사용자 설명서차례Front cover1Contents5Notices9Trademarks10Preface11The team that wrote this redbook12Become a published author14Comments welcome15Summary of changes17January 2007, Second Edition17Part 1 Architecture and design19Chapter 1. Business context211.1 The security compliance and remediation concept221.2 Why we need this231.3 Does this concept help our mobile users251.4 Corporate security policy defined261.5 Business driver for corporate security compliance261.6 Achievable benefits for being compliant271.7 Conclusion28Chapter 2. Architecting the solution312.1 Solution architectures, design, and methodologies322.1.1 Architecture overview322.1.2 Architectural terminology372.2 Definition of a Network Admission Control project442.2.1 Phased rollout approach442.3 Design process462.3.1 Security compliance management business process462.3.2 Security policy life cycle management482.3.3 Solution objectives502.3.4 Network design discussion512.4 Implementation flow532.5 Scalability and high availability532.6 Conclusion55Chapter 3. Component structure573.1 Logical components583.1.1 Network Admission Control593.1.2 Compliance643.1.3 Remediation693.2 Physical components703.2.1 Network client703.2.2 Network access infrastructure723.2.3 IBM Integrated Security Solution for Cisco Networks servers723.3 Solution data and communication flow733.3.1 Secure communication803.4 Component placement813.4.1 Security zones813.4.2 Policy enforcement points853.5 Conclusion92Part 2 Customer environment93Chapter 4. Armando Banking Brothers Corporation954.1 Company profile964.2 Current IT architecture974.2.1 Network infrastructure974.2.2 IBM Integrated Security Solution for Cisco Networks lab984.2.3 Application security infrastructure1034.2.4 Middleware and application infrastructure1044.3 Corporate business vision and objectives1054.3.1 Project layout and implementation phases1054.4 Conclusion109Chapter 5. Solution design1115.1 Business requirements1135.2 Functional requirements1145.2.1 Security compliance requirements1145.2.2 Network access control requirements1145.2.3 Remediation requirements1155.2.4 Solution functional requirements1155.3 Implementation architecture1195.3.1 Logical components1205.3.2 Physical components1345.4 Conclusion141Chapter 6. Compliance subsystem implementation1436.1 Tivoli Security Compliance Manager setup1446.1.1 Installation of DB2 database server1446.1.2 Installation of Tivoli Security Compliance Manager server1586.2 Configuration of the compliance policies1706.2.1 Posture collectors1716.2.2 Policy collector1726.2.3 Installation of posture collectors1736.2.4 Customization of compliance policies1796.2.5 Assigning the policy to the clients2046.3 Deploying the client software2076.3.1 Cisco Trust Agent2086.3.2 IBM Tivoli Security Compliance Manager client2176.4 Conclusion230Chapter 7. Network enforcement subsystem implementation2317.1 Configuring NAC Framework components2327.1.1 Configuring the Cisco Secure ACS for NAC L2 802.1x2327.1.2 Configuring the Cisco Secure ACS for NAC L2/L3 IP3017.1.3 Deployment of the network infrastructure3097.2 Configuring NAC Appliance components3217.2.1 Installing CCA Agent3227.2.2 Configuring a CCA OOB VG server3247.2.3 Deployment of the network infrastructure3707.3 Conclusion372Chapter 8. Remediation subsystem implementation3738.1 Automated remediation enablement3758.2 Remediation server software setup3768.2.1 Prerequisites3768.2.2 Tivoli Configuration Manager3778.2.3 Configuration of the remediation server4038.2.4 Installation of the Software Package Utilities4128.3 Creating remediation instructions for the users4158.3.1 Locating HTML4168.3.2 Variables and variable tags4208.3.3 Debug attributes4248.3.4 Creating HTML pages for ABBC policy4278.4 Building the remediation workflows4358.4.1 Modification of the remediation packages4548.5 Conclusion455Part 3 Appendixes457Appendix A. Hints and tips459Deployment overview460Top-level sequence of events462Security Compliance Manager and NAC compliance subsystem464Cisco NAC sequence of events465Fault isolation466Security Compliance Manager server and client468Communication port usage469Tools and tricks469Cisco NAC469Tools and tricks for the client471NAC Appliance details473NAC Appliance integration475Conclusion488Appendix B. Network Admission Control489Executive summary490The benefit of NAC490Dramatically improve network security491NAC implementation options492The NAC Appliance493NAC Framework solution494Investment protection494Planning, designing, and deploying an effective NAC solution495The next steps496NAC technology496NAC Appliance components496NAC Framework components497Appendix C. Additional material499Locating the Web material499Using the Web material500How to use the Web material500Related publications501IBM Redbooks501Other publications501Online resources502How to get IBM Redbooks502Help from IBM503Index505Back cover516크기: 14.2메가바이트페이지: 516Language: English매뉴얼 열기