dhcp With Manual Address Windows Server 2008 R2 Vlans I have set static IP addresses on the Server 2008R2 host and Internet Router. If I allow DHCP to set the IP to 192.168.20.5, I can RDP into and ping
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationNETWORK SENTRY KNOWN ANOMALIES. Network Sentry /8.2.9 Agent Analytics Rev: G 9/26/2018
RELEASE NOTES NETWORK SENTRY KNOWN ANOMALIES Network Sentry 8.1.12/8.2.9 Agent 5.0.5 Analytics 5.0.0 Rev: G 9/26/2018 For further information, please contact Bradford Networks Customer Support at 866-990-3799
More informationLab - Connect to a Router for the First Time
Introduction In this lab, you will configure basic settings on a wireless router. Recommended Equipment A computer with Windows installed An Ethernet NIC installed Wireless router Ethernet patch cable
More informationCONNECTING TO THE COLLEGE NETWORK. Connecting to the College Network
CONNECTING TO THE COLLEGE NETWORK Document Id Sponsor Laura Gibbs Author Nigel Rata Date May 2014 Version Control Log Version Date Change 1.0 25/05/10 Initial draft for review 1.1 6/10/10 Updated 1.2 15/05/2014
More informationApplication Note Asterisk BE with Remote Phones - Configuration Guide
Application Note Asterisk BE with Remote Phones - Configuration Guide 15 January 2009 Asterisk BE - Remote SIP Phones Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 REMOTE SIP PHONE
More informationNetwork Deployment Guide
WC-COA WC-COA-I Network Deployment Guide Contact Information FREE 24/7 technical support or order toll-free in the U.S. Call 877-877-BBOX (outside U.S.: call 724-746-5500) www.blackbox.com info@blackbox.com
More informationDhcp With Manual Address Windows Server 2008 R2 Vlan
Dhcp With Manual Address Windows Server 2008 R2 Vlan I have set static IP addresses on the Server 2008R2 host and Internet Router. If I allow DHCP to set the IP to 192.168.20.5, I can RDP into and ping
More informationLab - Configure a NIC to Use DHCP in Windows
Introduction In this lab, you will configure an Ethernet NIC to use DHCP to obtain an IP address and test connectivity between two computers. Recommended Equipment Wireless router Two computers running
More informationSecurity with Passion. Endian UTM Virtual Appliance
Security with Passion Endian UTM Virtual Appliance Endian UTM Virtual Appliance Endian UTM Virtual Appliance: Secure and Protect your Virtual Infrastructure Whether you are securing your internal virtual
More informationGet Max Internet Security where to buy software for students ]
Get Max Internet Security where to buy software for students ] Description: Features of Max Secure Internet Security 2013 Exciting, Easy to understand GUI Easy, Quick installation Get immediate protection
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationSimplifying your 802.1X deployment
mancalanetworks making networks manageable Simplifying your 802.1X deployment The rapid growth in the number and variety of mobile devices connecting to corporate networks requires strengthening security
More informationWireless Integration Overview
Version: 4.1.1 Date: 12/28/2010 Copyright Notice Copyright 2010 by Bradford Networks, Inc. All rights reserved worldwide. Use, duplication, or disclosure by the United States government is subject to the
More informationApplication Note Asterisk BE with SIP Trunking - Configuration Guide
Application Note Asterisk BE with SIP Trunking - Configuration Guide 23 January 2009 Asterisk BE SIP Trunking Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationIPv6 on Campus. The stuff you need to know
IPv6 on Campus The stuff you need to know Campfire! http://xkcd.com/ 742/ What is IPv6 and Why do I care? Next generation Internet addressing protocol ISPs around the world are handing out IPv6 addresses
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationMeeting 40. CEH Networking
Cyber@UC Meeting 40 CEH Networking If You re New! Join our Slack ucyber.slack.com SIGN IN! Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment
More informationChapter 1 Getting Started with Switch Management
Chapter 1 Getting Started with Switch Management This section provides an overview of switch management, including the methods you can choose to start managing your NETGEAR GS700TS Gigabit Stackable Smart
More informationSLAACers. IPv6 Accountability without DHCPv6. Library and Information Services School of Oriental and African Studies London. Networkshop 39, 2011
IPv6 Accountability without DHCPv6 Library and Information Services School of Oriental and African Studies London Networkshop 39, 2011 Objective Objective is to tie in accountability 1 (abuse@). IPv4 to
More information07/ CONFIGURING SECURITY SETTINGS
SECURITY LOG Malformed packet: Failed parsing a packed has been blocked because it is malformed. Maximum security enabled service a packet has been accepted because it belongs to a permitted service in
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationApplication Note 3Com VCX Connect with SIP Trunking - Configuration Guide
Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...
More informationNEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL
PORTNOX PLATFORM NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL Portnox s Network Access Control Platform traverses across all network layers, whether physical, virtual or in the cloud
More informationConfiguring the network clients
3 Configuring the network clients Accessing the wireless router Setting an IP address for wired or wireless clients To access the ASUS Wireless Router, you must have the correct TCP/IP settings on your
More informationInteroperability guide Phoenix Contact WLAN clients with Cisco Wireless LAN Controllers (WLC) Published:
Interoperability guide Phoenix Contact WLAN clients with Cisco Wireless LAN Controllers (WLC) Published: 2018-10-16 Contents Introduction... 1 Objectives:... 1 Requirements:... 1 Procedure... 2 Default
More informationCopyright Link Technologies, Inc.
3/15/2011 Mikrotik Certified Trainer / Engineer MikroTik Certified Dude Consultant Consulting Since 1997 Enterprise Class Networks WAN Connectivity Certifications Cisco, Microsoft, MikroTik BGP/OSPF Experience
More informationAruba Instant in AirWave 7.7
Aruba Instant in AirWave 7.7 Deployment Guide About this Document This document describes the Aruba Instant access point and Virtual Controller system as well as the procedure to integrate this system
More informationUIP1869V User Interface Guide
UIP1869V User Interface Guide (Firmware version 0.1.8 and later) Table of Contents Opening the UIP1869V's Configuration Utility... 3 Connecting to Your Broadband Modem... 5 Setting up with DHCP... 5 Updating
More informationPosture Services on the Cisco ISE Configuration Guide Contents
Posture Services on the Cisco ISE Configuration Guide Contents Introduction Prerequisites Requirements Components Used Background Information ISE Posture Services Client Provisioning Posture Policy Authorization
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 250-530 Title : Administration of Symantec Network Access Control 12.1 Vendors : Symantec
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationPayroll Made Easy: Developing a Web Based System for Student Employee Payroll
Payroll Made Easy: Developing a Web Based System for Student Employee Payroll William S. Thieke, Ph.D. Le Moyne College 1419 Salt Springs Rd. Syracuse, NY 13214 315-445-4599 thiekews@mail.lemoyne.edu ABSTRACT
More informationMinimum Security Standards for Networked Devices
University of California, Merced Minimum Security Standards for Networked Devices Responsible Official: Chief Information Officer Responsible Office: Information Technology Issuance Date: Effective Date:
More informationQ: How to setup the WDS link
Q: How to setup the WDS link A. WDS Bridge Mode B. WISP Mode (Client + Router) C. Universal Repeater Mode (AP + Client) A. WDS Bridge Mode Topology (WNRT-632 acts as AP-1 & AP-2): STEP1. In AP-2, go to
More informationThis solution is fully reproducible and has been deployed in live environments.
Introduction On many occasions there is a customer requirement to provide a simple guest-only wireless solution, and rightly or wrongly, it has been decided that this network should be completely segregated
More informationIndia Operator BNG and IP Router
CASE STUDY MPC480 IN INDIA India Operator BNG and IP Router 1 BACKGROUND The India Operator (Operator) provides Internet services to approx. 40,000 end users (residential and business users) in a city
More informationPost-Installation Tasks
CHAPTER 5 Post-Installation Checklist, page 5-1, page 5-6 Post-Installation Checklist Figure 5-1 Post-Installation Flowchart Post-installaion checklist Non-DNS deployment? Yes No Check for software and
More informationDHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy
Proxy, page 1 Link Select and VPN Select, page 4 Option 82, page 7 Internal Server, page 10 for WLANs, page 13 Proxy Information About Configuring Proxy When proxy is enabled on the controller, the controller
More informationConfigure Client Posture Policies
Posture Service Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance
More informationTroubleshooting CHAPTER
CHAPTER 3 This chapter provides troubleshooting procedures for basic problems with the access point. For the most up-to-date, detailed troubleshooting information, refer to the Cisco Technical Support
More informationHow To Uninstall Wsus 3.0 Sp2 And Its Related Components
How To Uninstall Wsus 3.0 Sp2 And Its Related Components Further following hotfixes for WSUS 3.0 SP2 were also installed on the sytem. renaming software distribution folder & reseting Window Update Component.
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationChurchill County Library Offers Information Technology Courses
r FOR IMMEDIATE RELEASE Media Contact Jessica Pauletto 775-323-2977 jessica@theabbiagency.com Churchill County Library Offers Information Technology Courses FALLON, Nev. (April 21, 2016) Churchill County
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationComputer Network Protocols: Myths, Missteps, and Mysteries. Dr. Radia Perlman, Intel Fellow
Computer Network Protocols: Myths, Missteps, and Mysteries Dr. Radia Perlman, Intel Fellow It s not what you don t know that s the problem. It s what you do know that ain t true.mark Twain (?) 2 Network
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationIP Telephony Troubleshooting
IP Telephony Troubleshooting by Ronald Trunk Page IP Telephony Troubleshooting By Ron Trunk Now that IP telephony systems are becoming commonplace, network engineers need to be familiar with IP telephony
More informationBozeman IT Council Agenda 10:00 am Friday, May 29, 2015 President s Conference Room. Members
Bozeman IT Council Agenda 10:00 am Friday, May 29, 2015 President s Conference Room Regular Regular Regular Others in Members Jerry Sheehan Members Chris Deshazo Members Rich Shattuck Attendance Lindsey
More informationImplementation of NAC at ORNL
Implementation of NAC at ORNL Paige Stafford Summer 2009 ESCC/Internet2 Joint Techs Indianapolis, IN July 19-24, 2009 Managed by UT-Battelle Outline Background ORNL s network NAC defined Origins of ORNL
More informationSophos Central Admin. help
help Contents About Sophos Central... 1 Activate Your License...2 Overview... 3 Dashboard...3 Alerts...4 Logs & Reports... 10 People... 25 Devices... 34 Global Settings...50 Protect Devices...78 Endpoint
More informationStatic Ip Address No Internet Connection >>>CLICK HERE<<<
Static Ip Address No Internet Connection Windows 7 To get a static IP on the internet you must contact your ISP to upgrade your Internet Connection, or use a dynamic DNS service such as DynDNS and No-IP.
More informationWHY YOUR NAC PROJECTS KEEP FAILING: ADDRESSING PRODUCTS, PEOPLE, PROCESSES
SESSION ID: TECH-W14 WHY YOUR NAC PROJECTS KEEP FAILING: ADDRESSING PRODUCTS, PEOPLE, PROCESSES Jennifer Minella VP of Engineering & Security Carolina Advanced Digital, Inc. @jjx securityuncorked.com @CADinc
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationSJTU 2018 Fall Computer Networking. Wireless Communication
SJTU 2018 Fall Computer Networking 1 Wireless Communication Internet Protocol Stack 2 Application: supporting network applications - FTP, SMTP, HTTP Transport: data transfer between processes - TCP, UDP
More informationConfiguring DHCP. Restrictions for Configuring DHCP for WLANs. Information About the Dynamic Host Configuration Protocol. Internal DHCP Servers
Restrictions for for WLANs, page 1 Information About the Dynamic Host Configuration Protocol, page 1 (GUI), page 3 (CLI), page 4 Debugging DHCP (CLI), page 5 DHCP Client Handling, page 5 Restrictions for
More informationNetwork Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014
In most organizations networks grow all the time. New stacks of security appliances, new applications hosted on new clusters of servers, new network connections, new subnets, new endpoint platforms and
More informationDGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide
6. Layer 3 Features ARP ARP Gratuitous ARP IPv4 Interface IPv4 Static/Default Route IPv4 Route Table IPv6 General Prefix IPv6 Interface IPv6 Neighbor IPv6 Static/Default Route IPv6 Route Table ARP Aging
More informationGuides for Installing MS SQL Server and Creating Your First Database. Please see more guidelines on installing procedure on the class webpage
Guides for Installing MS SQL Server and Creating Your First Database Installing process Please see more guidelines on installing procedure on the class webpage 1. Make sure that you install a server with
More informationCLEARPASS CONVERSATION GUIDE
CLEARPASS CONVERSATION GUIDE Purpose: Goal: How to use: This document is designed to help you steer customer discussions with respect to the ClearPass solution. It will be useful as an initial conversation
More informationCisco 3: Advanced Routing & Switching
Western Technical College 10150130 Cisco 3: Advanced Routing & Switching Course Outcome Summary Course Information Description Career Cluster Instructional Level Total Credits 3.00 Total Hours 90.00 This
More informationAppResponse Xpert RPM Integration Version 2 Getting Started Guide
AppResponse Xpert RPM Integration Version 2 Getting Started Guide RPM Integration provides additional functionality to the Riverbed OPNET AppResponse Xpert real-time application performance monitoring
More informationTomáš Podermański, Matěj Grégr,
Tomáš Podermański, tpoder@cis.vutbr.cz Matěj Grégr, igregr@fit.vutbr.cz Agenda Current status of IPv6 deployment at BUT IPv6 problems to solve Addressing First hop security User tracking and accounting
More informationN o W i r e s. N o W a i t i n g
N o W i r e s N o W a i t i n g N E T W O R K S W I T H O U T W I R E S Sales: Computer Service Corp 644 Strander Blvd #11 Seattle, Wa 98188 (866) 7209-7771 Toll Free www.csc-service.com T h e B e s t
More informationSecurity best practices
Security Best Practices CARRIER CORPORATION 2017 A member of the United Technologies Corporation family Stock symbol UTX Catalog No. 11-808-561-01 10/3/2017 Verify that you have the most current version
More informationMeeting 39. Guest Speaker Dr. Williams CEH Networking
Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach,
More informationStudents. To Campus Network Registration. Library and Information Technology Arcadia University
Students Quick Guide To Campus Network Registration Library and Information Technology Arcadia University Table of Contents Table of Contents Network Registration Guide o What is Remediation? o Registering
More informationSmart Video Replay Game Day Preparation & Troubleshooting Guide
Smart Video Replay Game Day Preparation & Troubleshooting Guide Game Day Preparation Make sure your batteries are charged. Make sure you have enough batteries for the entire game. Make sure all your equipment
More informationNetwork Access Control: A Whirlwind Tour Through The Basics. Joel M Snyder Senior Partner Opus One
Network Access Control: A Whirlwind Tour Through The Basics Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Defining NAC Why are we thinking about NAC? What is a definition of NAC? What are
More informationCampus Manager. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet
DataSheet Comprehensive NAC Solution Identity Management Endpoint Compliance Usage Policy Enforcement Historical Auditing and Reporting Out-of-Band Network Access Control for Wired, Wireless and VPN Networks
More informationSYLLABUS. Departmental Syllabus. Applied Networking I. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus
SYLLABUS DATE OF LAST REVIEW: 1/30/2015 CIP CODE: 11.1006 SEMESTER: COURSE TITLE: COURSE NUMBER: Applied Networking I CRTE0115 CREDIT HOURS: 2 INSTRUCTOR: OFFICE LOCATION: OFFICE HOURS: TELEPHONE: EMAIL:
More informationVLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments
VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments Dr. Ronny L. Bull, Ph.D. Utica College Nexus Seminar Series Nov 10th 2017 About Me Ph.D. in Computer Science from Clarkson
More informationInternational OpenFlow/SDN Test Beds 3/31/15
Duke s SDN Journey International OpenFlow/SDN Test Beds 3/31/15 Charley.Kneifel@duke.edu Part 1 Planning Definitions Infrastructure Considerations Use Cases Service Delivery / Management Considerations
More informationIpswitch: The New way of Network Monitoring and how to provide managed services to its customers
BRKPAR-2333 Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers Paolo Ferrari, Senior Director Sales Southern Europe, Ipswitch, Inc. WhatsUp Gold Jan 2018 Agenda
More informationApplication Note Startup Tool - Getting Started Guide
Application Note Startup Tool - Getting Started Guide 07 July 2008 Startup Tool Table of Contents 1 INGATE STARTUP TOOL...1 2 STARTUP TOOL INSTALLATION...2 3 CONNECTING THE INGATE FIREWALL/SIPARATOR...5
More informationIntroducing LXI to your Network Administrator
Introducing LXI to your Network Administrator Aug 3, 2013 Edition Notice of Rights/Permissions: All rights reserved. This document is the property of the LXI Consortium and may be reproduced, but unaltered,
More informationCampus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs
Campus Networking Workshop Layer 2 engineering Spanning Tree and VLANs Switching Loop When there is more than one path between two switches What are the potential problems? Switching Loop If there is more
More informationCisco IP Phone Configuration Guide
Version 1.0 Date: 2016.09.21 Yeastar Information Technology Co. Ltd. Introduction This guide introduces how to configure Cisco IP phones with Yeastar S-Series VoIP PBX. You have multiple ways to configure
More informationStatic Ip Address Problems Windows 7 Setup. Virtual >>>CLICK HERE<<<
Static Ip Address Problems Windows 7 Setup Virtual Vm are all 2008r2 with vmxnet3 VM adapter running virtual machine version 8 on Esx 5.5 with I see that the assigned static IP address is marked as duplicate
More informationUser Directories and Campus Network Authentication - A Wireless Case Study
User Directories and Campus Network Authentication - A Wireless Case Study Sean Convery Identity Engines Kevin Jones Metropolitan Community College Agenda Role-based Access Control About MCC Wireless project
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationPatch For AR450S Routers
Patch Release Note For AR450S Routers Introduction This patch release note lists the issues addressed and enhancements made in patch 54264-01 for Software Release 2.6.4 on existing models of AR450S routers.
More informationairhaul Nexus sb3010
u n w i r i n g o u r w o r l d TM airhaul Nexus sb3010 User Configuration Guide Version 1.3 Copyright smartbridges Pte Ltd. All Rights Reserved. About This Document This Software Configuration Guide is
More informationHow-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology
How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology Author: John Eppich Table of Contents About this Document... 3 Introduction
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationAT-S41 Version 1.1.7C Management Software for the AT-8326GB and AT-8350GB Series Fast Ethernet Switches. Software Release Notes
AT-S41 Version 1.1.7C Management Software for the AT-8326GB and AT-8350GB Series Fast Ethernet Switches Software Release Notes Please read this document before you begin to use the AT-S41 management software.
More informationCyber Security Update Recent Events in the Wild and How Can We Prepare?
Cyber Security Update Recent Events in the Wild and How Can We Prepare? Bob Cowles August, 2011 DOE Labs Hacked! ORNL off the Internet for nearly 2 weeks extensive remediation efforts put into place JLab
More informationCertified SonicWALL Security Administrator (CSSA) Instructor-led Training
Instructor-led Training Comprehensive Services from Your Trusted Security Partner Additional Information Recommended prerequisite for the Certified SonicWALL Security Administrator (CSSA) exam Course Description:
More information