Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.

Slides:

Advertisements

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

Network Security Essentials Chapter 11

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Guide to Network Defense and Countermeasures Second Edition

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Information Security in Real Business

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Computer Networks IGCSE ICT Section 4.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

NW Security and Firewalls Network Security

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

Lesson 11: Configuring and Maintaining Network Security

Security fundamentals Topic 10 Securing the network perimeter.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

IS3220 Information Technology Infrastructure Security

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Guest Wireless Service Overview Andrew Rader November, 2013.

1.4 wired and wireless networks lesson 1

Security fundamentals

Network Admission Control: A Survey of Approaches Educause 2008

Chapter 7. Identifying Assets and Activities to Be Protected

Chapter 1: Exploring the Network

HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager

Unit 4 IT Security.

Threat Management Gateway

Introduction to Networking

Introduction to Networking

Chapter 1: Exploring the Network

Introduction to Computers

IS4550 Security Policies and Implementation

2018 Real Cisco Dumps IT-Dumps

Unit 27: Network Operating Systems

Cybersecurity Strategy

Check Point Connectra NGX R60

FIREWALL By Abhishar Baloni I.D

Chapter 4: Protecting the Organization

Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft

(With Hybrid Network Support)

Intel Active Management Technology

Hosted Security.

Presentation transcript:

Cosc 5/4765 NAC Network Access Control

What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication Endpoint-security Assessment Network environment information

What is NAC? (2) Except it’s not that simple –Even the vendors confuse the definition –The architectural options are complicated Multivendor options are even more complex. –There are lots of Questions that arise about varying implementations/vendors.

What is NAC? (3) Wired, wireless, and/or VPN? Is NAC a monitoring system or just for entry onto the network. IE once the security and authentication is done, now what? Is it an application on the computer or not? Inline or outbound monitoring –assuming monitoring

Approaches to NAC Edge control –The principle of a firewall pushed to where the clients connect Core control –NAC device on the network collects authentication and endpoint security info. It enforces policy control Client control –An application on the client that enforces client control. Example: Turning off wireless when the VPN is not connected.

Core Theory Apply a policy for network access across LAN, wireless and VPN infrastructures. The access-control policy –a go/no-go decision on network access –a choice of virtual LANs –As complex as a set of per-user firewall rules defining which parts of the network are accessible.

General deployment A client NAC on the system –Collects client data about the “health” of the system. A policy management appliance –Can be used for authentication –Can be problematic. –Uses data from the client NAC to determine network access. –May also do client monitoring to determine the client is behaving correctly.

Generally how NAC works.

Client NAC Collection of typical data –AntiVirus installed and up to date –Client patched to a standard. –Registry checks –P2P and file sharing –Applications install/not installed. Malware/spyware and commercial software

Without a Client NAC Some implementations allow for clientless NAC –System attempts to determine status of the system Asks the computer for information Some doc’s show it can be falsely detected as an attack.

Monitoring Inline –Allows for post enforcement (monitoring) of systems. –Allows layer 2 through layer 7 (some only layer 4) inspection. Out of band –Little disruption to the network –Can filter based on user and/or categories instead of everything.

A Setup for Cisco NAC

full-featured access control solution can do: Control who can get onto your LAN and limit what resources they can reach Limit the reach of less-trusted or less-known users –such as contractors, technicians, remote users, or offshore workers Restrict who can access sensitive financial or customer records Control access to data based on role, time of day, location, and application Segment users to meet compliance requirements Protect against known and unknown malware Simplify incident response Protect critical application services such as VoIP

full-featured access control solution can not do: Protect information that leaves the premises –via , laptop theft, printouts, or USB storage devices Defend against social engineering Block known malware from entering over the WAN connection Prevent users with authorized access from using data inappropriately

Other issues printers, cameras, PDAs, game consoles, phones and other IP devices for NAC compliance. –These devices (mostly) can not use client NAC software And maybe difficult to categorize correctly or at all. –Some NAC can identify certain devices Most of the IP phones for VOIP, since it will use VOIP protocols.

Lastly. This lecture is far from complete. NAC is still a technology BUZZ word and the standards are in flux. Vendors can’t agree on standards –And don’t work with each other. Some flavors of *nix are currently left out of NAC

Q A &

References Mostly web pages: ml and associated articles linked from this page. ml pdf