|
But these benefits can be a double-edged sword. Allowing remote machines to connect
to the main network can be dangerous for a number of reasons. For example, company
lap tops used at home may be used for more than just office work. Whilst browsing
the web, employees may be unknowingly downloading all manner of malware, which can
then be replicated across the core network the next time the user connects.
As companies increasingly move to a mobile work force, the integrity of devices
connecting to the core network has become an issue. Machines must be checked for
viruses and trojans, and installed security software must be validated. In order to
further protect the network, access can be restricted to particular areas, or controlled
at an application level.
The answer is Network Admission Control, the bouncer on the door of the company
network.
Network Admission Control (NAC), a set of technologies and solutions built on
an industry initiative led by Cisco, uses the network infrastructure to enforce
security policy compliance on all devices seeking to access network computing resources,
thereby limiting damage from emerging security threats.
The Cisco NAC Appliance is an industry leading product that uses network
infrastructure to enforce company security policy compliance on any device which
attempts to connect to the network. With NAC Appliance, network administrators can
authenticate, authorize, evaluate, and remediate wired, wireless, and remote users
and their machines prior to network access. It identifies whether networked devices
such as laptops, IP phones, or game consoles are compliant with network
security policies and repairs any vulnerabilities before permitting access to the
network.
Cisco Network Admission Control is based on four cornerstones: authentication
and posture assessment, policy enforcement, quarantine and remediation, and
centralized management. Capable of recognising a range of devices, the Cisco NAC
Appliance can profile connecting devices and allow access only to those parts of
the network which the user should have access to. Remote workers, contractors
and guests on the network can be finely controlled in both what they can do and
where they can do it. No other access control device on the market offers
Cisco's level of control.
Any device which fails to pass the security check can be quarantined for later
attention by a system administrator. Viruses and trojans picked up from elsewhere
can be kept from the network. Machines which have out of date anti-virus or
spy-ware protection can have their software automatically updated before access is
granted, allowing for the automated roll out of company wide security policy,
saving network administrators time consuming individual updates.
The Cisco NAC appliance is the preferred choice of some of the most security
conscious enterprises in the world. Sun Microsystems employ the NAC appliance
because of the comprehensive protection offered by the device:
"NAC Appliance is a versatile solution that enables us to
unify our business operations and network security," said Mark Connelly,
chief information security officer for Sun Microsystems. "It
delivers NAC's four requisite functions for all segments of our network, and it
does this by distinguishing multiple device types and operating systems. Not all
vendors can do this. The automated enforcement offloads administrative overhead
typically devoted to manual device updates, generating greater savings on our
cost structures - not to mention ensuring secure and efficient operations."
An added convenience comes in the form of single sign on for VPN clients,
wireless clients and Windows Active Directory users, the Cisco NAC Appliance
is the only device of its type to offer this feature.
Cisco were the first to release a NAC appliance in 2003. Since then, many
vendors have scrambled to release their own similar devices, but none offer
either the feature set or the flexibility of deployment of the original. As we
move into a new era of network security, with a greater range of unknown threats,
Cisco continue to stay one step ahead of both the hackers and the competition, developing
world beating technologies to keep modern networks safe. The Cisco NAC Appliance 4
represents the latest development of this ongoing initiative, and is another
example of why Cisilion, whilst selecting the best from other vendors, continues to place
most emphasis on Cisco technologies and expertise.
|
