IBM Tivoli and Cisco 사용자 설명서
472
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Executive summary
Emerging network security threats, such as viruses, worms, and spyware,
continue to plague customers and drain organizations of money, productivity, and
opportunity. Meanwhile, the pervasiveness of mobile computing has increased
this threat. Mobile users are able to connect to the Internet or the office from
home or public hotspots — and can easily and often unknowingly pick up a virus
and carry it into the corporate environment, thereby infecting the network.
continue to plague customers and drain organizations of money, productivity, and
opportunity. Meanwhile, the pervasiveness of mobile computing has increased
this threat. Mobile users are able to connect to the Internet or the office from
home or public hotspots — and can easily and often unknowingly pick up a virus
and carry it into the corporate environment, thereby infecting the network.
Network Admission Control (NAC) has been designed specifically to ensure that
all endpoint devices (such as PCs, mobile computers, servers, smartphones, and
PDAs) accessing network resources are adequately protected from network
security threats. NAC’s market-leading solutions, which have been embraced by
leading antivirus, security, and management manufacturers, have captured the
attention of the press and analyst communities, as well as organizations of all
sizes.
all endpoint devices (such as PCs, mobile computers, servers, smartphones, and
PDAs) accessing network resources are adequately protected from network
security threats. NAC’s market-leading solutions, which have been embraced by
leading antivirus, security, and management manufacturers, have captured the
attention of the press and analyst communities, as well as organizations of all
sizes.
This appendix explains the vital role that NAC can play as part of a policy-based
security strategy, and describes and defines the available NAC approaches.
security strategy, and describes and defines the available NAC approaches.
The benefit of NAC
Despite years of security technology development and millions of dollars spent in
implementation, viruses, worms, spyware, and other forms of malware remain
the primary issue facing organizations today, according to the 2005 CSI/FBI
Security Report. The large numbers of incidents organizations face annually
result in significant financial impact due to downtime, lost revenue, damaged or
destroyed data, and loss of productivity.
implementation, viruses, worms, spyware, and other forms of malware remain
the primary issue facing organizations today, according to the 2005 CSI/FBI
Security Report. The large numbers of incidents organizations face annually
result in significant financial impact due to downtime, lost revenue, damaged or
destroyed data, and loss of productivity.
The message is clear: traditional security solutions alone have not been able to
address this problem. In response, Cisco Systems has developed a
comprehensive security solution that brings together leading antivirus, security,
and management solutions to ensure that all devices in a networked environment
comply with security policy. NAC allows you to analyze and control all devices
coming into your network. By ensuring that every endpoint device complies with
corporate security policy (that they are running the latest and most relevant
security protections, for example), organizations can significantly reduce or
eliminate endpoint devices as a common source of infection or network
compromise.
address this problem. In response, Cisco Systems has developed a
comprehensive security solution that brings together leading antivirus, security,
and management solutions to ensure that all devices in a networked environment
comply with security policy. NAC allows you to analyze and control all devices
coming into your network. By ensuring that every endpoint device complies with
corporate security policy (that they are running the latest and most relevant
security protections, for example), organizations can significantly reduce or
eliminate endpoint devices as a common source of infection or network
compromise.