Cisco’s Network Admission Control (NAC)
Posted by creining | Filed under Security
I just learned about Cisco’s Network Admission Control (NAC) which is a “an industry-wide collaboration led by Cisco Systems that focuses on limiting damage from emerging security threats such as viruses and worms. Customers using NAC can allow network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of noncompliant devices.” I have liked the idea of allowing network access based on the status of the clients current antivirus state or patch level since I saw it in effect with Checkpoint’s Integrity product. When you can isolate noncompliant machines from compliant ones, you severely lessen the risk of a potential virus or worm outbreak. At the same time, these noncompliant machines can be given reduced network access, so for instance, give them only access to the companies antivirus server where they get current definitions or only to Microsoft’s netblock of windowsupdate servers so they can be brought up to current patch level and will therefore become compliant.
Comments are closed.