[...]... Solution 15 Cisco NAC Integrated Implementation Cisco NAC Appliance Overview Cisco NAC Return on Investment Summary 16 16 17 18 Part II The Blueprint: Designing a Cisco NAC Appliance Solution 21 Chapter 3 The Building Blocks in a Cisco NAC Appliance Design 23 Cisco NAC Appliance Solution Components 23 Cisco NAC Appliance Manager 24 Cisco NAC Appliance Server 25 Cisco Clean Access Agent 28 Cisco NAC Appliance. .. Appliance Host Security Policy 123 What Makes Up a Cisco NAC Appliance Host Security Policy? 123 Host Security Policy Checklist 124 Involving the Right People in the Creation of the Host Security Policy 124 xiii Determining the High-Level Goals for Host Security Common High-Level Host Security Goals 127 Defining the Security Domains 126 129 Understanding and Defining NAC Appliance User Roles Built-In... Appliance Network Scanner 29 Cisco NAC Appliance Minimum Requirements 30 Cisco NAC Appliance Manager and Server Requirements Cisco Clean Access Agent Requirements 32 Scalability and Performance of Cisco NAC Appliance Summary Chapter 4 31 33 33 Making Sense of All the Cisco NAC Appliance Design Options 35 NAC Design Considerations 35 Single-Sign-On Capabilities 36 In-Band Versus Out-of-Band Overview 36 7 9... L3 OOB 75 Client Certification and Post-Certification Steps in L3 OOB 76 Advantages of Using Out-of-Band Mode 77 Disadvantage of Using Out-of-Band Mode 78 xii Where You Can Use Out-of-Band Mode and Where You Cannot Switches Supported by NAC Appliance Out-of-Band 78 Clean Access Agent and Web Login with Network Scanner Summary Chapter 5 78 81 85 Advanced Cisco NAC Appliance Design Topics 87 External Authentication... Admission Control (NAC) Appliance Cisco NAC Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection and enforcement mechanism designed to meet these new challenges Cisco NAC Appliance allows organizations to enforce their host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method,... Traffic Policies 226 IP-Based Traffic Control Policy 227 Host- Based Traffic Control Policy 229 Bandwidth Policies 230 219 xv Customizing User Pages and Guest Access Login Pages 232 Guest Access 236 API for Guest Access 236 Summary Chapter 9 232 237 Host Posture Validation and Remediation: Cisco Clean Access Agent and Network Scanner 239 Understanding Cisco NAC Appliance Setup Cisco NAC Appliance Updates... Strict Mode for Clean Access Agent 41 How to Choose a Network Mode 42 Virtual Gateway Mode 42 Real IP Gateway Mode 43 In-Band Mode 43 The Certification Process in In-Band Mode 44 Certification Steps for Host with Clean Access Agent 44 Steps for Client to Acquire an IP Address 44 Clean Access Agent Authentication Steps 45 Clean Access Agent Host Security Posture Assessment Steps 45 Clean Access Agent Network... Port (eth1) of NAC Appliance Server 283 Configuring Fa1/0/5—The Interface Connecting the Host 283 Configuring Simple Network Management Protocol 283 Step 2: Configuring NAC Appliance Manager 284 Step 3: Configuring NAC Appliance Server 286 Step 4: Logging In to NAC Appliance Manager 288 Step 5: Adding NAC Appliance Server to NAC Appliance Manager 289 Step 6: Editing Network Settings on NAC Appliance Server... I The Host Security Landscape 3 Chapter 1 The Weakest Link: Internal Network Security 5 Security Is a Weakest-Link Problem 6 Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware Summary Chapter 2 10 Introducing Cisco Network Admission Control Appliance 13 Cisco NAC Approaches 13 NAC as an Appliance 13 NAC as... Manager and Server 411 Adding NAC Appliance Managers in High Availability Mode 412 Adding a CA-Signed Certificate to the Primary NAC Appliance Manager 413 Generating a Self-Signed Temporary Certificate on the Primary NAC Appliance Manager 414 Adding a Certificate to the Secondary NAC Appliance Manager 415 Configuring High Availability for NAC Appliance Managers 416 Adding NAC Appliance Servers in High . Components 23 Cisco NAC Appliance Manager 24 Cisco NAC Appliance Server 25 Cisco Clean Access Agent 28 Cisco NAC Appliance Network Scanner 29 Cisco NAC Appliance Minimum Requirements 30 Cisco NAC Appliance. Introducing Cisco Network Admission Control Appliance 13 Cisco NAC Approaches 13 NAC as an Appliance 13 NAC as an Embedded Solution 15 Cisco NAC Integrated Implementation 16 Cisco NAC Appliance. V Cisco NAC Appliance Deployment Best Practices 443 Chapter 13 Deploying Cisco NAC Appliance 445 Part VI Cisco NAC Appliance Monitoring and Troubleshooting 461 Chapter 14 Understanding Cisco NAC