Assessment Design Procedures

Manager will not match this end‐system and the end‐system is assigned the Security Domain’s default NAC configuration. In addition, the Layer 3 NAC Controller is not able to determine the username associated to the downstream end‐system for matching against user overrides, and the end‐system is assigned the Security Domain’s default NAC configuration.

The following section provides the design procedures for implementing assessment in your NAC deployment.

1. Determine the Number of Assessment Servers

Assessment servers are used to implement assessment functionality in NAC deployments. Use the following parameters to determine the number of required assessment servers for your deployment:

•Load‐sharing requirements.

More than one assessment server may be required to handle the number of end‐systems being assessed at any one time. The number of end‐systems that can be assessed at the same time and the amount of time required to complete an assessment is determined by the number of vulnerabilities being assessed, throughput limitations on the network, and the hardware specifications of the assessment server machine. Load‐sharing of end‐system assessment is implemented in a round robin fashion between the assessment servers available in the assessment resource pool.

•Assessment server redundancy.

To provide redundancy, at least two assessment servers should be configured per NAC deployment, with additional assessment servers added for load‐balancing and scalability purposes.

The same assessment server can be used for multiple Security Domains, and each assessment server can assess end‐systems using different sets of assessment parameters, depending on the device, user, or location is in the network. Here are some examples:

•If guests and other untrusted users are to be assessed for a different set of security vulnerabilities than trusted users, a Security Domain can be associated to the areas of the network where untrusted users connect, and can specify an Assessment Configuration that uses assessment servers configured for the assessment of untrusted users. If trusted users connect to this same Security Domain, another Assessment Configuration that leverages assessment servers configured to assess vulnerabilities of trusted users can be utilized. Note that if several Security Domains require the same assessment parameters, then these Security Domains can be configured to use the same Assessment Configuration.

•If a certain type of end‐system (for example, an end‐system of a particular model, having a particular OS, and running specific services) connects to the network in a certain area, or is identified by MAC address, a Security Domain and MAC override can be associated to this area of the network that uses an Assessment Configuration that leverages assessment servers that assess vulnerabilities specific to that type of end‐system. For example, an area of the network where Microsoft IAS servers connect or where Polycom IP phones connect can be configured to utilize an assessment server configured to scan for Microsoft IAS web server‐ related vulnerabilities or Polycom IP phone default settings.

Enterasys NAC Design Guide 5-17

9034385 specifications

Enterasys Networks 9034385 is a powerful networking component designed to enhance enterprise-level connectivity and ensure robust network management capabilities. This device offers a wide range of features that cater to the demanding requirements of modern businesses, focusing on performance, reliability, and security.

One of the main features of the Enterasys Networks 9034385 is its advanced Layer 2 and Layer 3 switching capabilities, which enable efficient data processing and robust network performance. With support for various VLAN configurations, the device allows organizations to segment their networks effectively, leading to improved security and better traffic management.

Another critical aspect of the 9034385 is its support for high-speed connectivity. The device features multiple gigabit Ethernet ports, providing sufficient bandwidth for data-intensive applications commonly used in enterprise environments. The high-speed connections ensure that users can access applications and data quickly and reliably, minimizing latency issues that can affect productivity.

In terms of management, Enterasys Networks has equipped the 9034385 with advanced monitoring and diagnostic tools. These capabilities allow network administrators to track performance metrics, identify potential issues proactively, and make informed decisions about network resource allocation. The inclusion of SNMP (Simple Network Management Protocol) facilitates seamless integration with network management systems, providing comprehensive oversight of network health and performance.

Security is a paramount consideration for the 9034385, which incorporates advanced security protocols to protect sensitive data. Features such as port security, DHCP snooping, and dynamic ARP inspection help safeguard the network against unauthorized access and cyber threats. Furthermore, the device supports authentication mechanisms like 802.1X, ensuring that only authorized users and devices can connect to the network.

The Enterasys Networks 9034385 also stands out due to its seamless integration with cloud-based services and support for virtualization technologies. This compatibility enables organizations to adopt flexible architectures and manage their resources more efficiently. Additionally, the device is designed with scalability in mind, allowing businesses to expand their networks without significant hardware changes or disruptions.

Overall, the Enterasys Networks 9034385 is a versatile and powerful networking solution ideal for enterprises looking to enhance their network infrastructure while ensuring performance, security, and ease of management. The combination of advanced features and technologies makes it a valuable asset for businesses of all sizes striving for efficient and reliable connectivity.

Enterasys Networks 9034385 manual Assessment Design Procedures

Models: 9034385