Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Model 2: End-System Authorization

Enterasys NAC Design Guide 2-7

apasswordintheregistrationwebpage.Thissponsorusernameandpasswordcanbe

validatedagainstanexistingdatabaseonthenetworktoauthenticatethesponsorʹsidentity.

Sponsorsmaybeallowedtosecurelyaccessanadministrativewebpagewheretheycan

delete,add,andmodifyregisteredend‐systemsonthe

networkthattheyhavesponsored.

Withsponsoredregistrationenabled,IToperationscanholdtrustedusersaccountablefor

guestsbroughtontheenterprisenetwork,whilecontrollingaccessforonlyappropriate 

guests.

Post-Connect NAC integration with NetSight Automated Security Manager

NetSightAutomatedSecurityManager(ASM),asoftwareapplicationthatispartofthe

NetSightSuite,hasthecapabilitytosearchtheinfrastructureandlocatetheswitchportof

connection,basedonthereceiptofasecurityeventforaparticularIPaddress.ASMresponds

tothiseventbydisablingtheport

orassigningaVLAN(suchasthequarantineVLAN)tothe

port.Inresponsetoareal‐timesecuritythreatdetectedonthenetwork,ASMcanbe

configuredtonotifyNACManageronthisevent,dynamicallyquarantiningtheMAC

address.Thiseffectivelyrestrictsthequarantinedend‐systemfromaccessingthe

network

fromanylocation,enterprise‐wide.IfASMreversesthequarantineaction,itnotifiesNAC

Manager,andthequarantineisautomaticallyremovedandtheend‐systemisdynamicallyre‐

admittedaccesstonetworkresources.Therefore,thedeploymentofEnterasysNACfurther

increasesthesecuritypostureofthenetworkbyintegratingwith

thereactivethreatresponse

capabilitiesofASM,inadditiontocontrollingaccessandauthorizingconnectingdevices.

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel2.

.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisoptionalbecauseinthisdeploymentmodel,end‐systemsarenotbeing

assessedforsecurityposturecompliancewhenconnectingtothenetwork.

Table 2-2 Component Requirements for Authorization

Component Authorization

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Optional

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

previous next