Enterasys-networks 9034385 Bedienungsanleitung PDF herunterladen (Seite 29)

Model 2: End-System Authorization

Enterasys NAC Design Guide 2-7

apasswordintheregistrationwebpage.Thissponsorusernameandpasswordcanbe

validatedagainstanexistingdatabaseonthenetworktoauthenticatethesponsorʹsidentity.

Sponsorsmaybeallowedtosecurelyaccessanadministrativewebpagewheretheycan

delete,add,andmodifyregisteredend‐systemsonthe

networkthattheyhavesponsored.

Withsponsoredregistrationenabled,IToperationscanholdtrustedusersaccountablefor

guestsbroughtontheenterprisenetwork,whilecontrollingaccessforonlyappropriate 

guests.

Post-Connect NAC integration with NetSight Automated Security Manager

NetSightAutomatedSecurityManager(ASM),asoftwareapplicationthatispartofthe

NetSightSuite,hasthecapabilitytosearchtheinfrastructureandlocatetheswitchportof

connection,basedonthereceiptofasecurityeventforaparticularIPaddress.ASMresponds

tothiseventbydisablingtheport

orassigningaVLAN(suchasthequarantineVLAN)tothe

port.Inresponsetoareal‐timesecuritythreatdetectedonthenetwork,ASMcanbe

configuredtonotifyNACManageronthisevent,dynamicallyquarantiningtheMAC

address.Thiseffectivelyrestrictsthequarantinedend‐systemfromaccessingthe

network

fromanylocation,enterprise‐wide.IfASMreversesthequarantineaction,itnotifiesNAC

Manager,andthequarantineisautomaticallyremovedandtheend‐systemisdynamicallyre‐

admittedaccesstonetworkresources.Therefore,thedeploymentofEnterasysNACfurther

increasesthesecuritypostureofthenetworkbyintegratingwith

thereactivethreatresponse

capabilitiesofASM,inadditiontocontrollingaccessandauthorizingconnectingdevices.

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel2.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisoptionalbecauseinthisdeploymentmodel,end‐systemsarenotbeing

assessedforsecurityposturecompliancewhenconnectingtothenetwork.

Table 2-2 Component Requirements for Authorization

Component Authorization

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Optional

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 97 98

Kommentare zu diesen Handbüchern

Keine Kommentare

Enterasys-networks 9034385 Bedienungsanleitung Seite 29

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Werkzeug Enterasys-networks 9034385