Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

NAC Solution Overview

Enterasys NAC Design Guide 1-3

Model 1: End-system Detection and Tracking

ThisNACdeploymentmodelimplementsthedetectionpieceofNACfunctionality.Itsupportsthe

abilitytotrackusersandend‐systemsovertimebyidentifyingwheretheyarecurrentlyconnected

tothenetworkandwheretheyhaveconnectedtothenetworkatanygiventimeinthepast.This

informationis

usefulforcomplianceandauditingpurposes,aswellasothermanagement

operationsthatrequirecompletevisibilityintothecurrentandhistoricalconnectionsofend‐

systemsandusers.

Model 2: End-System Authorization

ThisNACdeploymentmodelimplementsthedetection,authentication,andauthorizationNAC

functionalities,tocontrolaccesstonetworkresourcesbasedonuserandend‐systemidentityand

location.ThemodelsupportsMACaddressorguestregistration,wherenewend‐systemsare

forcedtoprovideavaliduseridentityinaweb

pageformbeforebeingallowedaccesstothe

network.Followingsuccessfu lregistration,end‐systemsaregrantedmeasuredaccess,without

requiringtheinterventionofnetworkoperations.

Model 3: End-System Authorization with Assessment

ThisNACdeploymentmodelimplementsthedetection,authentication,assessment,andauthorization

NACfunctionalities,tocontrolaccesstonetworkresourcesbasedonthesecuritypostureofa

connectingend‐system,aswellasuseranddeviceidentityandlocation.End‐systems thatfail

assessmentcanbedynamicallyquarantinedwithrestrictive

networkaccesstomitigatethe

propagationofsecuritythreatsonthenetwork,whilecompliantend‐systemsarepermittedonto

thenetworkwithameasuredlevelofaccess.

Alternatively,specificend‐systemsanduserscanbeassesseduponnetworkconnectionandbe

permittednetworkaccessregardlessoftheassessmentresults.Thisapproach

allowsanIT

administratortohavevisibilityintotheconfigurationofenddevicesonthenetworkwithout

impactingtheirnetworkconnectivityduringorafterassessment.Thisapproachisusually

implementedduringtheinitialrolloutoftheNACsolutionforbaseliningpurposes.

ThisNACdeploymentmodelrequirestheuseofeitherintegrated

assessmentserverfunctionality

ortheabilitytoconnecttoexternalassessmentservices,inordertoexecutetheend‐system

vulnerabilityassessment.

Model 4: End-System Authorization with Assessment and Remediation

ThisNACdeploymentmodelimplementsthedetection,authentication,assessment,authorization,

andremediationNACfunctionalities,providingforthequarantineandremediationof

noncompliantdevices.Assistedremediationusesweb‐basednotificationtodynamicallyinform

quarantinedend‐systemsofsecuritycomplianceviolations,andallowenduserstosafely

remediatetheirquarantinedend

‐systemwithoutimpactingIToperations.

previous next