Cisco NAC Appliance: Enforcing Host Security with Clean Access

4 avg rating
( 3 ratings by Goodreads )
 
9781587053061: Cisco NAC Appliance: Enforcing Host Security with Clean Access
View all copies of this ISBN edition:
 
 

Cisco NAC Appliance

Enforcing Host Security with Clean Access

 

Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance

 

Jamey Heary, CCIE® No. 7680

Contributing authors: Jerry Lin, CCIE No. 6469,

Chad Sullivan, CCIE No. 6493, and Alok Agrawal

 

With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past.

 

Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point.

 

Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy.

 

Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years.

 

  • Understand why network attacks and intellectual property losses can originate from internal network hosts
  • Examine different NAC Appliance design options
  • Build host security policies and assign the appropriate network access privileges for various user roles
  • Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide
  • Set up and configure the NAC Appliance solution
  • Learn best practices for the deployment of NAC Appliance
  • Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Cisco Press–Security

Covers: End-Point Security

 

"synopsis" may belong to another edition of this title.

About the Author:

About the Author

Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.

 

About the Contributing Authors

Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.

 

Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.

 

Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.

Excerpt. Reprinted by permission. All rights reserved.:

Cisco NAC Appliance: Enforcing Host Security with Clean Access

Cisco NAC Appliance: Enforcing Host Security with Clean Access

Introduction

Almost every contemporary corporation and organization has acquired and deployed security solutions or mechanisms to keep its networks and data secure. Hardware and software tools such as firewalls, network-based intrusion prevention systems, antivirus and antispam packages, host-based intrusion prevention solutions, and vulnerability scanners have proven effective to a certain degree, but only if they are kept up to date. For example, classic virus attacks sent via e-mail attachments, such as netsky and MyDoom, can easily be detected and prevented by any up-to-date antivirus and antispam software package. The key to stopping host attacks is being able to proactively enforce security policies that ensure all hosts must be fully patched and have up-to-date security software running before allowing them full network access. Existing security solutions do not proactively stop a PC from entering the network if its security software and operating system software are not current. Frequently, users will manually disable their host security software because it either reduces the overall performance of their PC or prevents an application from installing. When antivirus and antispam packages are out of date or not running, the likelihood of PC virus infections increases. This in turn increases the overall security risk to the organization.

The same principle applies to OS hotfixes. Take Microsoft Windows as an example. If you fail to implement new Windows security hotfixes in a timely manner to address newly discovered vulnerabilities, the probability of those unpatched hosts being compromised, or "owned," greatly increases. This can result in a loss of productivity due to system downtime, theft of company and personal confidential information, or unauthorized access to sensitive information. Unfortunately, loss of a client's confidential information usually leads to financial losses for affected individuals and the organization.

Data security laws and regulations such as the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the Peripheral Component Interconnect (PCI) standard are forcing organizations to implement and enforce tougher data security protection measures. Compliance regulations such as PCI speak directly to the antivirus and OS hotfix issues discussed previously. They make it mandatory that relevant hosts are kept up to date and run antivirus software, among other things. Increasingly, organizations are being forced by various data security laws and regulations to decrease their data security risk. Gone are the days when organizations had the flexibility to decide what their own data security risk tolerance and policy was. Given that many organizations used to choose to save money and time at the expense of data security, mandated security compliance is a welcome change for all.

The motivation for writing this book is to introduce the latest Cisco security technology, called Network Admission Control (NAC) Appliance. This security solution has proven to help minimize the chronic hard and soft dollar losses that corporations are experiencing due to security-related incidents. Additionally, it helps organizations enforce the use of already existing security investments such as antivirus software and patch management solutions. NAC brings to the table an innovative and proactive technique for improving the overall security posture of an organization's hosts and networks.

NAC allows organizations to enforce, for the first time, their previously unenforceable corporate host security policy. It works by authenticating users and posture assessing hosts before allowing them full network access. Hosts that fail the security posture checks (for example, if their OS or antivirus package is not up to date) are network quarantined and given remediation options. After the host is certified, it is allowed on the network. A user, based on a successful authentication, is granted the level of network access privileges appropriate for that user's role.

The objectives of this book are to provide IT and security teams all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution.

Who Should Read This Book?

This book will be of interest to the following professionals:

  • IT directors and managers

  • Network administrators

  • Network and security engineers

  • Security analysts and consultants

  • Operating systems administrators

  • Application developers


© Copyright Pearson Education. All rights reserved.

"About this title" may belong to another edition of this title.

Other Popular Editions of the Same Title

9788131717561: Cisco Nac Appliance: Enforcing Host Security With Clean Access (Reprint)

Featured Edition

ISBN 10:  8131717569 ISBN 13:  9788131717561
Publisher: Dorling Kindersley (India) Pvt. ...
Softcover

Top Search Results from the AbeBooks Marketplace

1.

Jamey Heary
Published by Pearson Education (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Quantity Available: > 20
Print on Demand
Seller:
Pbshop
(Wood Dale, IL, U.S.A.)
Rating
[?]

Book Description Pearson Education, 2007. PAP. Condition: New. New Book. Shipped from US within 10 to 14 business days. THIS BOOK IS PRINTED ON DEMAND. Established seller since 2000. Seller Inventory # IQ-9781587053061

More information about this seller | Contact this seller

Buy New
US$ 60.99
Convert Currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, Rates & Speeds

2.

Chad Sullivan
Published by Cisco Press (2018)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 18
Print on Demand
Seller:
Murray Media
(North Miami Beach, FL, U.S.A.)
Rating
[?]

Book Description Cisco Press, 2018. Paperback. Condition: New. Never used! This item is printed on demand. Seller Inventory # 1587053063

More information about this seller | Contact this seller

Buy New
US$ 70.33
Convert Currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, Rates & Speeds

3.

Chad Sullivan; Jamey Heary; Alok Agrawal; Jerry Lin
Published by Cisco Press (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 10
Seller:
Ergodebooks
(RICHMOND, TX, U.S.A.)
Rating
[?]

Book Description Cisco Press, 2007. Paperback. Condition: New. Seller Inventory # INGM9781587053061

More information about this seller | Contact this seller

Buy New
US$ 69.69
Convert Currency

Add to Basket

Shipping: US$ 4.99
Within U.S.A.
Destination, Rates & Speeds

4.

Jamey Heary
Published by Pearson Education (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Quantity Available: > 20
Print on Demand
Seller:
Books2Anywhere
(Fairford, GLOS, United Kingdom)
Rating
[?]

Book Description Pearson Education, 2007. PAP. Condition: New. New Book. Delivered from our UK warehouse in 4 to 14 business days. THIS BOOK IS PRINTED ON DEMAND. Established seller since 2000. Seller Inventory # IQ-9781587053061

More information about this seller | Contact this seller

Buy New
US$ 62.80
Convert Currency

Add to Basket

Shipping: US$ 12.04
From United Kingdom to U.S.A.
Destination, Rates & Speeds

5.

Jamey Heary, Jerry Lin, Chad Sullivan
Published by Pearson Education (US), United States (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 10
Print on Demand
Seller:
Book Depository International
(London, United Kingdom)
Rating
[?]

Book Description Pearson Education (US), United States, 2007. Paperback. Condition: New. Language: English . Brand New Book ***** Print on Demand *****. Cisco NAC ApplianceEnforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE (R) No. 7680Contributing authors: Jerry Lin, CCIE No. 6469,Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today s security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco (R) Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE (R) No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP (R), and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide Set up and configure the NAC Appliance solution Learn best practices for the deployment of NAC Appliance Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-SecurityCovers: End-Point Security. Seller Inventory # APC9781587053061

More information about this seller | Contact this seller

Buy New
US$ 79.03
Convert Currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, Rates & Speeds

6.

Jamey Heary, Jerry Lin, Chad Sullivan
Published by Pearson Education (US), United States (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 10
Print on Demand
Seller:
The Book Depository
(London, United Kingdom)
Rating
[?]

Book Description Pearson Education (US), United States, 2007. Paperback. Condition: New. Language: English . Brand New Book ***** Print on Demand *****.Cisco NAC ApplianceEnforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE (R) No. 7680Contributing authors: Jerry Lin, CCIE No. 6469,Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today s security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco (R) Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE (R) No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP (R), and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide Set up and configure the NAC Appliance solution Learn best practices for the deployment of NAC Appliance Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-SecurityCovers: End-Point Security. Seller Inventory # APC9781587053061

More information about this seller | Contact this seller

Buy New
US$ 81.61
Convert Currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, Rates & Speeds

7.

Chad Sullivan
Published by Cisco Press
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: > 20
Seller:
BuySomeBooks
(Las Vegas, NV, U.S.A.)
Rating
[?]

Book Description Cisco Press. Paperback. Condition: New. 576 pages. Cisco NAC Appliance Enforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE No. 7680 Contributing authors: Jerry Lin, CCIE No. 6469, Chad Sullivan, CCIE No. 6493, and Alok Agrawal With todays security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U. S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide Set up and configure the NAC Appliance solution Learn best practices for the deployment of NAC Appliance Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco PressSecurity Covers: End-Point Security This item ships from multiple locations. Your book may arrive from Roseburg,OR, La Vergne,TN. Paperback. Seller Inventory # 9781587053061

More information about this seller | Contact this seller

Buy New
US$ 85.20
Convert Currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, Rates & Speeds

8.

Chad Sullivan, Jamey Heary, Alok Agrawal, Jerry Lin
Published by Cisco Press (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 1
Seller:
Ergodebooks
(RICHMOND, TX, U.S.A.)
Rating
[?]

Book Description Cisco Press, 2007. Paperback. Condition: New. 1. Seller Inventory # DADAX1587053063

More information about this seller | Contact this seller

Buy New
US$ 81.09
Convert Currency

Add to Basket

Shipping: US$ 4.99
Within U.S.A.
Destination, Rates & Speeds

9.

Heary, Jamey/ Lin, Jerry/ Sullivan, Chad
Published by Cisco Systems (2007)
ISBN 10: 1587053063 ISBN 13: 9781587053061
New Paperback Quantity Available: 2
Seller:
Revaluation Books
(Exeter, United Kingdom)
Rating
[?]

Book Description Cisco Systems, 2007. Paperback. Condition: Brand New. 1st edition. 542 pages. 9.25x7.50x1.25 inches. In Stock. Seller Inventory # x-1587053063

More information about this seller | Contact this seller

Buy New
US$ 78.70
Convert Currency

Add to Basket

Shipping: US$ 8.03
From United Kingdom to U.S.A.
Destination, Rates & Speeds

10.

Sullivan, Chad; Heary, Jamey; Agrawal, Alok; Lin, Jerry
Published by Cisco Press
ISBN 10: 1587053063 ISBN 13: 9781587053061
New PAPERBACK Quantity Available: > 20
Seller:
Russell Books
(Victoria, BC, Canada)
Rating
[?]

Book Description Cisco Press. PAPERBACK. Condition: New. 1587053063 Special order direct from the distributor. Seller Inventory # ING9781587053061

More information about this seller | Contact this seller

Buy New
US$ 80.40
Convert Currency

Add to Basket

Shipping: US$ 7.00
From Canada to U.S.A.
Destination, Rates & Speeds

There are more copies of this book

View all search results for this book