Procedures for
Figure 5-2 NAC Configuration
Authentication
The Authentication settings define how RADIUS requests are handled for authenticating end‐ systems (this does not apply to Layer 3 NAC Controllers.) This includes identifying whether MAC authentication requests are proxied upstream or locally authorized, and whether Filter‐ID and Tunnel RADIUS attributes are added to RADIUS messages during the authentication process.
Assessment
The Assessment Configuration defines the following requirements for end‐system assessment:
•What assessment tests to run.
The Assessment Configuration determines what types of assessment tests are executed and what parameters are used. For example, you can specify a Nessus assessment utilizing a specific Nessus configuration file that determines end‐system compliance with the SANS Top 20 vulnerabilities. The same Nessus server can be used to assess Windows machines for Windows‐related vulnerabilities and also assess MAC OS‐based machines for MAC‐related vulnerabilities. In addition, you can specify Nessus as well as other assessment services to jointly determine the security posture of a connecting device.
•What resources to use to run the assessment.
The Assessment Configuration determines what assessment servers are used to perform the assessment. You can balance the assessment load between all your assessment servers, or you can select a specific assessment server pool to use. For example, assuming Nessus is chosen for assessment, end‐systems connecting to the network in the companyʹs headquarters can be assessed with the Nessus server deployed in the headquarters, while end‐systems in a branch office will be assessed with Nessus servers deployed in the branch office, conserving bandwidth utilization on the network.