End Point Security & Network Access Control



Similar documents
Bypassing Network Access Control Systems

IDM and Endpoint Integrity Technical Overview

Network Security Stripped. Trends for from layered technologies to bare essentials

Closed loop endpoint compliance an innovative, standards based approach A case study - NMCI

Network Access Security It's Broke, Now What? June 15, 2010

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT

Policy Management: The Avenda Approach To An Essential Network Service

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Network-in-a-Box Solution. Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks

How To Use Cisco Identity Based Networking Services (Ibns)

Orchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer

InfoExpress Cyber Gatekeeper. How to quote? Günter Neuleitner. März 2009

Frank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network strategy to meet new threats and achieve expanded business imperatives

Bypassing Network Access Control Systems

Efficient and easy-to-use network access control and dynamic vlan management. Date: F r e e N A C. n e t Swisscom

Cisco TrustSec Solution Overview

VLANs. Application Note

Frank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations

Network Access Control in Virtual Environments. Technical Note

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

Check Point NAC and Endpoint Security Martin Koldovský SE Manager Eastern Europe

ForeScout Technologies Is A Leader Among Network Access Control Vendors

Network Virtualization Network Admission Control Deployment Guide

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Technical Note. CounterACT: 802.1X and Network Access Control

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

x900 Switch Access Requestor

Evolving Network Security with the Alcatel-Lucent Access Guardian

Secure Access into Industrial Automation and Control Systems Best Practice and Trends

Network Access Control ProCurve and Microsoft NAP Integration

Technical Note. ForeScout CounterACT: Virtual Firewall

Comprehensive LAN Security: A Business Requirement

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

How to Secure Your Environment

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

NETWORK ACCESS CONTROL

Solving the Enterprise Information Security Problem Common Approaches

UTM10 in multi-ssid, multi-vlan network with WMS5316. Network diagram

Cisco Identity Services Engine

HP Identity Driven Manager Software Series Overview

An Architectural View of LAN Security: In-Band versus Out-of-Band Solutions

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Secure Networks for Process Control

Perspective on secure network for control systems in SPring-8

UC Merced CyberRisk Update

NAC at the endpoint: control your network through device compliance

Network Access Control for Mobile Networks

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Application Note User Groups

Towards End-to-End Security

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Magic Quadrant for Network Access Control

White Paper. Unify Endpoint and Network Security with McAfee Network Access Control (NAC)

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Layer 2 / Layer 3 switches and multi-ssid multi-vlan network with traffic separation

Network Access Control (NAC) and Network Security Standards

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

SOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect

Configure ISE Version 1.4 Posture with Microsoft WSUS

Network Immunity Solution. Technical White paper. ProCurve Networking

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

All You Wanted to Know About WiFi Rogue Access Points

Critical Security Controls

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Whitepaper. Securing Visitor Access through Network Access Control Technology

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

Cisco TrustSec How-To Guide: Guest Services

CCNA Security v1.0 Scope and Sequence

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Modular Network Security. Tyler Carter, McAfee Network Security

Penn State Wireless 2.0 and Related Services for Network Administrators

User-group-based Security Policy for Service Layer

Technology Blueprint. Enforcing Endpoint Compliance on the network. Police your managed and unmanaged systems with Network Access Control (NAC)

Malware and Other Malicious Threats

State of Texas. TEX-AN Next Generation. NNI Plan

Integration with IP Phones

Unified Security TNC EVERYWHERE. Wireless security. Road Warrior. IT Security. IT Security. Conference Room. Surveillance.

How to configure MAC authentication on a ProCurve switch

Secondary DMZ: DMZ (2)

Abstract. Avaya Solution & Interoperability Test Lab

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

How To Choose An Access Control System

NETWORK ACCESS CONTROL TECHNOLOGIES

Solutions Guide. Education Networks

Best Practices for Outdoor Wireless Security

Securing end devices

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

CCT vs. CCENT Skill Set Comparison

Ruckus-Bradford Interop Setup

HP Certified Professional

Transcription:

End Point Security & Network Access Control Presented by: Jennifer Jabbusch - Carolina Advanced Digital, Inc. Alan Shimel - StillSecure Darwin Socco - Bracewell & Giuliani LLP

Let s Talk About What NAC Does Key NAC Concepts Poor Man vs Rich Man s NAC Your Thoughts?

What is NAC? Features depend on vendor and implementation ti choices. Why are some key features that NAC can provide?

What is NAC? What can NAC offer? Port security Network segregation User- or identity-based access control Endpoint integrity checking Guest access support Multiple user/device authentication Centralized management

Key NAC Concepts Where does it go? How does it work?

Key NAC Concepts Network based, host based Inline, out of band Managed and unmanaged Pre-connect, post-connect Remediation Identity based access control NAP, TCG, Cisco NAC framework

Key NAC Concepts Network based, host based Network-Based Host-Based Authentication Switch or AP Endpoint NAC

Key NAC Concepts Inline, out of band Authentication Inline NAC Switch or AP Endpoint Out of Band

Key NAC Concepts Managed and unmanaged Managed / Employee Endpoint Authentication Switch or AP NAC Unmanaged / Guest Endpoint

Key NAC Concepts Pre-connect, post-connect Retest! Post-Connect Pre-Connect Authentication Switch or AP Endpoint NAC

Key NAC Concepts Remediation Either automatically fix what s wrong on the endpoint, or provide access to remediation services on a quarantine network Identity based access control Control what, when and how a user can connect and access resources based on their role or group

Key NAC Concepts NAP, TCG and Cisco NAC frameworks NAP = Microsoft s Framework TNC = TCG Industry-approved framework by most vendors Cisco NAC = Cisco proprietary framework

Why Do You Want NAC? Drivers for NAC in enterprises Drivers for NAC in the legal space What s holding back NAC?

Importance of NAC in Legal IT What are the drivers for NAC adoption in legal? Compliance Confidential information Guests on the network SOX and other compliance requirements What are the factors slowing adoption? What factors have driven adoption in existing firms? Is there a competitive advantage to adopting NAC?

Poor Man vs Rich Man s NAC Faceoff : NAC vs Not-NAC Getting NAC-ish features without NAC

Poor Man s vs. Rich Man s NAC Degrees of NAC adoption and mitigating your risk Reviewing some features of NAC? Port security Network segregation g User- or identity-based access control Endpoint integrity checking Guest access support Multiple user/device authentication Centralized management

Case Studies and Considerations for Selecting the Best NAC Solution (1) Practical Implementations (Wired or Wireless): Physical/Logical/Application Physical Approach: Create a stand-alone network ("The Starbucks Setup") Jack insert blocker/administratively shutdown data ports Logical Approach: VLAN segmentation with ACLs MAC address lockdown 802.1x Authentication (RADIUS)

Case Studies and Considerations for Selecting the Best NAC Solution (2) Application Approach: Proactive OS patch/update management of endpoints Proactive AV push/updates Other company specific application updates

Poor Man s vs. Rich Man s NAC NAC Not-NACNAC Port security with NAC (can be centrally managed) Stand-alone 802.1X (must be managed on each switch manually or physical port control/jack covers) Dynamic or Static VLANs (manually configured per user- group from RADIUS or perport on switches) Network segmentation (can be globally configured by user or group and provisioned dynamically from ID mgmt)

Poor Man s vs. Rich Man s NAC NAC Not-NACNAC Identity-based access (centrally managed, based on users, groups or set of criteria) Endpoint integrity check (basic function of most NAC solutions) Manual RADIUS groups (separate RADIUS group and policy manually created and configured for each unique access) Pro-active patching or NBAD (maintain patches and AV proactively or monitory with behavior anomaly detection)

Poor Man s vs. Rich Man s NAC NAC Not-NACNAC Guest access support (centrally managed, based on user, endpoint type, presence of agent or other criteria) Multiple user/device auth (easily configured and centrally managed) Manual VLAN configuration (manually configure VLANs per- port or per-ssid or use a vendor-specific solution) Manual VLAN configuration (same as above, must be manually configured, which makes multi-user/device auth difficult on shared resources)

Poor Man s vs. Rich Man s NAC NAC Not-NACNAC Centralized management (centrally managed, based on user, endpoint type, presence of agent or other criteria) Individual component config (each component, authentication servers, switches, access points and possibly endpoints will need to be configured manually individually or use a point solution per segment)

Case Studies and Considerations for Selecting the Best NAC Solution (3) Best of Breed Implementation

Your Thoughts? Why are you considering NAC? What s keeping you from doing it? Do you need it?

Questions and Answers Q&A Jennifer Jabbusch Carolina Advanced Digital, Inc. Alan Shimel StillSecure Darwin Socco Bracewell & Giuliani LLP

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information