Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting (Networking Technology)
by Jazib Frahim, Omar Santos, David White
List Price:
Our Price: $30.99
You Save: $29.01 (48%)
Availability: Usually ships in 1-2 business days
Category: Book
See more book details and other editions
Book Summary Information
Author: David White, Jazib Frahim, Omar SantosEdition: Paperback
Audio: English (Original Language); English (Unknown); English (Published)
Published: 2006-12-01
ISBN: 1587052253
Number of pages: 624
Publisher: Cisco Press
Book Reviews of Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting (Networking Technology)
Book Review: Are you ready to NAC?
Summary: 5 Stars
The first volume for Cisco Network Admission Control series explains the architecture, design and components for NAC Framework. The second volume explains the production deployment as well as troubleshooting NAC Framework to build a self-defending network.
I found the second volume more helpful and practical as it provides technical configuration and implementation guidelines. The book is basically divided into four parts: NAC Framework solution Overview, Configuration Guidelines, Deployment Scenarios and finally Managing and Monitoring NAC.
I think that the first chapter is the most important as it explains the NAC Framework solution overview and the components needed to support it. It shows which Cisco network access devices and which Cat or Cisco IOS version support this feature. It explains the difference among NAC-L3-IP, NAC-L2-IP and NAC-L2-802.1X. The chapter includes Cisco online reference so readers can research each device in details and get the most up-to-date list of all Cisco NAC-enabled devices.
The next 11 chapters cover installation, configuration and brief troubleshooting tips for each component: Cisco Trust Agent, VPN Concentrator, ASA and PIX firewall, Cisco Security Agents and even some brief introductions for third party vendor appliances such as QualysGuard Scanner for audit servers.
The following 3 chapters describe the deployment scenario for NAC in small, medium and large businesses. These chapters offer 3 interesting scenarios but all of them are just recaps of configuration mentioned in previous chapters.
The last 2 chapters explain the NAC deployment best practices and NAC monitoring using Cisco CsMARS. The best practices provide guidelines to roll this NAC deployment successfully by completing a readiness assessment of the current infrastructure, identifying responsible party, building lab and test plans as well as tuning and post deployment monitoring. Having experiences in deploying security projects, I believe that they should also add organization security policy which is approved by top management for NAC deployment best practices. This policy will help to remove any major obstacles encountered from end users.
I found this book very helpful in explaining Cisco NAC Framework. The book is definitely not for beginners as understanding of Cisco configuration and familiarity with Cisco products are needed to understand this.
NAC Framework is not for everyone. If you run a Cisco centric shop with the latest hardware and software, this NAC Framework is for you to build the self-defending network on top of your Cisco network and host based IPS, firewall, 802.1X enabled network access devices and others. If not, a much simpler Cisco Clean Access or other third party NAC appliance can probably do the job with less complicated configuration and upfront investment.
The book does not mention anything about Cisco NAC Framework integration or configuration with the new Microsoft NAP (Network Access Protection) although Cisco has officially provided the plan to do this in its web site.
In conclusion, the author has provided a very concise and understandable reading with the few number of pages provided. Each chapter goes straight to the topics, explains in an easy to follow manner, provides a lot of configuration examples and screenshots and closes with online references.
I liked this book a lot and certainly will recommend others to read this. I gave the book five out of five stars.
Summary of Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting (Networking Technology)
Cisco Network Admission Control
Volume II: NAC Framework Deployment and Troubleshooting
The self-defending network in action
Jazib Frahim, CCIE® No. 5459
Omar Santos
David White, Jr., CCIE No. 12,021
When most information security professionals think about threats to their networks, they think about the threat of attackers from the outside. However, in recent years the number of computer security incidents occurring from trusted users within a company has equaled those occurring from external threats. The difference is, external threats are fairly well understood and almost all companies utilize tools and technology to protect against those threats. In contrast, the threats from internal trusted employees or partners are often overlooked and much more difficult to protect against.
Network Admission Control (NAC) is designed to prohibit or restrict access to the secured internal network from devices with a diminished security posture until they are patched or updated to meet the minimum corporate security requirements. A fundamental component of the Cisco® Self-Defending Network Initiative, NAC enables you to enforce host patch policies and to regulate network access permissions for noncompliant, vulnerable systems.
Cisco Network Admission Control, Volume II, helps you understand how to deploy the NAC Framework solution and ultimately build a self-defending network. The book focuses on the key components that make up the NAC Framework, showing how you can successfully deploy and troubleshoot each component and the overall solution. Emphasis is placed on real-world deployment scenarios, and the book walks you step by step through individual component configurations. Along the way, the authors call out best practices and tell you which mistakes to avoid. Component-level and solution-level troubleshooting techniques are also presented. Three full-deployment scenarios walk you through application of NAC in a small business, medium-sized organization, and large enterprise.
?To successfully deploy and troubleshoot the Cisco NAC solution requires thoughtful builds and design of NAC in branch, campus, and enterprise topologies. It requires a practical and methodical view towards building layered security and management with troubleshooting, auditing, and monitoring capabilities.?
?Jayshree V. Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco Systems®
Jazib Frahim, CCIE® No. 5459, is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security.
Omar Santos is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He has more than 12 years of experience in secure data communications.
David White, Jr., CCIE No. 12,021, has more than 10 years of networking experience with a focus on network security. He is currently an escalation engineer in the Cisco TAC, where he has been for more than six years.
- Effectively deploy the Cisco Trust Agent
- Configure Layer 2 IP and Layer 2 802.1x NAC on network access devices
- Examine packet flow in a Cisco IOS NAD when NAC is enabled, and configure Layer 3 NAC on the NAD
- Monitor remote access VPN tunnels
- Configure and troubleshoot NAC on the Cisco ASA and PIX security appliances
- Install and configure Cisco Secure Access Control Server (ACS) for NAC
- Install the Cisco Security Agent Manage-ment Center and create agent kits
- Add antivirus policy servers to ACS for external antivirus posture validation
- Understand and apply audit servers to your NAC solution
- Use remediation servers to automatically patch end hosts to bring them in compliance with your network policies
- Monitor the NAC solution using the Cisco Security Monitoring, Analysis, and Response System (MARS)
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press?Security
Covers: Network Admission Control
$60.00 USA / $75.00 CAN
Privacy Books
- Arts & Photography
- Audiobooks on Cassette
- Audiobooks on CD
- Biographies & Memoirs
- Business & Investing
- Children's Books
- Comics & Graphic Novels
- Computers & Internet
- Cooking, Food & Wine
- e-Books
- Engineering
- Entertainment
- Gay & Lesbian
- Health, Mind & Body
- History
- Home & Garden
- Horror
- Law
- Literature & Fiction
- Medicine
- Mystery & Thrillers
- Nonfiction
- Outdoors & Nature
- Parenting & Families
- Professional & Technical
- Reference
- Religion & Spirituality
- Romance
- Science
- Science Fiction & Fantasy
- Sports
- Teens
- Travel
Nessus Network Auditing, Second EditionSyngress; Published: 2008-05-27; Paperback; Book
Best price: $37.63
Price in other shops:
CISSP Certification All-in-One Exam Guide, 4th Ed.by Shon Harris
McGraw-Hill Osborne Media; Published: 2007-11-09; Hardcover; Book
Best price: $47.45
Price in other shops:
Real Digital Forensics: Computer Security and Incident Responseby Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Addison-Wesley Professional; Published: 2005-10-03; Paperback; Book
Best price: $34.75
Price in other shops:
Security Threat Mitigation and Response: Understanding Cisco Security MARS (Networking Technology)by Dale Tesch, Greg Abelar
Cisco Press; Published: 2006-10-08; Paperback; Book
Best price: $34.44
Price in other shops:
Security Monitoring with Cisco Security MARS (Networking Technology: Security)by Gary Halleen, Greg Kellogg
Cisco Press; Published: 2007-07-16; Paperback; Book
Best price: $43.75
Price in other shops:
Hacker's Challenge 2: Test Your Network Security & Forensic Skillsby Mike Schiffman, Bill Pennington, David Pollino, Adam J. O'Donnell
McGraw-Hill Osborne Media; Published: 2002-12-18; Paperback; Book
Best price: $3.99
Price in other shops:
Hacker's Challenge : Test Your Incident Response Skills Using 20 ScenariosMcGraw-Hill Osborne Media; Published: 2001-10-18; Paperback; Book
Best price: $6.00
Price in other shops:
Hacker's Challenge 3 (Hacking Exposed) (v. 3)by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi
McGraw-Hill Osborne Media; Published: 2006-04-25; Paperback; Book
Best price: $26.34
Price in other shops:
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)by Victor Oppleman, Oliver Friedrichs, Brett Watson
McGraw-Hill Osborne Media; Published: 2005-07-18; Paperback; Book
Best price: $13.80
Price in other shops:
Cisco Access Control Security: AAA Administration Services (Networking Technology)by Brandon James Carroll
Cisco Press; Published: 2004-06-06; Paperback; Book
Best price: $45.26
Price in other shops:
LAN Switch Security: What Hackers Know About Your Switches (Networking Technology: Security)by Eric Vyncke, Christopher Paggen
Cisco Press; Published: 2007-09-16; Paperback; Book
Best price: $43.02
Price in other shops:
Self-Defending Networks: The Next Generation of Network Security (Networking Technology: Security)by Duane De Capite
Cisco Press; Published: 2006-09-10; Paperback; Book
Best price: $32.54
Price in other shops:
Advanced Host Intrusion Prevention with CSA (Networking Technology)by Chad Sullivan, Jeff Asher, Paul Mauvais
Cisco Press; Published: 2006-05-07; Paperback; Book
Best price: $34.88
Price in other shops:
The Complete Cisco VPN Configuration Guide (Networking Technology)by Richard Deal
Cisco Press; Published: 2005-12-25; Paperback; Book
Best price: $58.78
Price in other shops:
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology)by Omar Santos, Jazib Frahim
Cisco Press; Published: 2005-10-24; Paperback; Book
Best price: $53.99
Price in other shops:
Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (Networking Technology: Security)by Dave Hucaby
Cisco Press; Published: 2007-08-19; Paperback; Book
Best price: $46.54
Price in other shops:
Security Threat Mitigation and Response: Understanding Cisco Security MARS (Networking Technology)by Dale Tesch, Greg Abelar
Cisco Press; Published: 2006-10-08; Paperback; Book
Best price: $34.33
Price in other shops:
Security Monitoring with Cisco Security MARS (Networking Technology: Security)by Gary Halleen, Greg Kellogg
Cisco Press; Published: 2007-07-16; Paperback; Book
Best price: $42.83
Price in other shops:
Cisco NAC Appliance: Enforcing Host Security with Clean Access (Networking Technology: Security)by Chad Sullivan, Jamey Heary, Alok Agrawal, Jerry Lin
Cisco Press; Published: 2007-08-16; Paperback; Book
Best price: $39.38
Price in other shops:
Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design (Networking Technology)by Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes
Cisco Press; Published: 2006-12-18; Paperback; Book
Best price: $39.10
Price in other shops: