Enterasys-networks 9034385 Manuel d'utilisateur télécharger pdf (Page 35)

Model 4: End-System Authorization with Assessment and Remediation

Enterasys NAC Design Guide 2-13

Assistedremediationinformsenduserswhentheirend‐systemshavebeenquarantineddueto

networksecuritypolicynon‐compliance,andallowsenduserstosafelyremediatetheirnon‐

compliantend‐systemswithoutassistancefromIToperations.Theprocesstakesplacewhenan

end‐systemconnectstothenetworkandassessmentis

performed.Enduserswhosesystemsfail

assessmentarenotifiedviawebredirectionthattheirsystemshavebeenquarantined,andare

instructedinhowtoperformself‐serviceremediationspecifictothedetectedcompliance

violations.

Oncetheremediationstepshavebeensuccessfullyperformedandtheend‐systemiscompliant,

theend

usercaninitiateanon‐demandreassessmentoftheend‐systemandcanbeallocatedthe

appropriatenetworkresources,againwithouttheinterventionofIToperations.

Implementation

InModel4,end‐systemscanbedetected,authenticated,assessed,authorized,andremediatedin

differentwaysdependingonthewhetherinlineorout‐of‐bandnetworkaccesscontrolis

implementedintheEnterasysNACsolution.

Out-of-Band NAC

Forout‐of‐bandEnterasysNACdeploymentsutilizingtheNACGateway,NACfunctionsare

implementedinthefollowingway:

Detection‐AsdescribedinModel2.

Authentication‐AsdescribedinModel2.

Assessment‐AsdescribedinModel3.

Authorization‐AsdescribedinModel3.

Remediation‐Whenend‐systemsarequarantinedbytheNACGateway,

thenetworkmustbe

configuredtodirectalltrafficfromthequarantinedend‐systemstotheNACGateway.Thiscanbe

implementedbyconfiguringpolicy‐basedroutingonarouterinlinewiththetrafficsourcedfrom

quarantinedend‐systems.Thisrouterwouldbeconfiguredtosendallwebtrafficfrom

quarantined

end‐systemstotheNACGateway,whichthenservesbacktheremediationwebpage

totheenduser.

Thewaytherouteridentifiesthetrafficfromquarantinedend‐systemsdiffersbetweenanetwork

composedofpolicy‐enabledswitchesintheaccessedgeoranetworkcomposedofswitches

implementingRFC

3580dynamicVLANassignmentintheaccessedge.ForanEnterasyspolicy‐

enablededge,theQuarantinepolicycanbeconfiguredtorewritetheTypeofService(ToS)valueof

HTTPtraffictoaparticularsettingthatmatchesthepolicy‐basedroutingconfiguration.Foran

RFC3580capableedge,thepolicy‐based

routingwouldbeconfiguredtomatchthesourceIP

addressoftheHTTPtrafficbeinggeneratedfromthesubnetsthatcorrespondstotheQuarantine

and/orAssessingVLAN.Ineithercase,bydirectingtheHTTPtrafficfromquarantinedend‐

systemsovertotheNACGateway,theNACGatewaywillserveback

theremediationwebpageto

thenoncompliantend‐sy stem.

1 2 ... 30 31 32 33 34 35 36 37 38 39 40 ... 97 98

Commentaires sur ces manuels

Pas de commentaire

Enterasys-networks 9034385 Manuel d'utilisateur Page 35

Commentaires sur ces manuels

Produits connexes et manuels pour Outils Enterasys-networks 9034385