Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
|
|
- Joleen Griffin
- 6 years ago
- Views:
Transcription
1 Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access
2 Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits
3 The Challenge of Securing Complexity This is a story about network security. Specifically, how you can have productivity. security without compromising More to the point, your company may already be bristling with network defenses, but you still have one glaring vulnerability your network users.
4 The Business Case for NAC Limit the impact of security problems, stop threats from propagating 86% Increase overall corporate security posture 78% Protect against loss of sensitive/ personal information 77% Drivers Control network access based on user identity and role Protect against loss of intellectual property 60% 76% Demonstrate compliance to security/access policies 59% Regulatory requirements 44% 0% 20% 40% 60% 80% 100% Source: Infonetics Research, June 2009
5 Productivity Causes Complexity WHAT SYSTEM IS IT? WHO OWNS IT? WHERE IS IT COMING FROM? WHAT S ON IT? IS IT RUNNING? WHAT S THE PREFERRED WAY TO CHECK/FIX IT? Windows, Mac or Linux Laptop or desktop or PDA Printer or other corporate asset Company Employee Contractor Guest Unknown VPN LAN WLAN WAN Anti-virus, anti-spyware Personal firewall Patching tools Pre-configured checks Customized checks Self-remediation or auto-remediation Third-party software
6 Complexity Demands Defense-in-Depth identity endpoint security X Identity alone fails: Protects against unauthorized access, but not malware Identifies user, but not device network security X Endpoint security alone fails: 99% have AV, but infections persist! Host based apps are easily manipulated even unintentionally Time gap between virus and virus def/repair X Network security alone fails: Firewalls cannot block legitimate ports VPNs cannot block legitimate users Malware signatures must be known Detection often occurs after-the-fact
7 What Is Network Admission Control? Using the network to enforce policies ensures that incoming devices are compliant. identity Who is the user? Is s/he authorized? What role does s/he get? Please enter username: Is MS patched? Does A/V or A/S exist? Is it running? Are services on? Do required files exist? device security network security PLUS Is policy established? Are non-compliant devices quarantined? Is remediation required? Is remediation available?
8 Four Key Capabilities of NAC WHAT IT MEANS Uniquely identifies users and devices, and creates associations between the two Assess and enforce a ubiquitous policy across the entire network Acts on posture assessment results, isolates device, brings into compliance Easily creates comprehensive, granular policies that map quickly to user groups and roles WITHOUT IT... Associate users and devices with roles to know which policies apply; prevents device spoofing. A decentralized policy mechanism (e.g. on endpoint) can leave gaping security holes. Just knowing a device is non-compliant is not enough, someone still needs to fix it. Policies too complex or difficult to create and use will lead to abandonment of project.
9 Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits
10 NAC Appliance (a.k.a. Cisco Clean Access) Components Cisco Clean Access Server Serves as an in-band or out-of-band device for network access control Cisco Clean Access Manager Centralizes management for administrators, support personnel, and operators Cisco Clean Access Agent Optional lightweight client for device-based registry scans in unmanaged environments Rule-set Updates Scheduled automatic updates for anti-virus, critical hotfixes and other applications
11 Clean Access Server CAS is the enforcement point for network access CAS has two key interfaces (eth0/eth1): Untrusted Interface (eth1): Facing end users to be NACed untrusted network Trusted Interface (eth0): Facing the network to be secured trusted network Traffic is BRIDGED (Virtual Gateway) or ROUTED (Real IP Gateway) between the two interfaces VIRTUAL GATEWAY REAL IP GATEWAY SVI : Vlan 10 SVI : Vlan 40 Vlan 10 eth0 Vlan 40 eth0 Map 10>> /24 eth1 Vlan 10 eth1 Vlan 10 eth /24 eth0 Frame in > Frame out Frame in VLAN- Map on CAS Frame Out Packet in Routed by CAS packet Out
12 NAC Manager Overview Controls all NAC servers centrally Configuration policies pushed to all servers Communicates with servers for status and updates Scalable to support multiple servers NAC Manager NAC Server NAC Server NAC Server
13 NAC Appliance Sizing Super Manager manages more than 40 Users = online, concurrent Standard Manager manages up to 20 Enterprise and Branch Servers Enterprise and Manager Branch Servers Lite manages up to 3 Branch Office or SMB Servers 1500 users 2500 users 3500 users 100 users 250 users 500 users 50 users NM 100 users NM
14 NAC Server Deployment Mode The NAC server is deployed in a combination of the following 3 modes. In-Band (IB) or Out-of-Band (OOB) The NAC server (CAS) is in the data path all the time The NAC server is in the path only during the NAC process A given CAS server can only be IB or OOB Layer 2 (L2) or Layer 3 (L3) Users are L2 adjacent to the NAC server or they are multiple hops away (L3) from the NAC server (CAS) A given NAC server can support both L2 and L3 adjacent users Virtual Gateway (VG) or Real-IP Gateway (RIP-GW) The NAC server (CAS) acts as bridge (VG) or router (RIP- GW) between its two interfaces A given NAC server (CAS) can only be VG or RIP-GW,not both
15 CAS Physical Deployment Models Centralized - Redundant Example: Collapsed Core Centralized Deployment Virtual Gateway Mode 6 Access Layer Closets, 6 Data VLANs 500 users per VLAN total 3000 users 3 VLANS per CAS 1500 users each VLAN s 40, 50, 60 VLAN s 140, 150, 160 VLAN s 10, 20, 30 VLAN s 110, 120, 130 Access Collapsed Core / DistribuJon VLAN 110 VLAN 120 VLAN 130 VLAN 140 VLAN 150 VLAN 160 Access
16 CAS Physical Deployment Models Centralized Load-Balancing Example Enterprise Central Deployment Virtual Gateway Mode 3 Access Layer Closets, 6 VLANs 500 users per VLAN total 3000 users 3 VLANS per CAS 1500 users each
17 CAS Traffic Flow Deployment Models In Band & Out of Band In Band CAS is Inline (in the data path) before and after posture assessment ACL Filtering and Bandwidth Throttling Remote offices, VPN connectivity Limited scalability Out of Band Multi-gig throughput Inline only during posture assessment Port VLAN-based and Rolebased access control
18 CAS Client Access Deployment Models L2 & L3 L2 Model Client is L2 adjacent to CAS VG/Real IP GW/IB/OOB Mostly for LAN deployments MAC add as identifier L3 Model Client is not L2 adjacent to CAS VG/Real IP GW/IB/OOB Mostly for WAN/VPN deployments IP add as identifier
19 NAC Appliance for VPN Access Laptop IP: Auth Server IP: NAC Appliance Manager IP: ASA IP: NAC Appliance Server IP: Router IP: Intranet Server IP: NAC Enforcement Point DNS Server IP: Radius Accounting Server IP: Remote user connects to ASA via IPSec or SSL VPN tunnel 2. Remote user obtains IP address from ASA 3. ASA forwards Radius accounting login info to CAS 4. Radius Accounting information logs user into Appliance, so no need to sign on twice - SSO 5. Everything else the same as in-band deployment
20 How do you create and manage headless devices in your environment? NAC Profiler can manage all other headless devices Automatic Discovery and Inventory via SNMP Profiles Devices into NAC Roles SPAN PROFILER NACS/Collector API SNMP NACM Devices added to Filter List from Profiler Devices get proper access under NAC
21 Dynamic Provisioning into NAC Manager NAC Profiler profiles device and automatically places it in the NAC Manager filter list Detailed Device Information
22 Cisco NAC Appliance Agents Clean Access Agent - local-machine, Agent-based Posture and Remediation Bundled with CAM software release/update Full Agent Installation/Stub Agent Installation (Java/ActiveX)
23 Cisco NAC Appliance Agents Cisco NAC Web Agent permanent client application not required Posture assessment available, no automatic Remediation
24 Cisco NAC Services Automated Policy Updates Automated Cisco Rulesets Simplify support for over 350+ security and management applications AutoUpdates Hotfixes, Service Packs (direct to WSUS Server) Cisco NAC Manager
25 Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits
26 NAC Appliance Technical Benefits Product Experience With 500+ deployments, Cisco understands the technical impact on your network Defensein-Depth NAC Appliance is a self-contained, proactive way to enforce policy compliance on all incoming devices Rapid Setup Easy Mgmt Pre-configured rulesets and checks make it easy to setup, maintain, modify, and expand Flexible Deployment Broad deployment options means that NAC Appliance fits into your network the way you need it to Future Proof NAC Appliance is core to Cisco s strategic NAC vision and can be leveraged across all future deployment options
Cisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationNetworks with Cisco NAC Appliance primarily benefit from:
Cisco NAC Appliance Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrators to authenticate, authorize, evaluate,
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationSymbols. Numerics I N D E X
I N D E X Symbols /var/log/ha-debug log, 517 /var/log/ha-log log, 517 Numerics A 3500XL Edge Layer 2 switch, configuring AD SSO, 354 355 access to resources, troubleshooting issues, 520 access VLANs, 54
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationWireless NAC Appliance Integration
5 CHAPTER This chapter provides design guidance for deploying Cisco Network Admission Control (NAC) appliance endpoint security in a Cisco Unified Wireless Network deployment. These best practice recommendations
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationIntroduction. What is Cisco NAC Appliance? CHAPTER
1 CHAPTER This chapter provides a high-level overview of the Cisco NAC Appliance solution. Topics include: What is Cisco NAC Appliance?, page 1-1 FIPS Compliance in the Cisco NAC Appliance Network, page
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationAugust knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO
knac! 10 (or more) ways to bypass a NAC solution August 2007 Ofir Arkin, CTO In Memory of Oshri Oz September 13, 1972 - May 27, 2007 Agenda What is NAC? NAC Basics 10 (or more) ways to bypass NAC Ofir
More informationCase study: UniCredit Tiriac Bank deploys Cisco Network Admission Control
Case study: UniCredit Tiriac Bank deploys Cisco Network Admission Control Bogdan Zamfir, CISM Head of IT Function, ICT Security, UniCredit Tiriac Bank Victor Alazaroae Presales Consultant, Datanet Systems
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationEnterasys. Design Guide. Network Access Control P/N
Enterasys Network Access Control Design Guide P/N 9034385 Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site
More informationSSL VPNs or IPsec VPNs The Challenges of Remote Access. February 2 nd, 2007 Chris Witeck- Director of Product Marketing
SSL VPNs or IPsec VPNs The Challenges of Remote Access February 2 nd, 2007 Chris Witeck- Director of Product Marketing Agenda Remote access challenges Drivers for remote access New challenges for IT Remote
More informationSymantec Network Access Control Starter Edition
Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead
ClearPass Ecosystem Tomas Muliuolis HPE Aruba Baltics lead 2 Changes in the market create paradigm shifts 3 Today s New Behavior and Threats GenMobile Access from anywhere? BYOD Trusted or untrusted? Bad
More informationGEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:
Advanced Compliance Enforcement for Healthcare Presented by: December 16, 2014 Adam Winn GEARS Product Manager OPSWAT Kevin Mayer Product Manager ForeScout Agenda Challenges for the healthcare industry
More information2013 InterWorks, Page 1
2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCampus Manager. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet
DataSheet Comprehensive NAC Solution Identity Management Endpoint Compliance Usage Policy Enforcement Historical Auditing and Reporting Out-of-Band Network Access Control for Wired, Wireless and VPN Networks
More informationSecure Mobility. Klaus Lenssen Senior Business Development Manager Security
Secure Mobility Klaus Lenssen Senior Business Development Manager Security KL Secure Mobility 2008 Cisco Systems, Inc. All rights reserved. Cisco public 1 Complete Your Online Session Evaluation Please
More informationUser Management: Configuring User Roles and Local Users
6 CHAPTER User Management: Configuring User Roles and Local Users This chapter describes the following topics: Overview, page 6-1 Create User Roles, page 6-2 Create Local User Accounts, page 6-15 For details
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationWhite Paper February McAfee Policy Enforcer. Securing your endpoints for network access with McAfee Policy Enforcer.
White Paper February 2006 McAfee Policy Enforcer Securing your endpoints for network access with McAfee Policy Enforcer White Paper February 2006 Page 2 Table of Contents Executive Summary 3 Enforcing
More informationEnterprise Guest Access
Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of
More informationPortnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview
Portnox CORE On-Premise Technology Introduction Portnox CORE provides a complete solution for Network Access Control (NAC) across wired, wireless, and virtual networks for enterprise managed, mobile and
More informationIntroducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer
Introducing Secure Access for the Next Generation Bram De Blander Sales Engineer bdeblander@pulsesecure.net What CIOs are asking Mobility Cloud Apps IoT Is our firewall security and EMM system good enough?
More informationEnterasys Network Access Control
There is nothing more important than our customers Enterasys Network Access Control ČIMIB konference 11.2 Praha What is NAC? A User focused technology that: - Authorizes a user or device (PC, Phone, Printer)
More informationForeScout CounterACT. Automated Security Control Platform. Network Access Control Mobile Security Endpoint Compliance Threat Prevention
ForeScout CounterACT Automated Security Control Platform Network Access Control Mobile Security Endpoint Compliance Threat Prevention Benefits Stronger security Gain 100% visibility to everything on your
More informationNetwork Access Control: A Whirlwind Tour Through The Basics. Joel M Snyder Senior Partner Opus One
Network Access Control: A Whirlwind Tour Through The Basics Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Defining NAC Why are we thinking about NAC? What is a definition of NAC? What are
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationTHE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE
THE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE A Clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. Abstract The consumerization
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationImplementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.
Implementing NAP and NAC Security Technologies The Complete Guide to Network Access Control Daniel V. Hoffman m WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XIII XV Chapter 1 Chapter
More informationForeScout Extended Module for Symantec Endpoint Protection
ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationMR Cloud Managed Wireless Access Points
Datasheet MR Series MR Cloud Managed Wireless Access Points Overview The Meraki MR series is the world s first enterprise-grade line of cloud-managed WLAN access points. Designed for challenging enterprise
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationNAC Director. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet
DataSheet Comprehensive Solution Identity Management Endpoint Compliance Usage Policy Enforcement Historical Auditing and Reporting Out-of-Band Network Access Control for Wired, Wireless and VPN Networks
More informationSecurity Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis
Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Marco Rottigni Chief Technical Security Officer, Qualys, Inc. Secure Enterprise Mobility
More informationCisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]
s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers
More informationSecure Access - Update
Secure Access - Update for people, devices, things and services Jonas Gyllenhammar Senior Consultant Engineer - Specialist The New Reality All Major OSs One Client On-the-go Home network Untrusted LAN
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationThe Context Aware Network A Holistic Approach to BYOD
The Context Aware Network A Holistic Approach to BYOD Trends Bring Your Own Device BYOD at Cisco Cisco BYOD Solution Use Cases Summary Trends #CiscoPlusCA Demand for Mobility 15 billion new networked mobile
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,
More informationPutting Trust Into The Network Securing Your Network Through Trusted Access Control
Putting Trust Into The Network Securing Your Network Through Trusted Access Control Steve Hanna, Juniper Networks Co-Chair, Trusted Network Connect Sub Group of Trusted Computing Group ACSAC December 2006
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationMOBILE NETWORK ACCESS CONTROL
MOBILE NETWORK ACCESS CONTROL Extending Corporate Security Policies to Mobile Devices www.netmotionwireless.com Executive Summary Network Access Control (NAC) systems protect corporate assets from threats
More informationTeleworking and Security: IT All Begins with Endpoints. Jim Jessup Solutions Manager, Information Risk Management June 19, 2007
Teleworking and Security: IT All Begins with Endpoints Jim Jessup Solutions Manager, Information Risk Management June 19, 2007 Agenda 1 Today s Landscape 2 Trends at the Endpoint 3 Endpoint Security 4
More informationMassimiliano Sbaraglia
Massimiliano Sbaraglia Printer Layer 2 access connections to End-Point Layer 2 connections trunk or layer 3 p2p to pair distribution switch PC CSA PVST+ or MST (Spanning Tree Protocol) VLANs LapTop VoIP
More informationCisco NAC Appliance Agents
10 CHAPTER This chapter presents overviews, login flow, and session termination dialogs for the following Cisco NAC Appliance access portals: Cisco NAC Agent, page 10-1 Cisco NAC Web Agent, page 10-28
More informationNetwork Access Control Whitepaper
Network Access Control Whitepaper There is nothing more important than our customers. Enterasys Network Access Control Executive Summary With the increasing importance Network Access Control (NAC) plays
More informationSONICWALL SECURITY HEALTH CHECK PSO 2017
SONICWALL SECURITY HEALTH CHECK PSO 2017 Get help in fully utilizing your investment to protect your network Overview SonicWALL Security Health Check provides a customer with a comprehensive review of
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationCisco Identity Services Engine
Data Sheet Enterprise networks are more dynamic than ever before, servicing an increasing number of users, devices, and access methods. Along with increased access and device proliferation comes an increased
More informationInterop Labs Network Access Control
Interop Labs Control Interop Las Vegas 2006 Karen O Donoghue Interop Labs Interop Labs are: Technology Motivated, Open Standards Based, Vendor neutral, Test and Education focused, Initiatives With team
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationConfigure Posture. Note
The AnyConnect Secure Mobility Client offers an VPN Posture (HostScan) Module and an ISE Posture Module. Both provide the Cisco AnyConnect Secure Mobility Client with the ability to assess an endpoint's
More informationWindows Server Network Access Protection. Richard Chiu
Windows Server 2008 Network Access Protection Richard Chiu Network Access Protection Solution Overview Policy Validation Determines whether the computers are compliant with the company s security policy.
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management
Brochure ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management Benefits Security Gain real-time network intelligence users,
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationUSG310/210/110. Benefits. Always online. Protection and optimization. Next Generation Firewall (NGFW) for small and medium-sized businesses
Next Generation Firewall (NGFW) for small and medium-sized businesses with firewall, anti-virus, antispam, content filtering, IDP, next-generation application intelligence and SSL inspection connectivity
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationConverged World. Martin Capurro
Information Management in a Converged World Martin Capurro Qwest Product Management Agenda I. Changes In Information Technology II. III. IV. Exploring Technology Trends vs. Needs What is the Buying Opportunity
More informationQuestion: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?
Volume: 385 Questions Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A. tcp/8905 B. udp/8905 C. http/80 D. https/443 Answer: A Question:
More informationClient Health Key Features Datasheet. Client Health Key Features Datasheet
Client Health Key Features Datasheet Client Health Key Features Datasheet Introducing the fastest way to manage endpoint health and security at scale Are you spending countless hours trying to find and
More informationConfiguring NAC Out-of-Band Integration
Prerequisites for NAC Out Of Band, page 1 Restrictions for NAC Out of Band, page 2 Information About NAC Out-of-Band Integration, page 2 (GUI), page 3 (CLI), page 5 Prerequisites for NAC Out Of Band CCA
More informationUSG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
More informationHow Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security
How Cisco IT Upgraded Intrusion Prevention Software to Improve Endpoint Security Cisco Security Agent Version 4.5 thwarts malicious behavior while reducing costs associated with virus and worm remediation.
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationUnderstanding Network Access Control: What it means for your enterprise
Understanding Network Access Control: What it means for your enterprise Network access control is a term that is highly used, but not clearly defined. By understanding the reasons for pursuing a network
More informationGETTING THE NAC OF LAN SECURITY
GETTING THE NAC OF LAN SECURITY A Spire Research Report October 2006 Spire Security, LLC I P.O. Box 152 I Malvern, PA 19355 www.spiresecurity.com NAC: LAN Security Executive Summary The increasing complexity
More informationConfigure Client Posture Policies
Posture Service Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance
More informationSecure wired and wireless networks with smart access control
Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Managing risk in today s digital enterprise Increasingly
More informationForeScout Agentless Visibility and Control
ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control
More informationPresentation_ID. 2003, 2004 Cisco Systems, Inc. All rights reserved.
Presentation_ID 2003, 2004 Cisco Systems, Inc. All rights reserved. 1 ISR and their AT potential Massimiliano Caranzano mcaranza@cisco.com Senior Manager Advanced Technologies Channel Strategy&Development
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationPosture Services on the Cisco ISE Configuration Guide Contents
Posture Services on the Cisco ISE Configuration Guide Contents Introduction Prerequisites Requirements Components Used Background Information ISE Posture Services Client Provisioning Posture Policy Authorization
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationUser Management: Configuring Auth Servers
7 CHAPTER This chapter describes how to set up external authentication sources, configure Active Directory Single Sign-On (SSO), VLAN ID or attribute-based auth server mapping rules, and RADIUS accounting.
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationForescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1
Forescout Version 1.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More information