Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design

Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes

  • 出版商: Cisco Press
  • 出版日期: 2006-12-18
  • 售價: $1,820
  • 貴賓價: 9.5$1,729
  • 語言: 英文
  • 頁數: 244
  • 裝訂: Paperback
  • ISBN: 1587052415
  • ISBN-13: 9781587052415
  • 相關分類: Cisco
  • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

商品描述

Description

Cisco Network Admission Control

Volume I: NAC Framework Architecture and Design

 

A guide to endpoint compliance enforcement

 

Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today’s mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive.

 

Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices.

 

Cisco Network Admission Control, Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution.

 

Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®.

 

Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco.

 

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.

 

Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco. 

 

  • Understand how the various NAC components work together to defend your network
  • Learn how NAC operates and identifies the types of information the NAC solution uses to make its admission decisions
  • Examine how Cisco Trust Agent and NAC-enabled applications interoperate
  • Evaluate the process by which a policy server determines and enforces a policy
  • Understand how NAC works when implemented using NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
  • Prepare, plan, design, implement, operate, and optimize a network admission control solution

  

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

商品描述(中文翻譯)

描述

Cisco Network Admission Control
卷一:NAC框架架構與設計

一本關於端點合規執行的指南

如今,各種安全挑戰影響著所有企業,無論其規模和地點。公司面臨著與蠕蟲、病毒和間諜軟件等惡意軟件作鬥爭的持續挑戰。如今的移動勞動力將許多設備連接到企業網絡,從安全策略的角度來看,這些主機設備更難以控制。這些主機設備通常缺乏防病毒更新和操作系統補丁,從而使整個網絡暴露於感染之中。因此,蠕蟲和病毒繼續干擾業務,導致停機和持續補丁。不合規的服務器和桌面電腦非常常見,且難以檢測和隔離。查找和隔離受感染的計算機耗時且資源密集。

網絡接入控制(NAC)使用網絡基礎設施來強制執行安全策略合規性,以限制新興安全威脅帶來的損害。NAC僅允許合規且可信的端點設備(例如個人電腦、服務器和個人數字助理)訪問網絡計算資源,並且可以限制非合規設備的訪問甚至進行修復。

《Cisco Network Admission Control》卷一描述了NAC架構,並為每個解決方案組件提供了深入的技術描述。本書還提供了執行網絡接入策略的設計指南,並描述了如何處理無NAC代理主機。作為技術入門,本書向您介紹了NAC框架解決方案組件,並介紹了NAC背後的架構和所遵循的協議,以便您完全了解其運作方式。示例工作表幫助您收集和組織設計NAC解決方案的需求。

Denise Helfrich是Cisco全球銷售力量發展部門的技術方案銷售工程師,負責開發和支持全球在線實驗室。

Lou Ronnau,CCIE No. 1536,是Cisco客戶保證安全實踐應用智能組的技術領導者。

Jason Frazier是Cisco技術系統工程組的技術領導者。

Paul Forbes是Cisco安全技術組的首席技術營銷工程師。

- 瞭解各種NAC組件如何共同保護您的網絡
- 了解NAC的運作方式,並瞭解NAC解決方案使用的信息類型
- 檢查Cisco Trust Agent和支持NAC的應用程序的互操作性
- 評估策略服務器確定和執行策略的過程
- 瞭解使用NAC-L2-802.1X、NAC-L3-IP和NAC-L2-IP實施NAC的工作方式
- 準備、規劃、設計、實施、運營和優化網絡接入控制解決方案