Enterasys-networks 9034385 Manuel d'utilisateur Page 34
- Page / 98
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Model 4: End-System Authorization with Assessment and Remediation
2-12 NAC Deployment Models
Required and Optional Components
ThissectionsummarizestherequiredandoptionalcomponentsforModel3.
.
TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐
bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.
NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances
deployedonthenetwork.
NetSightConsoleisthesoftwareapplicationusedto
monitorthehealthandstatusof
infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances
(NACGatewaysandNACControllers).
Assessmentfunctionalityisrequiredbecauseinthisdeploymentmodel,connectingend‐systems
arebeingassessedforsecurityposturecompliance.
ARADIUSserverisonlyrequiredifout‐of‐
bandnetworkaccesscontrolviatheNACGatewayis
implementedwithweb‐basedand/or802.1Xauthentication.
NetSightPolicyManagerisrequiredforallinlineNACdeployments,andrecommendedforout‐
of‐bandNACdeploymentsthatutilizeEnterasyspolicy‐capableswitches.PolicyManager
providestheabilitytocentrallydefineandconfigurethe
authorizationlevelsorpolicies.
NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork
inventoryandchangemanagementcapabilities.
Model 4: End-System Authorization with Assessment and
Remediation
ThisNACdeploymentmodelimplementsallfiveNACfunctions:detection,authentication,
assessment,authorization,andremediation.InModel3,end‐systemsandendusersconnectedto
thenetworkareauthorizedbasedonthedeviceidentity,useridentity,location,and/orsecurity
postureinformation.And,asexplainedinModel3,itwasnotnecessary
toquarantine
noncompliantend‐systemswhilephasingintheNACsolutiononthenetwork.However,oncea
restrictiveauthorizationlevelisallocatedtononcompliantend‐systems,itisimportanttoinform
theenduseroftherestrictionsandprovidethestepstheycanexecuteforself‐repairofthedevice.
Thisistheprocessofassistedremediation,whichistheNACfunctionintroducedinModel4.
Table 2-3 Component Requirements for Authorization with Assessment
Component
Authorization with
Assessment
NAC Appliance Required
NetSight NAC Manager Required
NetSight Console Required
Assessment Service Required
RADIUS Server Optional
NetSight Policy Manager Optional
NetSight Inventory Manager Optional
- Enterasys 1
- Contents 5
- Chapter 3: Use Scenarios 6
- Chapter 4: Design Planning 6
- Chapter 5: Design Procedures 6
- About This Guide 9
- Getting Help 10
- Overview 11
- Deployment Models 12
- NAC Solution Overview 13
- NAC Solution Components 14
- NAC Gateway Appliance 15
- NAC Controller Appliance 15
- 1-6 Overview 16
- Appliance Comparison 17
- 1-8 Overview 18
- NetSight Management 19
- RADIUS Server 20
- Assessment Server 20
- 1-12 Overview 22
- NAC Deployment Models 23
- Features and Value 24
- Implementation 26
- User-Based Authorization 28
- MAC Registration 28
- Inline NAC 31
- Remediation 34
- 2-16 NAC Deployment Models 38
- Use Scenarios 39
- Policy-Enabled Edge 40
- RFC 3580 Capable Edge 41
- Scenario 1 Implementation 42
- Thin Wireless Edge 43
- 3-6 Use Scenarios 44
- Thick Wireless Edge 45
- Scenario 2 Implementation 46
- 3-10 Use Scenarios 48
- Scenario 4: VPN Remote Access 49
- Scenario 4 Implementation 50
- 3-14 Use Scenarios 52
- Design Planning 53
- Survey the Network 54
- 4-4 Design Planning 56
- End-System Capabilities 58
- Authentication Considerations 59
- 4-8 Design Planning 60
- Wired LAN 61
- Wireless LAN 61
- Remote Access WAN 62
- Site-to-Site VPN 62
- Remote Access VPN 63
- 4-12 Design Planning 64
- Design Procedures 65
- 5-2 Design Procedures 66
- NAC Configurations 67
- Authentication 68
- Assessment 68
- Authorization 69
- 5-6 Design Procedures 70
- 5-8 Design Procedures 72
- 5-10 Design Procedures 74
- MAC Overrides 76
- 5-14 Design Procedures 78
- User Overrides 80
- Assessment Design Procedures 81
- 5-18 Design Procedures 82
- 5-20 Design Procedures 84
- 5-22 Design Procedures 86
- 6. VLAN Configuration 88
- 7. Policy Role Configuration 88
- 8. Define NAC Access Policies 88
- Assessment Policy 90
- Quarantine Policy 91
- Inline NAC Design Procedures 92
- 7S4280-19-SYS Up to 2000 94
- 2S4082-25-SYS Up to 2000 94
- 5-32 Design Procedures 96
- Additional Considerations 97
- 5-34 Design Procedures 98
Produits connexes et manuels pour Outils Enterasys-networks 9034385
(34 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.037 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels