Cisco Cisco NAC Appliance 4.8 Troubleshooting Guide
Clean Access − Use the Network Scanning Feature
to Detect Users Who Attempt to Bypass Agent
Checks
to Detect Users Who Attempt to Bypass Agent
Checks
Document ID: 67052
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Solution
Related Information
Prerequisites
Requirements
Components Used
Conventions
Solution
Related Information
Introduction
Cisco Clean Access is a security policy compliance solution that enables users to satisfy network access
requirements specified by network administrators. Cisco Clean Access restricts access to the network until the
user complies with the access requirements. Cisco Clean Access also helps the user comply with the
requirements through an easy−to−use client application that assesses a system, detects non−compliance, and
aids the user in remediation so as to achieve compliance. Currently, this agent (client application) is available
only for Microsoft Windows operating systems which include Windows 98, Windows Me, Windows 2000
Professional and Windows XP (both Home and Pro only the 32−bits version of Pro is supported).
requirements specified by network administrators. Cisco Clean Access restricts access to the network until the
user complies with the access requirements. Cisco Clean Access also helps the user comply with the
requirements through an easy−to−use client application that assesses a system, detects non−compliance, and
aids the user in remediation so as to achieve compliance. Currently, this agent (client application) is available
only for Microsoft Windows operating systems which include Windows 98, Windows Me, Windows 2000
Professional and Windows XP (both Home and Pro only the 32−bits version of Pro is supported).
Malicious users, who might want to avoid agent installation in order to avoid compliance requirements
checks, can modify their system to pose as a non−Windows system. This document provides suggestions on
how to detect such users and potentially block their access to the network.
checks, can modify their system to pose as a non−Windows system. This document provides suggestions on
how to detect such users and potentially block their access to the network.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software versions:
Windows 98, Windows Me, Windows 2000 Professional and Windows XP (both Home and Pro
only the 32−bits version of Pro is supported)
only the 32−bits version of Pro is supported)
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.