This chapter covers the following topics:
Network Admission Control (NAC) is a technology initiative led by Cisco Systems working in collaboration with many leading security vendors, including antivirus and desktop management. Their focus is the creation of solutions that limit security threats, such as worms and viruses. This technology provides a framework using existing Cisco infrastructure to enforce network admission policies on NAC-enabled endpoint devices, guaranteeing software compliance before network access is granted. If an endpoint device is determined noncompliant, a variety of admission actions are available to administrators, and how the actions are implemented is at the discretion of the network administrator. For example, a noncompliant endpoint may be placed in a quarantine area of the network and redirected to a remediation server to load the necessary software or patches. A notification is displayed to the user warning that their device is not compliant or, in the worse case, that they are denied network access entirely. This chapter describes the Cisco NAC Framework, identifies benefits, describes the solution components and how they interoperate, and describes common deployment models. |