Cisco Cisco NAC Appliance 4.8.4 Guide D’Information
Q&A
© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
Cisco NAC Appliance with Identity Services
Engine Profiler
Engine Profiler
Positioning
Q. What is the Cisco
®
NAC Appliance?
A. The Cisco NAC Appliance (formerly Cisco Clean Access) is a product that allows network administrators to
authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior
to allowing users onto the network. It identifies whether networked devices such as laptops, IP phones,
personal digital assistants, or printers are compliant with an organization’s security policies, and repairs any
vulnerabilities before permitting access to the network.
Q. Why would an organization need the Cisco NAC Appliance?
A. One of the greatest inadvertent threats to network security is the end user. Because each endpoint is a
potential conduit into the network, it is increasingly important for users to bring their machines into compliance
with their organizations’ security policies. The Cisco NAC Appliance uses the incentive of network access to
ensure compliance, and uses the capabilities of the network to bring noncompliant machines up to
requirements.
Q. What is the relationship between the Cisco NAC Appliance and Network Admission Control (NAC)?
A. The Cisco NAC Appliance is a self-contained solution that delivers Cisco’s industry-leading NAC initiative.
The Cisco NAC Appliance is easily deployed to mitigate security threats posted by noncompliant machines
and unauthorized users.
Q. What is the difference between the Cisco NAC Appliance and NAC-like products from companies such as
Symantec, Trend Micro, and NAI/McAfee?
A. Desktop security companies, including Symantec, Trend Micro, and McAfee, have recently introduced
solutions that enforce policies on individual endpoints. The Cisco NAC Appliance is different. It covers the
entire lifecycle of policy enforcement: authentication, posture assessment, network quarantine, and
remediation. Cisco can offer this robust, integrated set of features because the NAC Appliance uses the
network as the enforcement point rather than individual endpoints. As a result, Cisco NAC solutions are more
effective, and integrate into the network fabric with greater ease than an endpoint-based approach.
Q. Is the Cisco NAC Appliance specific to LAN users? Do I need a separate product to enforce policies on my
remote-access users?
A. The Cisco NAC Appliance applies a uniform set of policies to all incoming devices, regardless of device
ownership, access method, or operating system. Organizations need only one instance of the NAC Appliance
to enforce policies on devices coming through LANs, WLANs, VPNs, and WANs.