Enterasys-networks 9034385 Manual de usuario descargar pdf (Pagina 36)

Model 4: End-System Authorization with Assessment and Remediation

2-14 NAC Deployment Models

Inline NAC

ForinlineEnterasysNACdeploymentsutilizingtheLayer2orLayer3NACController,theNAC

functionsareimplementedinthefollowingway:

Detection‐AsdescribedinModel2.

Authentication‐AsdescribedinModel2.

Assessment‐AsdescribedinModel3.

Authorization‐AsdescribedinModel3.

Remediation‐Whenanend‐systemis

quarantinedbytheNACController,allwebtrafficsourced

fromthequarantinedend‐systemisredirectedtothelocalRemediationWebServicerunningon

theNACController.TheNACControllerthenreturnstheremediationwebpagetothe

noncompliantend‐system.Noadditionalconfigurationsarerequiredonthenetworkbecause

the

NACControllerexistsinlinewiththetrafficfromquarantinedend‐systems.

Features and Value

InadditiontothefeaturesandvaluesfoundinModel1,Model2,andModel3,thefollowingare

keypiecesoffunctionalityandvaluepropositionssupportedbyModel4,End‐System

AuthorizationwithAssessmentandRemediation:

Self-Service Remediation

IfauserʹsPCissuddenlyquarantinedandtheuserisnotabletoaccesstheexpectedtypesof

services,itisnotonlyimportantthatinformationofthiseventisavailabletoIT,butalsothat

theuserisdirectlynotifiedofthecauseofservicedisruption.Ifthey

arenotnotifiedaboutthe

quarantineaction,theuserwilllikelybelievethatthereisanetworkcommunicationproblem.

ImplementingaNACsolutionthatcanquarantineuserswithoutnotification,may

inadvertentlyincreasecallstotheIThelpdeskfromuserswhoarenotabletoaccessneeded

services.

WiththeEnterasys

NACsolution,network‐basednotificationandremediationareintegrated.

Onceanend‐systemisputintoaquarantinestate,notificationisachievedbyredirectingthe

non‐compliantend‐systemʹswebtraffictoaremediationwebpage.Thewebpagecanbe

maintainedbytheITorganizationandcaninclude

detailsaboutwhytheend‐systemhasbeen

quarantinedandhowausercanfixissuesthatarecausingthenon‐compliantstate.Thelayout

andinformationpresentedonthiswebpageisfullycustomizableincludingchangingheader

andfooterinformation,alteringinformationpresentedtotheuser,andcontrollingtheamount



oftimeorthenumberoftimesanend‐systemisallowedtoinitiatereassessmentafter

attemptingremediation.

Althoughtheend‐systemmaybeabletoaccessthenetworkandtheremediationwebpage,

communicationisprovisionedthroughasetofpolicyrulestoensurethatthereisnodanger

to

therestofthe network.Inorderforaquarantinedusertoregainaccesstonetworkservices,

theymustfirstremediatetheproblemthatactuallycausedthequarantinetooccurinthefirst

place.However,rem ediationdoesnotalwayshavetobemadeavailabletotheuser.Consider

thesituation

whereauserisactingmaliciouslyandthreateningthenetworkanditsservices.

Remediationmaynotbedesirable,andinsteadapersistentquarantinepolicymaybeenforced

tokeeptheuserfromcausinganyharm.

Thekeytothisprocessistheabilityofthenetworktoenforceausagepolicy

thatcompletely

protectsallcriticalresourcesandotherusers,butallowsaccesstokeyremediationassetssuch

aswebserverswithsecuritypatches.TheEnterasysNACsolutionallowsaquarantinepolicy

tobeestablishedwithaveryspecificsetofpolicyrulesthatcanfilterandcontrolnetwork

1 2 ... 31 32 33 34 35 36 37 38 39 40 41 ... 97 98

Comentarios a estos manuales

Sin comentarios

Enterasys-networks 9034385 Manual de usuario Pagina 36

Comentarios a estos manuales

Relacionado con productos y manuales para Herramientas Enterasys-networks 9034385