Enterasys-networks 9034385 Instrukcja Użytkownika Pobierz pdf (Strona 34)

Model 4: End-System Authorization with Assessment and Remediation

2-12 NAC Deployment Models

Required and Optional Components

ThissectionsummarizestherequiredandoptionalcomponentsforModel3.

TheNACGatewayandNACControlleraretheNACappliancesusedtoimplementtheout‐of‐

bandandinlinenetworkaccesscontrolfunctionalityonthenetwork.

NetSightNACManageristhesoftwareapplicationusedtocentrallymanagetheNACappliances

deployedonthenetwork.

NetSightConsoleisthesoftwareapplicationusedto

monitorthehealthandstatusof

infrastructuredevicesinthenetwork,includingswitches,routers,andEnterasysNACappliances

(NACGatewaysandNACControllers).

Assessmentfunctionalityisrequiredbecauseinthisdeploymentmodel,connectingend‐systems

arebeingassessedforsecurityposturecompliance.

ARADIUSserverisonlyrequiredifout‐of‐

bandnetworkaccesscontrolviatheNACGatewayis

implementedwithweb‐basedand/or802.1Xauthentication.

NetSightPolicyManagerisrequiredforallinlineNACdeployments,andrecommendedforout‐

of‐bandNACdeploymentsthatutilizeEnterasyspolicy‐capableswitches.PolicyManager

providestheabilitytocentrallydefineandconfigurethe

authorizationlevelsorpolicies.

NetSightInventoryManagerisanoptionalcomponent,providingcomprehensivenetwork

inventoryandchangemanagementcapabilities.

Model 4: End-System Authorization with Assessment and

Remediation

ThisNACdeploymentmodelimplementsallfiveNACfunctions:detection,authentication,

assessment,authorization,andremediation.InModel3,end‐systemsandendusersconnectedto

thenetworkareauthorizedbasedonthedeviceidentity,useridentity,location,and/orsecurity

postureinformation.And,asexplainedinModel3,itwasnotnecessary

toquarantine

noncompliantend‐systemswhilephasingintheNACsolutiononthenetwork.However,oncea

restrictiveauthorizationlevelisallocatedtononcompliantend‐systems,itisimportanttoinform

theenduseroftherestrictionsandprovidethestepstheycanexecuteforself‐repairofthedevice.

Thisistheprocessofassistedremediation,whichistheNACfunctionintroducedinModel4.

Table 2-3 Component Requirements for Authorization with Assessment

Component

Authorization with

Assessment

NAC Appliance Required

NetSight NAC Manager Required

NetSight Console Required

Assessment Service Required

RADIUS Server Optional

NetSight Policy Manager Optional

NetSight Inventory Manager Optional

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 97 98

Komentarze do niniejszej Instrukcji

Brak uwag

Enterasys-networks 9034385 Instrukcja Użytkownika Strona 34

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Narzędzia Enterasys-networks 9034385