Verfügbarkeit: Network access control for dummies

Network access control for dummies:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Kelley, Jay (VerfasserIn), Campagna, Rich (VerfasserIn), Wessels, Denzil (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Hoboken, NJ Wiley 2009
Schriftenreihe:	... for dummies
Schlagworte:	Computer networks > Access control Computer networks > Security measures Netzwerkverwaltung
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	XVI, 316 S. Ill.
ISBN:	9780470398678

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV035650811
003	DE-604
005	00000000000000.0
007	t
008	090728s2009 a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9780470398678 \|9 978-0-470-39867-8
035			\|a (OCoLC)259742174
035			\|a (DE-599)BVBBV035650811
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
050		0	\|a QA76.9.A25
082	0		\|a 005.8 \|2 22
084			\|a ST 200 \|0 (DE-625)143611: \|2 rvk
100	1		\|a Kelley, Jay \|e Verfasser \|4 aut
245	1	0	\|a Network access control for dummies \|c by Jay Kelley, Rich Campagna and Denzil Wessels
264		1	\|a Hoboken, NJ \|b Wiley \|c 2009
300			\|a XVI, 316 S. \|b Ill.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a ... for dummies
650		4	\|a Computer networks \|x Access control
650		4	\|a Computer networks \|x Security measures
650	0	7	\|a Netzwerkverwaltung \|0 (DE-588)4314339-8 \|2 gnd \|9 rswk-swf
689	0	0	\|a Netzwerkverwaltung \|0 (DE-588)4314339-8 \|D s
689	0		\|5 DE-604
700	1		\|a Campagna, Rich \|e Verfasser \|4 aut
700	1		\|a Wessels, Denzil \|e Verfasser \|4 aut
856	4	2	\|m HBZ Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017705410&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-017705410

Datensatz im Suchindex

_version_	1804139336496578560
adam_text	Titel: Network access control for dummies Autor: Kelley, Jay Jahr: 2009 Table of Contents Introduction................................................................ / About This Book..............................................................................................2 Something You Should Know About This Book..........................................3 What You re Not to Read................................................................................3 Foolish Assumptions.......................................................................................3 How This Book Is Organized..........................................................................4 Part I: Unlocking the Mysteries of NAC...............................................4 Part II: NAC in Your Network................................................................4 Part III: NAC in the Real World.............................................................4 Part IV: The Part of Tens.......................................................................4 Icons Used in the Book...................................................................................4 Where to Go from Here...................................................................................5 Parti: Unlocking the Masteries of NAC.........................7 Chapter 1: Developing a Knack for NAC..........................9 NAC s Evolving Description.........................................................................10 What NAC is and what it does............................................................12 AAA........................................................................................................14 Control freak.........................................................................................15 Evolving on the job..............................................................................15 The last word........................................................................................17 A Diagram Is Worth a Thousand Descriptions..........................................18 Appliance-based NAC solutions: Inline or out-of-band...................18 Switch- or network equipment-based NAC solutions......................22 Client- or host-based NAC solutions..................................................23 Clientless NAC solutions.....................................................................25 Types of deployment...........................................................................25 Layer 2 or Layer 3 enforcement deployment...................................26 The Best NAC Approach...............................................................................28 Do your NAC homework.....................................................................29 Must-have traits of your NAC solution..............................................30 Leveraging What You Have Today..............................................................33 Standards..............................................................................................33 Reuse policies.......................................................................................33 Interface with existing systems..........................................................34 Reporting..............................................................................................34 Chapter 2: Knowing Why You Want NAC.........................35 What Are the Reasons for NAC?..................................................................35 That s Why They re Called Trojan Horses.................................................36 Where Have You Been?.................................................................................37 Wireless Networks and NAC........................................................................38 NAC and Compliance....................................................................................40 The difficult news.................................................................................40 The good news.....................................................................................42 Be Our Guest..................................................................................................43 Off-shoring and Outsourcing........................................................................45 Insider Access and Threats..........................................................................47 Keeping Business Running...........................................................................48 Continuity.............................................................................................48 Telecommuting and remote access...................................................49 Merger or acquisition readiness........................................................49 Chapter 3: The NAC Lifecycle..................................51 Policy and the NAC Lifecycle.......................................................................51 Taking Inventory............................................................................................53 User and machine identity..................................................................54 Clean machines....................................................................................55 How s the weather?.............................................................................55 Putting the Pieces Together.........................................................................56 Not So Fast...................................................................................................57 Let Me In!........................................................................................................58 We re Watching You......................................................................................59 Chapter 4: NAC Components...................................63 Creating Policy...............................................................................................63 Controls.................................................................................................64 Continuous monitoring.......................................................................66 Location................................................................................................66 Oh, one more thing...........................................................................67 Dealing with Clients.......................................................................................68 Client functions....................................................................................68 Not-so-secret agents............................................................................69 Left behind............................................................................................72 Enforcement Time.........................................................................................72 Endpoint................................................................................................73 802.1X....................................................................................................73 Inline......................................................................................................75 IPSec......................................................................................................76 Remediation...................................................................................................76 Chapter 5: SSL VPNs..........................................77 In the Beginning, There Were SSL VPNs.....................................................77 User identity with SSL VPN.................................................................78 Endpoint security with SSL VPN........................................................80 Remote access policy enforcement...................................................90 So ... NAC to Get In.......................................................................................95 SSL VPN Use Cases........................................................................................97 Mobile users.........................................................................................98 Fixed telecommuters...........................................................................99 Mobile users on a kiosk or home machine.......................................99 Business partners or customers on their own machines...............99 Part 11: MAC in j/our Network.................................... 101 Chapter 6: Writing a Corporate Security Policy..................103 What Policies Do You Need?......................................................................103 Acceptable use policy.......................................................................104 Antivirus policy..................................................................................104 Data backup policy............................................................................104 E-mail use policy................................................................................105 Extranet policy...................................................................................105 Mobile device usage policy..............................................................105 Network access control policy.........................................................106 Password policy.................................................................................106 Physical security policy....................................................................107 Remote access policy........................................................................107 Security configuration change policy..............................................107 You Want Me to Do What?..........................................................................108 Being reasonable................................................................................108 Book em, Danno!...............................................................................110 Impressing the big wigs....................................................................110 Coercing your colleagues.................................................................Ill Training the masses..........................................................................111 A Living Document: The Security Policy Lifecycle..................................114 Up to date...........................................................................................115 In sync.................................................................................................115 Getting Started: Standards and Web Resources......................................116 Writing Your Own Security Policy.............................................................116 Chapter 7: Herding the Cattle..................................119 Analyzing the Terrain..................................................................................119 Authentication....................................................................................120 Endpoint checking.............................................................................121 Clients and agents..............................................................................121 Scanning the NAC terrain..................................................................121 A Team Security Blanket.............................................................................122 It s our policy......................................................................................123 The billing of rights...........................................................................123 The team job description..................................................................124 Networking Social........................................................................................126 You gotta have heart.........................................................................127 Don t tread on me..............................................................................128 Use your phasers...............................................................................129 A Clean Desktop)........................................................................................130 Not-so-secret agents..........................................................................132 Compliant with Compliance.......................................................................133 Antivirus (and Anti-malware)...........................................................134 Authentication....................................................................................135 Identity................................................................................................135 Access control....................................................................................135 Encryption..........................................................................................136 Audits..................................................................................................136 Other Players...............................................................................................137 1 + 1 = 3?........................................................................................................138 Help! (Desk)..................................................................................................139 User-bility.....................................................................................................140 Remote users......................................................................................141 Contractors.........................................................................................142 The Cattle Corral.........................................................................................142 Chapter 8: Identifying Who s On My Network...................143 Hey, It s Me...................................................................................................143 Identity Authentication...............................................................................144 Collecting identity..............................................................................145 Transporting credentials..................................................................149 Identity validation..............................................................................151 Authorizing the Workforce.........................................................................153 Chapter 9: Verifying that a PC Is Safe...........................155 All PCs Are Not Created Equal...................................................................156 Which Device Gets the Trust?....................................................................159 Endpoint security applications........................................................159 Operating system and application patches....................................162 Machine identity: Who s on first?....................................................163 Get your certificate............................................................................164 Known vulnerabilities.......................................................................165 Custom policies..................................................................................166 Third-party verification.....................................................................167 Help! My Machine Is Infected!....................................................................167 Remediate...........................................................................................168 Make mine an automatic...................................................................169 To quarantine or not to quarantine, that is the question.............169 Get Scanned in Mid-Stream........................................................................172 Chapter 10: Deciding Where to Enforce.........................175 Operating Modes.........................................................................................175 Evaluate only......................................................................................175 Enforcement.......................................................................................176 Decision making.................................................................................179 Endpoint/Software Enforcement...............................................................180 Host-based..........................................................................................180 Server-based.......................................................................................182 Inline Appliances.........................................................................................182 Firewalls..............................................................................................183 NAC appliances..................................................................................184 Network Infrastructure...............................................................................185 VLANs..................................................................................................186 802.1X..................................................................................................188 MAC authentication...........................................................................190 SNMP and CLI.....................................................................................191 Other Enforcement......................................................................................192 DHCP....................................................................................................192 IPSec....................................................................................................193 ARP......................................................................................................194 Chapter 11: Flipping the Switch................................197 Gearing Up for the Deployment.................................................................197 The proof is in the pudding..............................................................198 The pilot implementation.................................................................199 Sample pilot test plan........................................................................201 Evaluation Before Enforcement.................................................................205 What Are Your Best Practices?..................................................................207 On location.........................................................................................207 Role playing........................................................................................208 Wireless, rather than wired..............................................................209 Function first......................................................................................210 Professional Services and Consulting.......................................................210 Part 111: NAC in the Real World.................................213 Chapter 12: NAC Architectures................................215 Cisco Network Admission Control (Cisco NAC)......................................216 Cisco Trust Agent (CTA)...................................................................217 Cisco Access Control Server (Cisco ACS).......................................217 Network Access Device (NAD).........................................................218 Third-party servers............................................................................218 How Cisco NAC works.......................................................................219 Microsoft Network Access Protection (NAP)..........................................220 Microsoft NAP Agent.........................................................................221 System Health Agents (SHAs) System Health Validators (SHVs)...........................................................................222 Microsoft NAP enforcement components......................................222 Microsoft Network Policy Server (NPS)..........................................225 Third-party remediation servers.....................................................225 Third-party policy servers................................................................225 How Microsoft NAP Works........................................................................226 Trusted Network Connect (TNC)..............................................................227 What is the TNC architecture?.........................................................228 Integrity and identity.........................................................................229 Open interfaces..................................................................................232 Working with the TNC Architecture..........................................................232 Extensibility and architectural options..........................................233 Internet Engineering Task Force QETF) Network Endpoint Assessment (NEA)...................................................................................235 Working Together........................................................................................236 Microsoft NAP-Cisco NAC framework............................................236 Microsoft NAP and TNC....................................................................238 Chapter 13: The Role of Standards.............................241 Making the Case...........................................................................................242 Costs....................................................................................................242 Integration..........................................................................................242 Organization linking..........................................................................243 Filling the roles...................................................................................243 IETF Standards.............................................................................................245 RADIUS: Completing the circle.........................................................245 The simplicity of SNMP.....................................................................246 The lowdown on DHCP.....................................................................248 IseelPSec...........................................................................................250 IEEE Standards.............................................................................................251 The 41 Ion 802. IX..............................................................................251 EAP ? we ve been framed................................................................252 EAP-speak...........................................................................................252 Putting it all together in 802.1X........................................................254 Open NAC Standards...................................................................................255 Trusting TNC......................................................................................255 In the know on NEA...........................................................................257 Chapter 14: Extending NAC....................................259 Learning from Your Network.....................................................................259 TDP/TPS integration.............................................................................260 Security incident and event management integration..................261 Network antivirus integration..........................................................263 Network inventory/device classification integration....................263 Extending NAC Enforcement......................................................................265 Firewall enforcement.........................................................................266 IDP/IPS enforcement..........................................................................267 Network antivirus enforcement.......................................................268 URL/Web-filtering enforcement........................................................269 VPN enforcement...............................................................................270 Application enforcement..................................................................270 Extending NAC on the Endpoint................................................................271 Disk encryption integration..............................................................272 Data leakage prevention integration...............................................272 Peripheral protection suite integration..........................................273 Virtual sandbox desktop virtualization integration......................274 Patch management and remediation integration..........................275 Backup software integration............................................................275 Custom application integration.......................................................276 Pan IV: The Part of Tens...........................................277 Chapter 15: Ten Best Practices................................279 Have a Complete Plan for NAC...................................................................279 Leverage Existing Authentication..............................................................280 Endpoint Compliance..................................................................................280 Policy Enforcement.....................................................................................281 Management.................................................................................................281 Logging, Reporting, and Auditing..............................................................282 Helpdesk Support........................................................................................282 Day-to-Day Operation..................................................................................283 Maintenance and Upgrades........................................................................283 Future Expansion.........................................................................................284 Chapter 16: Ten Steps to Planning Your NAC Implementation.....285 Understand NAC..........................................................................................285 Create (or Revise) Your Corporate Security Policy................................286 Build a Cross-Functional Team..................................................................286 Seek Vendor Info and RFPs.........................................................................287 Test a Proof of Concept..............................................................................287 Implement a Pilot.........................................................................................287 Rollout a Limited Production.....................................................................288 Deploy the Full Production and Evaluate Policies..................................288 Deploy Full Production with Policy Enforcement...................................289 Assess and Re-Evaluate at Regular Intervals...........................................289 Chapter 17: Ten Online Information Sources....................291 Network World on NAC...............................................................................291 Trusted Computing Group.........................................................................291 IETF NEA.......................................................................................................292 Gartner NAC Marketscope..........................................................................292 Forrester NAC Wave....................................................................................293 Cisco NAC.....................................................................................................293 Juniper Networks UAC................................................................................293 Microsoft NAP..............................................................................................293 Symantec NAC..............................................................................................294 Bradford Networks NAC.............................................................................294 Chapter 18: Ten Definitions....................................295 802.1X............................................................................................................295 AAA................................................................................................................296 Endpoint Integrity........................................................................................296 Policy Decision Point..................................................................................297 Policy Enforcement Point...........................................................................297 Statement of Health.....................................................................................298 Trusted Network Connect..........................................................................298 Juniper Networks Unified Access Control................................................298 Microsoft Network Access Protection......................................................299 Cisco s Network Admission Control.........................................................299 Index.......................................................................301
any_adam_object	1
author	Kelley, Jay Campagna, Rich Wessels, Denzil
author_facet	Kelley, Jay Campagna, Rich Wessels, Denzil
author_role	aut aut aut
author_sort	Kelley, Jay
author_variant	j k jk r c rc d w dw
building	Verbundindex
bvnumber	BV035650811
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 200
ctrlnum	(OCoLC)259742174 (DE-599)BVBBV035650811
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01426nam a2200385 c 4500</leader><controlfield tag="001">BV035650811</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">090728s2009 a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780470398678</subfield><subfield code="9">978-0-470-39867-8</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)259742174</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV035650811</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 200</subfield><subfield code="0">(DE-625)143611:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Kelley, Jay</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Network access control for dummies</subfield><subfield code="c">by Jay Kelley, Rich Campagna and Denzil Wessels</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Hoboken, NJ</subfield><subfield code="b">Wiley</subfield><subfield code="c">2009</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVI, 316 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">... for dummies</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Access control</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Netzwerkverwaltung</subfield><subfield code="0">(DE-588)4314339-8</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Netzwerkverwaltung</subfield><subfield code="0">(DE-588)4314339-8</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Campagna, Rich</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Wessels, Denzil</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017705410&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-017705410</subfield></datafield></record></collection>
id	DE-604.BV035650811
illustrated	Illustrated
indexdate	2024-07-09T21:42:28Z
institution	BVB
isbn	9780470398678
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-017705410
oclc_num	259742174
open_access_boolean
physical	XVI, 316 S. Ill.
publishDate	2009
publishDateSearch	2009
publishDateSort	2009
publisher	Wiley
record_format	marc
series2	... for dummies
spelling	Kelley, Jay Verfasser aut Network access control for dummies by Jay Kelley, Rich Campagna and Denzil Wessels Hoboken, NJ Wiley 2009 XVI, 316 S. Ill. txt rdacontent n rdamedia nc rdacarrier ... for dummies Computer networks Access control Computer networks Security measures Netzwerkverwaltung (DE-588)4314339-8 gnd rswk-swf Netzwerkverwaltung (DE-588)4314339-8 s DE-604 Campagna, Rich Verfasser aut Wessels, Denzil Verfasser aut HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017705410&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Kelley, Jay Campagna, Rich Wessels, Denzil Network access control for dummies Computer networks Access control Computer networks Security measures Netzwerkverwaltung (DE-588)4314339-8 gnd
subject_GND	(DE-588)4314339-8
title	Network access control for dummies
title_auth	Network access control for dummies
title_exact_search	Network access control for dummies
title_full	Network access control for dummies by Jay Kelley, Rich Campagna and Denzil Wessels
title_fullStr	Network access control for dummies by Jay Kelley, Rich Campagna and Denzil Wessels
title_full_unstemmed	Network access control for dummies by Jay Kelley, Rich Campagna and Denzil Wessels
title_short	Network access control for dummies
title_sort	network access control for dummies
topic	Computer networks Access control Computer networks Security measures Netzwerkverwaltung (DE-588)4314339-8 gnd
topic_facet	Computer networks Access control Computer networks Security measures Netzwerkverwaltung
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017705410&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT kelleyjay networkaccesscontrolfordummies AT campagnarich networkaccesscontrolfordummies AT wesselsdenzil networkaccesscontrolfordummies

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge