Cisco Cisco NAC Appliance 4.5.1 Leaflet
7
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Session Number
Presentation_ID
Presentation_ID
C97-347999-00 05/06
Four Key Capabilities of NAC
SECURELY
SECURELY
IDENTIFY
IDENTIFY
DEVICE & USER
DEVICE & USER
QUARANTINE
QUARANTINE
AND
AND
REMEDIATE
REMEDIATE
Just knowing a
device is non-
compliant is not
enough—someone
still needs to fix it.
device is non-
compliant is not
enough—someone
still needs to fix it.
Acts on posture
assessment
results, isolates
device, and brings
it into compliance
assessment
results, isolates
device, and brings
it into compliance
CONFIGURE
CONFIGURE
AND
AND
MANAGE
MANAGE
Policies that are too
complex or difficult
to create and use
will lead to
abandonment of
project.
complex or difficult
to create and use
will lead to
abandonment of
project.
Easily creates
comprehensive,
granular policies
that map quickly
to user groups
and roles
comprehensive,
granular policies
that map quickly
to user groups
and roles
WHAT IT
MEANS
MEANS
Uniquely identifies
users and devices,
and creates
associations
between the two
users and devices,
and creates
associations
between the two
Critical to associate
users and devices
with roles to know
which policies
apply; prevents
device spoofing.
users and devices
with roles to know
which policies
apply; prevents
device spoofing.
WITHOUT
IT . . .
IT . . .
ENFORCE
ENFORCE
CONSISTENT
CONSISTENT
POLICY
POLICY
A decentralized
policy mechanism
(e.g. on endpoint)
can leave gaping
security holes.
policy mechanism
(e.g. on endpoint)
can leave gaping
security holes.
Assess and
enforce a
ubiquitous policy
across the entire
network
enforce a
ubiquitous policy
across the entire
network
A robust NAC solution must
have all four capabilities.