Enterasys-networks 9034385 Manual do Utilizador descarregar pdf (Página 53)

Enterasys NAC Design Guide 4-1

Design Planning

ThischapterdescribesthestepsyoushouldtakeasyoubeginplanningyourNACdeployment.

Thefirststepistoidentifythedeploymentmodelthatbestmeetsyourbusinessobjectives.Then,

thecurrentnetworkinfrastructuremustbeevaluatedinordertodetermineNACcomponent

requirements.Basedonthisevaluation,youwill

beabletodecidewhethertodeployinlineorout‐

of‐bandnetworkaccesscontrol.

Identify the NAC Deployment Model

WhenplanningyourNACdeployment,thefirststepistoidentifytheNACdeploymentmodel,or

aphasedimplementationofmultipledeploymentmodels,thatmeetsyourNACbusiness

objectives.Thefourdeploymentmodelsaresummarizedbelow.Formoreindepthinformation on

eachmodel,seeChapter 2,NACDeploymentModels.

•Model

#1:End‐SystemDetectionandTracking

EnterasysNACdetectsdevicesastheyconnecttothenetwork,identifyingthelocation,MAC

address,IPaddress,andusernameofthepersonusingtheend‐system.Thisinformationis

maintainedovertimeforeachdeviceonthenetwork,yieldingcompletehistoricalinformation

aboutadevice

asitinteractswiththenetwork.

•Model#2:End‐SystemAuthorization

EnterasysNACdetects,authenticates,andauthorizesconnectingend‐systems,tocontrol

accesstonetworkresourcesbasedonlocationaswellasuserandend‐systemidentity.

•Model#3:End‐SystemAuthorizationwithAssessment

EnterasysNACisdeployedwithend‐systemassessmentand

authorization(butwithout

remediation),tocontrolaccesstonetworkresourcesbasedonthesecuritypostureofa

connectingend‐system.Compliantend‐systemsarepermittedontothenetwork,whileend‐

systemsthatfailassessmentcanbedynamicallyquarantinedwithrestrictivenetworkaccess.

•Model#4:End‐SystemAuthorizationwithAssessmentandRemediation

Inadditiontoend‐systemassessmentandauthorization,EnterasysNACisdeployedwith

remediationtodynamicallyinformquarantinedend‐systemsofsecuritycompliance

violations.Usingweb‐basednotification,assistedremediationallowsendusersthathave

For information about... Refer to page...

Identify the NAC Deployment Model 4-1

Survey the Network 4-2

Identify Inline or Out-of-band NAC Deployment 4-11

Summary 4-11

1 2 ... 48 49 50 51 52 53 54 55 56 57 58 ... 97 98

Sem comentários

Enterasys-networks 9034385 Manual do Utilizador Página 53