Cisco NAC Appliance: Enforcing Host Security with Clean Access (Paperback)

~ Chad Sullivan (Author), (Author), Alok Agrawal (Author), Jerry Lin (Author)
Key Phrases: device management, online users, event logs, Appliance Server, Appliance Manager, Clean Access Agent (more...)

Editorial Reviews

Product Description

Cisco NAC Appliance

Enforcing Host Security with Clean Access

 

Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance

 

Jamey Heary, CCIE® No. 7680

Contributing authors: Jerry Lin, CCIE No. 6469,

Chad Sullivan, CCIE No. 6493, and Alok Agrawal

 

With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past.

 

Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point.

 

Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy.

 

Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years.

 

• Understand why network attacks and intellectual property losses can originate from internal network hosts
• Examine different NAC Appliance design options
• Build host security policies and assign the appropriate network access privileges for various user roles
• Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide
• Set up and configure the NAC Appliance solution
• Learn best practices for the deployment of NAC Appliance
• Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Cisco Press–Security

Covers: End-Point Security

 

About the Author

About the Author

Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.

 

About the Contributing Authors

Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.

 

Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.

 

Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.

See all Editorial Reviews

Product Details

• Paperback: 576 pages
• Publisher: Cisco Press; 1 edition (August 16, 2007)
• Language: English
• ISBN-10: 1587053063
• ISBN-13: 978-1587053061
• Product Dimensions: 8.9 x 7.3 x 1.3 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon.com Sales Rank: #406,166 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #22 in

  Books > Computers & Internet > Certification Central > Office

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

5.0 out of 5 stars Exceeded Expectations, August 21, 2007

By	Jamie Sanbower - See all my reviews (REAL NAME)

I want to start out by saying that this book completely exceeded my expectations for the first NAC Appliance book. I wish this was published 3 years ago. The author clearly articulates the business benefits of NAC, including how NAC provides return on investment (ROI), which gives any reader the know-how to wisely purchase Cisco NAC Appliance. He also shows his technical expertise by diving extremely deep into the inner workings of Cisco NAC Appliance, which gives engineers, consultants, and operations the information they need to successfully deploy or maintain the product.

This book shows great details into the process flows of In-Band & Out-of-Band users, Clean Access Agent (CAA) users and network scanning users. The information on the different deployment options and how to use them in diverse environments is great to start your NAC Design. This book makes the confusing topics seem easy and manageable.

Some of the highlights that caught my eye and I thought everyone would like were:

- Chapter on Host Security Policy - An amazing deal of information on how to design/create a Host Security Policy as it relates to NAC Appliance is invaluable to deployments

- Exploration of High Availability and Load Balancing - Information on how to load balance Clean Access Servers using the CSM, CSS, ACE and PBR cannot be found anywhere else. This includes saving money on Failover Bundles by using N+1 Failover

- Layer 3 OOB Deployment options - Walk through of the benefits of the different methods of deploying L3 OOB, e.g. PBR, ACLS, VPNs, etc.

- Deployment Best Practices - An entire chapter on how to plan, schedule, and keep all parties happy for your NAC Appliance deployment

- Monitoring & Troubleshooting information - detailed list of all logs located on the CAM and CAS, as well as the information on how to troubleshoot and monitor online users

All in all this is a great book and I would recommend it for all people interested in Buying, Deploying, Operating, or Troubleshooting Cisco NAC Appliance. This is definitely a great reference manual to have at your desk!

1 of 1 people found the following review helpful:

5.0 out of 5 stars This book delivers! , September 11, 2007

By	J. Alexander "CCIE (R&S/Security), CISSP" (CO-United States) - See all my reviews (REAL NAME)

Over the last couple years NAC has moved from being a niche solution and is becoming a mainstream requirement for enterprise organizations. This creates a new set of skills for the network engineer to master. Unfortunately there have been few resources for self study, until now. This book provides everything you need to get started with NAC, weather you are just evaluating the technology or rolling out a full deployment. Get this book and you will have the skills that are sure to be a requirement of any network engineer in the very near future.

Why this book?

1. Credible - The authors field experience with NAC is evident as you read the book. This wasn't written in some ivory tower, these are folks who work on the technology with real world customers every day.

2. Comprehensive - ROI, design options, best practices, configuration examples, troubleshooting. Weather you are evaluating, implementing, or deploying there is something for everyone.

3. Concise - Weighing in at 576 pages it's hardly a short book, however give the amount of ground covered I would call it concise. The book is light on filler material, and since it isn't a certification guide there is anything in there just because it's on the test. Everything in this book is about how to get the job done.

To summarize... I highly recommend this book. Pick up a copy and get up to speed on this fast growing technology.

1 of 1 people found the following review helpful:

4.0 out of 5 stars Great volume : Consider buying, August 26, 2007

By	Wole Akpose "wolexca" (dundalk, md United States) - See all my reviews (REAL NAME)

The Cisco Self Securing Network platform is currently structured around several cornerstone technologies of which the Cisco Clean Access technology is a leading component. The Cisco Clean Access technology is one of several industry wide Network Admission Control (NAC) technologies which rely on a combination of client-server components. The Cisco Clean Access suite includes a client component which could be host-installed applet or a browser based applet that can read basic configuration data from a host machine and communicate compliance to enterprise defined rules/policies which are pre-defined on a clean access server appliance and other coorperating systems. The book, Cisco NAC Appliance is a good guide for administrators deploying this complex set of solutions brought from Perfigo Inc. after Perfigo's acquisition by Cisco 2006.

The book's organization and tone is aimed at security architects, security managers and security administrators. While a security architect will better understand the various deployment options and thus the place of the Cisco NAC framework in an enterprise, security managers will get a comprehensive enough view of the Cisco NAC framework to make the judgment call on actual deployment of the infrastructure and of course make decisions on cost/facility and better grapple with the potential cost benefit requests from enterprise's executive and the security administrator will have a quick guide handbook to help wade through the myriads of documentations from Cisco on its evolving SAFE architecture in general and the NAC framework in particular.

The organization of this book is excellent for the intended audience; six parts covering the basics of host security landscape, design of Cisco NAC appliance, developing a host security policy, the Cisco NAC configuration, some deployment best practices, and of course NAC appliance maintenance and troubleshooting. The six parts are laid out in fifteen accessible chapters spanning more than 500 pages with generous amount of configuration examples and screenshots.

With Cisco now having more than 45% market share in the endpoint access control market, books like these can only increase in importance as a guide to organizations grappling with the decision on what and where to deploy these technologies.

And for this volume, the taste of the pudding remains in the eating. So if you don't have a copy yet, go grab one (so long as you are interested in some endpoint security solutions now or at some point in the future). As for rating, I'll give it my best rating so far, four star out of five.