Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Model 2: End-System Authorization

Enterasys NAC Design Guide 2-3

andinformationonthenetwork.EnterasysNACcanbeleveragedtoprovideinformationto

SIMsolutions,bymappinganIPaddresstoanidentity,suchasaMACaddressorusername

andlocation,foramorecompleterepresentationoftheattacksourceortargetonthenetwork.

Inthisway,the

EnterasysNACsolutionfurtherenhancestheoperationofexistingsecurity

technologiesdeployedonthenetwork.

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel1.

.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisoptionalbecauseinthisdeploymentmodel,end‐systemsarenotbeing

assessedforsecurityposturecompliancewhenconnectingtothenetwork.

ARADIUSserveris

onlyrequiredifout‐of‐bandnetworkaccesscontrolusingtheNACGateway,

orinlinenetworkaccesscontrolusingtheLayer2NACController,isimplementedwithweb‐

basedand/or802.1Xauthenticati on.

NetSightPolicyManagerisnotrequiredbecauseadditionalpoliciesandauthorizationlevelsdo

notneedtobedefined

forthisdeploymentmodel.

NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork

inventoryandchangemanagementcapabilities.

Model 2: End-System Authorization

ThisNACdeploymentmodelimplementsthedetection,authentication,andauthorizationof

connectingend‐systems,tocontrolaccesstonetworkresourcesbasedonuserandend‐system

identity,aswellaslocation.InModel1,end‐systemsandendusersaredetectedandtrackedon

thenetworkovertime.ThisgivesIT

operationsvisibilityintowhatdevicesareconnectedtothe

network,whoisusingthesedevices,andwherethesedevicesareconnected.Inmodel2,the

Table 2-1 Component Requirements for Detection and Tracking

Component

Detection and

Tracking

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Optional

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

previous next