Chapter 13. Network Admission Control (NAC)

Technology is evolving every day with newer advancements bringing dynamic, amorphous security ecosystems. Today's complex network environment requires highly dynamic and scalable security solutions that can respond adaptively to different types of threats and attack vectors. Security technology solutions today are tightly integrated into the network infrastructure.

Modern researchers have found that a majority of security breaches these days originate from inside the network and often go undetected for extended periods. Security breaches can cause damage to the organization, such as interrupted services, revenue loss, cost of cleanup, loss of reputation, loss of customer satisfaction, and legal exposure.

Traditional security products and technologies working independently, such as firewalls, access control measures, and intrusion detection and prevention systems, do not provide adequate defense against insider threats because they are mainly oriented toward attacks originating from outside the network.

With the growing security challenges, perimeter defense alone that uses traditional approaches and works independently is inadequate and insufficient. The security model is rapidly evolving from a reactive to a proactive mode.

Organizations need comprehensive, pervasive, and tightly integrated information security solutions. Finding the right balance between the proactive and reactive approaches can be difficult, but it is very important to build a proactive network security model to provide pervasive and tightly integrated security solutions, safeguarding networks from both internal and external threats.

This chapter covers details on implementing a proactive, adaptable security solution using Cisco network admission control (NAC) solution to enforce policy-based compliance across the network.

Building the Self-Defending Network (SDN)

Implementing efficient, effective, and adaptable security solutions is now a baseline architecture within all network environments. Security is a vital component of every aspect of the network. The Cisco Self-Defending Network (SDN) solution is an efficient, adaptable, integrated, collaborative, and strategic systems approach to design and deploy proactive and simplified end-to-end security solutions.

The Cisco SDN is an architectural solution that provides integrated solutions to safeguard networks by using the network intelligence to identify, prevent, mitigate, and adapt to both known and unknown threats from internal and external sources.

The Cisco SDN vision encompasses three main characteristics:

• Integrated security: The first phase of SDN began by incorporating security features into network devices such as switches and routers, thus providing integrated security infrastructure within the network components, not as an add-on. Hence, every component in the network can act as a point of defense.

• Collaborative security systems: The second phase of SDN focused on building a security system that collaborates among all network and security components and policy enforcement endpoints.

• Adaptive threat defense: The third and final phase of SDN provides the capability for networks to evolve dynamically and intelligently to adapt and respond proactively to emerging threats at multiple layers of the network based on a new set of Anti-X technologies. Cisco offers various hardware and software products and features that compose a threat defense system, such as endpoint security, integrated firewalls, network intrusion detection and prevention systems, DDoS attack detection and mitigation, application-level content filtering, and security management and monitoring tools. The Cisco Threat Defense System offers security solutions and intelligent networking technologies to identify and prevent both known and unknown threats from internal and external network environments.