Some of the security policy compliance checks that NAC can perform include:

￿Determining whether the device is running an authorized version of an operating system.

￿Checking to see if the OS has been properly patched or has received the latest hotfix.

￿Determining whether the device has antivirus software installed, and whether it has the latest set of signature files.

￿Ensuring that antivirus technology is enabled and has been run recently.

￿Determining whether personal firewall, intrusion prevention, or other desktop security software is installed and properly configured.

￿Checking whether a corporate image of a device has been modified or tampered with.

Answers to these and similar security profile questions are then used to make intelligent, policy-based decisions regarding network admission.

Some of the benefits of implementing a NAC solution include:

1.Dramatically improved security of any network, regardless of size or complexity, by helping to ensure that all user network devices conform to security policy. By proactively protecting against worms, viruses, spyware, and malware, organizations are able to focus operations on prevention, rather than on reaction.

2.Extended value of existing investments in the Cisco network, as well as in antivirus, security, and management software, through broad adoption and integration by leading manufacturers.

3.Increased enterprise resilience and scalability by providing a means to inspect and control all devices that connect to the network, regardless of their access methods (routers, switches, wireless, VPN, dialup, for example).

4.Preventing noncompliant and unmanaged endpoint devices from affecting network availability or user productivity.

5.Reduced operating expenses related to identifying and repairing noncompliant, unmanaged, and infected systems.

NAC implementation options

Cisco offers both appliance-based and architecture-based framework approaches to NAC that meet the functional and operational needs of any organization, whether they have a simple security policy requirement or require

474Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 492
Image 492
IBM Tivoli and Cisco manual NAC implementation options