Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Procedures for Out-of-Band and Inline NAC

5-4 Design Procedures

Figure 5-2 NAC Configuration

Authentication

TheAuthenticationsettingsdefinehowRADIUSrequestsarehandledforauthenticatingend‐

systems(thisdoesnotapplytoLayer3NACControllers.)ThisincludesidentifyingwhetherMAC

authenticationrequestsareproxiedupstreamorlocallyauthorized,andwhetherFilter‐IDand

TunnelRADIUSattributesareaddedtoRADIUSmessagesduringtheauthentication

process.

Assessment

TheAssessmentConfigurationdefinesthefollowingrequirementsforend‐systemassessment:

•Whatassessmentteststorun.

TheAssessmentConfigurationdetermineswhattypesofassessmenttestsareexecutedand

whatparametersareused.Forexample,youcanspecifyaNessusassessmentutilizinga

specificNessusconfigurationfilethatdeterminesend‐systemcompliancewith

theSANSTop

20vulnerabilities.ThesameNessusservercanbeusedtoassessWindowsmachinesfor

Windows‐relatedvulnerabilitiesandalsoassessMACOS‐basedmachinesforMAC‐related

vulnerabilities.Inaddition,youcanspecifyNessusaswellasotherassessmentservicesto

jointlydeterminethesecuritypostureof

aconnectingdevice.

•Whatresourcestousetoruntheassessment.

TheAssessmentConfigurationdetermineswhatassessmentserversareusedtoperformthe

assessment.Youcanbalancetheassessmentloadbetweenallyourassessmentservers,oryou

canselectaspecificassessmentserverpooltouse.Forexample,assumingNessusischosen

for

assessment,end‐systemsconnectingtothenetworkinthecompanyʹsheadquarterscanbe

assessedwiththeNessusserverdeployedintheheadquarters,whileend‐systemsinabranch

officewillbeassessedwithNessusserversdeployedinthebranchoffice,conserving

bandwidthutilizationonthenetwork.

previous next