1 / 24

Cisco NAC

Cisco NAC. Cisco Mike Miller Security Specialist. Agenda. #1. Dynamic World. #2. NAC for Your District. #3. Product Portfolio. #1. #1. Dynamic World. Education Today. Complex Environments – Often Enterprise Level Networks Diverse User Groups a. Administration b. Faculty

madonna-harris
Download Presentation

Cisco NAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco NAC CiscoMike Miller Security Specialist

  2. Agenda #1 Dynamic World #2 NAC for Your District #3 Product Portfolio

  3. #1 #1 Dynamic World

  4. Education Today • Complex Environments – Often Enterprise Level Networks • Diverse User Groups a. Administration b. Faculty c. Students d. Vendor Support e. Community • Appropriate Access Levels • Need for Integrated Systems that provide seamless functionality • Effective and Affordable Solutions • Safe and Secure Environments • Ultimately – Platforms that ensure EDUCATIONAL SUCCESS

  5. Today’s Challenges • Network Access Anytime and Anywhere • Appropriate Resource Availability • Identity Based Access • Trusted vs. Non –Trusted Device Management • Device & System Evaluation • Automation to Support the Process for Evaluation and Remediation • Operational Expenses for Devices – Ultimate Challenge a. School District Owned, Managed and Maintained?????? b. Individually owned – Addresses Operational Cost but Inevitably Becomes a District Management Responsibility

  6. No More Boundaries

  7. “We’re Secure….We Have a Firewall…..”

  8. Who Is Accessing Your Network?

  9. Breach Percentage by Business Type

  10. Top Security Concerns • Unauthorized Users gaining access to network • Can’t control endpoint policy/compliance (AV, IPS, etc) • Huge increase in Spam email, resulting in productivity loss and increased risk • Compliance: HIPAA, CIPA, PCI • Huge need for layered security

  11. #1 NAC forYour District #2

  12. Role-Based Access

  13. Device Compliance

  14. Guest Lifecycle Management

  15. NAC Return on Investment (ROI)

  16. #3 Product Portfolio

  17. Cisco NAC Key Ingredients NAC Manager and Server (Required) NAC Manager NAC Server Centralized management, configuration, reporting, and policy store Posture, services and enforcement NAC Profiler, Guest Server and ACS (Optional) NAC Profiler NAC Guest Server ACS Server Profiles unmanaged devices Full-featured guest provisioning server Access policy system for 802.1x termination Endpoint Components (Optional) NAC Agent 802.1x Supplicant No-cost client: Persistent, dissolvable, or web CSSC or Vista embedded supplicant

  18. Cisco NAC ServiceAutomated Policy Updates Automated Cisco RulesetsSimplify support for over 350+ security and management applications AutoUpdates Hotfixes, Service Packs (direct to WSUS Server) Cisco NAC Appliance Manager

  19. SPONSOR The internal user who wants to be able to provide internet access to their guest NAC GUEST SERVER Enables sponsor to create guest account; audits; provisions account on network enforcement device GUEST The visitor who needs network access (usually internet only, but could be more) Four Key Components of Guest Access NETWORK ENFORCEMENT DEVICE Web re-direction, authentication and provides access. Wireless LAN Controller or NAC Appliance

  20. 50% Windows 50% Other 33% IP phones 33% Windows 33% Other NAC Gap: Non-PC Endpoint Devices An enterprise LAN is comprised of myriad endpoint types. Most are undocumented (think DHCP). Enterprises without VoIP Wired Endpoints Distribution Enterprises with VoIP Wired Endpoints Distribution

  21. Examples of Non-PC Endpoints Printers IP Cameras Alarm Systems Turnstiles Wireless APs Fax Machines Video Conferencing Stations Managed UPS HVAC Systems Cash Registers RMON Probes IP Phones Vending Machines Medical Imaging Machines Hubs . . . and many others

  22. In-Band Out-of-Band RADIUS NAC Manager NAC Manager NAC Manager NAC Server NAC Server NACServer ACS SNMP Radius L3 VPN IP WAN 802.1q 802.1q 802.1x NAC NM 802.1x • VPN, wireless, campus, and remote LANs • Enforcement via Appliance • Optimized for Cisco campus LANs (L2, L3) • SNMP as control plane • Optimized for Cisco campus LANs (802.1x) • RADIUS as control plane Flexible Deployment Options

  23. Campus Building 1 802.1Q Wireless Building 2 Internet IPSec Conference Room in Building 3 Cover All Use Cases Wireless Compliance Secured network access only for compliant wireless devices Endpoint Compliance Network access only for compliant devices Governance Compliance Ensure user compliance to governance and risk user acceptable policies Guest Compliance Restricted internet access only for guest users VPN User Compliance Intranet access only for compliant remote access users

More Related