Enterasys Networks 9034385 manual Self-Service Remediation, Features and Value, Inline NAC

Model 4: End-System Authorization with Assessment and Remediation

Inline NAC

For inline Enterasys NAC deployments utilizing the Layer 2 or Layer 3 NAC Controller, the NAC functions are implemented in the following way:

Detection ‐ As described in Model 2.

Authentication ‐ As described in Model 2.

Assessment ‐ As described in Model 3.

Authorization ‐ As described in Model 3.

Remediation ‐ When an end‐system is quarantined by the NAC Controller, all web traffic sourced from the quarantined end‐system is redirected to the local Remediation Web Service running on the NAC Controller. The NAC Controller then returns the remediation web page to the noncompliant end‐system. No additional configurations are required on the network because the NAC Controller exists inline with the traffic from quarantined end‐systems.

Features and Value

In addition to the features and values found in Model 1, Model 2, and Model 3, the following are key pieces of functionality and value propositions supported by Model 4, End‐System Authorization with Assessment and Remediation:

Self-Service Remediation

If a userʹs PC is suddenly quarantined and the user is not able to access the expected types of services, it is not only important that information of this event is available to IT, but also that the user is directly notified of the cause of service disruption. If they are not notified about the quarantine action, the user will likely believe that there is a network communication problem. Implementing a NAC solution that can quarantine users without notification, may inadvertently increase calls to the IT help desk from users who are not able to access needed services.

With the Enterasys NAC solution, network‐based notification and remediation are integrated. Once an end‐system is put into a quarantine state, notification is achieved by redirecting the non‐compliant end‐systemʹs web traffic to a remediation web page. The web page can be maintained by the IT organization and can include details about why the end‐system has been quarantined and how a user can fix issues that are causing the non‐compliant state. The layout and information presented on this web page is fully customizable including changing header and footer information, altering information presented to the user, and controlling the amount of time or the number of times an end‐system is allowed to initiate reassessment after attempting remediation.

Although the end‐system may be able to access the network and the remediation web page, communication is provisioned through a set of policy rules to ensure that there is no danger to the rest of the network. In order for a quarantined user to regain access to network services, they must first remediate the problem that actually caused the quarantine to occur in the first place. However, remediation does not always have to be made available to the user. Consider the situation where a user is acting maliciously and threatening the network and its services. Remediation may not be desirable, and instead a persistent quarantine policy may be enforced to keep the user from causing any harm.

The key to this process is the ability of the network to enforce a usage policy that completely protects all critical resources and other users, but allows access to key remediation assets such as web servers with security patches. The Enterasys NAC solution allows a quarantine policy to be established with a very specific set of policy rules that can filter and control network

2-14 NAC Deployment Models