The network perimeter now extends beyond geographical and organizational boundaries. Businesses require information instantly to be able to make good business decisions. With that flexibility in mind, organizations need secured solutions for the evolving security threats.
With the new generations of security threats and day-zero attack vectors, networks are relying on upper layer intelligence to be able to remain available and protect from known and unknown threats. The most common issue in the open-network policy is the security posture of internal endpoint devices seeking network access (desktop, PCs, laptops, PDAs, and so on). With network security largely built on standalone point products, it was extremely cumbersome to operate system patching and continuously install antivirus software updates. Endpoints that do not comply with established security policies pose threats, can introduce security risks into the network, and can cause considerable damage to the organization, such as interrupted services, revenue loss, cost of cleanup, loss of reputation, loss of customer satisfaction, and legal exposure.
A comprehensive NAC system is required to provide protection and ensure that all endpoints comply with the security policies in place, thus preventing vulnerable and noncompliant hosts from obtaining network access. Today, security technology solutions are tightly integrated into the network.
This chapter covered details on the Cisco-led SDN initiative, which offers proactive, adaptable security solutions via the Cisco NAC solution to enforce policy-based compliance across the network.
The chapter started with a brief introduction and overview of the Cisco SDN initiative and what the new approach of adaptive threat defense system entails.
It provided detailed information of the network admission control (NAC) solution and how the Cisco NAC solution builds a secure and proactive network approach.
The chapter provided a detailed comparison of the two available NAC solutions offered by Cisco: the Cisco NAC Appliance (formerly known as Cisco Clean Access) and the Cisco NAC Framework solutions.
The major portion of the chapter described the two Cisco NAC solutions with details on solution architecture, how it works, components, and various deployment scenarios.
The chapter provided a list of all Cisco NAC-supported devices and version information, including routers, switches, wireless, and security appliances that support the Cisco NAC Framework solution.
The chapter illustrated NAC Framework enforcement methods—namely, NAC-L3-IP, NAC-L2-IP, and NAC-L2-802.1x and provided numerous diagrams illustrating various scenarios to perform admission control and policy enforcement.
The chapter concluded with configuration examples of implementing NAC-L3-IP, NAC-L2-IP, and NAC-L2-802.1x scenarios in a Cisco NAC Framework solution.