The recent introduction of Cisco’s next generation network access control system (ISE) raises the bar for internal network security controls and should make you examine whether this system is appropriate for your organization.
ISE is an integrated network access control system. The system is designed to restrict network access based on criteria defined by the organization. These criteria typically includes any combination of the following:
· Correct user ID & password authentication
· Windows group membership
· Up-to-date operating system patches
· Antivirus software functioning & up-to-date
· Machine owned and managed by the organization
· Operating system and/or browser
Based on these criteria, the level of network access is defined commensurate with risk. For example, machines that do not have updated patches might be permitted to only “talk” to the patch server so that updates can be installed. Further, network access can be defined dynamically based on the users role (i.e., only Human Resources users are permitted access to the servers containing personnel data.) Restricted network access for guest users is a natural extension of this technology, allowing visitors to access the Internet using existing infrastructure while protecting internal resources.
In legacy NAC systems, this control is implemented through dynamic VLAN assignment in conjunction with a separate control point, typically a dedicated firewall or NAC appliance acting as a primitive firewall. More modern 802.1x NAC systems control access at the switch-port level, but have proven difficult to implement and maintain, requiring multiple disparate systems to manage.
Cisco ISE is innovative in that it implements everything mentioned above in a single integrated platform with a rich, flexible set of policy controls. ISE has broad hardware support, including the most common Cisco switches & wireless devices. Further, tools to accommodate non-NAC and/or non-802.1x compatible devices, such as printers, IP phones, or CCTV systems, are cohesive and mature, requiring minimal effort to maintain.
Employing security consultants and engineers with broad cross-functional experience, NWN STAR is uniquely qualified to design and implement Cisco ISE systems. Our engineers have implemented NAC systems across a variety of industries, including government, education, banking, retail, and healthcare environments. NWN recently became one of the first Cisco partners to be trained and certified to implement these systems for both small- and large-scale environments.
Posts
No comments:
Post a Comment