Customer Reviews

Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting

5 star:		(2)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

The first volume for Cisco Network Admission Control series explains the architecture, design and components for NAC Framework. The second volume explains the production deployment as well as troubleshooting NAC Framework to build a self-defending network.

I found the second volume more helpful and practical as it provides technical configuration and implementation guidelines. The book is basically divided into four parts: NAC Framework solution Overview, Configuration Guidelines, Deployment Scenarios and finally Managing and Monitoring NAC.

I think that the first chapter is the most important as it explains the NAC Framework solution overview and the components needed to support it. It shows which Cisco network access devices and which Cat or Cisco IOS version support this feature. It explains the difference among NAC-L3-IP, NAC-L2-IP and NAC-L2-802.1X. The chapter includes Cisco online reference so readers can research each device in details and get the most up-to-date list of all Cisco NAC-enabled devices.

The next 11 chapters cover installation, configuration and brief troubleshooting tips for each component: Cisco Trust Agent, VPN Concentrator, ASA and PIX firewall, Cisco Security Agents and even some brief introductions for third party vendor appliances such as QualysGuard Scanner for audit servers.

The following 3 chapters describe the deployment scenario for NAC in small, medium and large businesses. These chapters offer 3 interesting scenarios but all of them are just recaps of configuration mentioned in previous chapters.

The last 2 chapters explain the NAC deployment best practices and NAC monitoring using Cisco CsMARS. The best practices provide guidelines to roll this NAC deployment successfully by completing a readiness assessment of the current infrastructure, identifying responsible party, building lab and test plans as well as tuning and post deployment monitoring. Having experiences in deploying security projects, I believe that they should also add organization security policy which is approved by top management for NAC deployment best practices. This policy will help to remove any major obstacles encountered from end users.

I found this book very helpful in explaining Cisco NAC Framework. The book is definitely not for beginners as understanding of Cisco configuration and familiarity with Cisco products are needed to understand this.

NAC Framework is not for everyone. If you run a Cisco centric shop with the latest hardware and software, this NAC Framework is for you to build the self-defending network on top of your Cisco network and host based IPS, firewall, 802.1X enabled network access devices and others. If not, a much simpler Cisco Clean Access or other third party NAC appliance can probably do the job with less complicated configuration and upfront investment.

The book does not mention anything about Cisco NAC Framework integration or configuration with the new Microsoft NAP (Network Access Protection) although Cisco has officially provided the plan to do this in its web site.

In conclusion, the author has provided a very concise and understandable reading with the few number of pages provided. Each chapter goes straight to the topics, explains in an easy to follow manner, provides a lot of configuration examples and screenshots and closes with online references.

I liked this book a lot and certainly will recommend others to read this. I gave the book five out of five stars.

It is generally believed that the biggest problems in network security come from the outside, but only sometimes is this true. The biggest loses tend to come from the inside. The people inside your company or organization know more about what there is to steal, how to create the most damage, and furthermore may feel that they have a direct reason to be angry and wanting to cause deliberate damage.

The second part of the problem is that todays organizations may have huge networks with many different areas to be protected from many different kinds of people, coming into the systems from many areas withing the organization including other facilities, suppliers, customers, remote salesmen, travelling executives, etc.

Cisco NAC Architecture and Design, the first volume in this series covers the protocols, design concepts, networking structure - in general the higher level preliminary setup of the NAC.

This volume covers the nuts and bolts of the actual installation and management of the Cisco NAC and the integration of the NAC into other Cisco components such as: VPN, ASA, PIX and more.