Cisco Cisco Identity Services Engine 1.3 White Paper
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 27
Table of Contents
What Is the Cisco Medical NAC? ....................................................................................................................... 3
The Challenge of Securing Medical Devices ..................................................................................................... 4
Document Scope ............................................................................................................................................... 5
The Challenge of Securing Medical Devices ..................................................................................................... 4
Document Scope ............................................................................................................................................... 5
802.1X Authentication ........................................................................................................................................ 6
Web Portal Authentication ................................................................................................................................. 6
MAC Authentication ........................................................................................................................................... 7
Web Portal Authentication ................................................................................................................................. 6
MAC Authentication ........................................................................................................................................... 7
RADIUS Probe ................................................................................................................................................... 8
SNMP Probe ...................................................................................................................................................... 9
SNMPTRAP ....................................................................................................................................................... 9
SNMPQUERY .................................................................................................................................................... 9
DHCP Probe .................................................................................................................................................... 11
SNMP Probe ...................................................................................................................................................... 9
SNMPTRAP ....................................................................................................................................................... 9
SNMPQUERY .................................................................................................................................................... 9
DHCP Probe .................................................................................................................................................... 11
DNS Probe ....................................................................................................................................................... 13
Nmap Probe ..................................................................................................................................................... 14
NetFlow Probe ................................................................................................................................................. 14
ACIDEX ............................................................................................................................................................ 15
Device Sensor ................................................................................................................................................. 16
Nmap Probe ..................................................................................................................................................... 14
NetFlow Probe ................................................................................................................................................. 14
ACIDEX ............................................................................................................................................................ 15
Device Sensor ................................................................................................................................................. 16
Summary of Probes ................................................................................................................................................... 16
Cisco Medical NAC Profile Library ............................................................................................................................ 18
Cisco Medical NAC Profile Library ............................................................................................................................ 18
Overview .......................................................................................................................................................... 18
Installing the Library ......................................................................................................................................... 20
Installing the Library ......................................................................................................................................... 20
Overview .......................................................................................................................................................... 22
Segmentation Using Dedicated Networks ....................................................................................................... 22
Segmentation Using ACLs ............................................................................................................................... 23
Segmentation Using VLANs and WLANs ........................................................................................................ 23
Cisco TrustSec Technology and pxGrid .......................................................................................................... 24
Segmentation Using Dedicated Networks ....................................................................................................... 22
Segmentation Using ACLs ............................................................................................................................... 23
Segmentation Using VLANs and WLANs ........................................................................................................ 23
Cisco TrustSec Technology and pxGrid .......................................................................................................... 24