Sign in or 
| Version | User | Scope of changes |
|---|---|---|
| Jan 24 2008, 2:09 AM EST | alokagrawal | 9 words added, 6 words deleted |
| Jan 18 2008, 3:30 PM EST | robboyd |
Changes
Key: Additions Deletions
You can affect this show. Feel free to comment on the discussion thread below - any comments on the content of this show may get reflected in the show. No promises! Sidebar: Jimmy Ray IS NOT channeling Larry the Cable Guy and cannot do a British accent no matter how hard he tries...so don't even ask.
NETWORK ADMISSION CONTROL
Taping Date: February 6, 2008
Air Date: March 6, 2008
Guests:
Alok Agrawal, TME Manager from the Cisco NAC BU
SteveDavid PettitAnderson, ofPM Greatfrom Baythe SoftwareCisco NAC BU
Proposed Segmentation:
Segment 1: NAC Foundational Concepts -
Segment 2: Server Deployment Modes
Segment 3: Topology and Design Considerations
Segment 4: Device Profiling
Show Description:
In its most basic form, the concept of Network Admission Control (NAC) is quite simple: Define and enforce a security policy that establishes a minimum set of standards that must be met prior to allowing entry to the network. Simple in theory, much more complex in its execution.
NAC is not a one shot installation. It eventually should involve your entire infrastructure and address every point of entry. This usually translates into a phased approach that may involve addressing your riskiest threat vectors first followed by a gradual rollout as time and budgets allow.
Your network and your goals are unique however and these factors will dictate where and how you get started or ultimately finish.
There are details that often get left out of the standard sales pitch. Understanding the impact of your design decisions can make the difference in a project you are proud to reference and not one you would like to sweep under the rug.
This episode is about asking the hard questions as we explore the various technical options available in a mature, goal oriented, NAC implementation.
Seems that every network design question comes with the engineer’s favorite answer: it depends. What does it depend on? That’s what we cover today.
You will walk away with the following questions answered:
1. Is NAC ready for YOUR particular network?
2. What are the four deployment modes you should consider?
3. What are the design implications for VPN, Wireless, Remote Sites or a Campus?
4. What happens when things fail?
5. How do you account for non-PC devices without a bunch of manual work-arounds and dangerous choices?
Blogger:
Jamie Sanbower from Force3 maintains a nice Cisco NAC Blog
Interesting Articles:
Is NAC Dead
NAC Gains Traction
“What Businesses want from NAC”
In a recent NAC survey of businesses, the Aberdeen Group listed the top requirements that the respondents had for NAC. The top technology requirements were: preventing unauthorized users and machines from accessing the network; logging all access events and recording them centrally; enforcing policies on remote users; and quarantining unhealthy machines.
The Survey
Questions - Why were certain items ranked lower....?
Is NAC Dying?
Great set of NAC Articles at Dark Reading
ALL INFORMATION IS SUBJECT TO CHANGE.
NETWORK ADMISSION CONTROL
Taping Date: February 6, 2008
Air Date: March 6, 2008
Guests:
Alok Agrawal, TME Manager from the Cisco NAC BU
SteveDavid PettitAnderson, ofPM Greatfrom Baythe SoftwareCisco NAC BU
Proposed Segmentation:
Segment 1: NAC Foundational Concepts -
- What is it, why do we need it, why now?
- Where does 802.1x fit, what problems can be solved here, etc.
- Posture Assesment - more than just AV and Spyware
- Client vs. Clientless, Inband vs. Out of Band, Remediation, Non-Cisco applications
- Server, Manager, Agent Communication, Rule Set updates.
Segment 2: Server Deployment Modes
- Virtual and Real IP Gateway
- Layer 2 and Layer 3
- In-band and Out of Band
- Client & Temporal Agent
Segment 3: Topology and Design Considerations
- VPN
- Wireless
- Remote Sites
- Campus
Segment 4: Device Profiling
- Great Bay Software, guest Steve Petit (not confirmed yet)
- NAC Profiler
- Collector
- Design Choices/Trade-offs
Show Description:
In its most basic form, the concept of Network Admission Control (NAC) is quite simple: Define and enforce a security policy that establishes a minimum set of standards that must be met prior to allowing entry to the network. Simple in theory, much more complex in its execution.
NAC is not a one shot installation. It eventually should involve your entire infrastructure and address every point of entry. This usually translates into a phased approach that may involve addressing your riskiest threat vectors first followed by a gradual rollout as time and budgets allow.
Your network and your goals are unique however and these factors will dictate where and how you get started or ultimately finish.
There are details that often get left out of the standard sales pitch. Understanding the impact of your design decisions can make the difference in a project you are proud to reference and not one you would like to sweep under the rug.
This episode is about asking the hard questions as we explore the various technical options available in a mature, goal oriented, NAC implementation.
Seems that every network design question comes with the engineer’s favorite answer: it depends. What does it depend on? That’s what we cover today.
You will walk away with the following questions answered:
1. Is NAC ready for YOUR particular network?
2. What are the four deployment modes you should consider?
3. What are the design implications for VPN, Wireless, Remote Sites or a Campus?
4. What happens when things fail?
5. How do you account for non-PC devices without a bunch of manual work-arounds and dangerous choices?
Blogger:
Jamie Sanbower from Force3 maintains a nice Cisco NAC Blog
Interesting Articles:
Is NAC Dead
NAC Gains Traction
“What Businesses want from NAC”
In a recent NAC survey of businesses, the Aberdeen Group listed the top requirements that the respondents had for NAC. The top technology requirements were: preventing unauthorized users and machines from accessing the network; logging all access events and recording them centrally; enforcing policies on remote users; and quarantining unhealthy machines.
The Survey
Questions - Why were certain items ranked lower....?
Is NAC Dying?
Great set of NAC Articles at Dark Reading
