6.3. The Purpose of Cisco Clean Access

After reading this chapter, the purpose of Cisco Clean Access should be rather clear — it is a technology that helps protect the LAN from unauthorized users and devices and to control the access of devices that have a deficient security posture. From a product perspective, Cisco describes the purpose and benefits of Clean Access as follows:

  • Security policy compliance — Ensures that endpoints conform to security policy; protects infrastructure and employee productivity; secures managed and unmanaged assets; supports internal environments and guest access; tailors policies to your risk level.

  • Protects existing investments — Is compatible with third-party management applications; flexible deployment options minimize need for infrastructure upgrades.

  • Mitigates risks from viruses, worms, and unauthorized access — Controls and reduces large-scale infrastructure disruptions; reduces OpEx and helps enable higher IT efficiency; integrates with other Cisco Self-Defending Network components to deliver comprehensive security protection.

Based upon the technical solution as it has been described in this chapter, let's compare how the solution stands up to the various types of users who may be accessing the network.

6.3.1. Unauthorized Users

A big reason why companies look at a NAC solution is to control unauthorized access to their LANs. The Clean Access solution can control this problem by ensuring that all devices accessing the LAN be authenticated and assessed before being provided access. The solution includes Client and Clientless modes, so even devices that cannot have the CAA installed can still be authenticated and assessed. If authentication fails and/or the security posture of the device is deficient, access to the network can be restricted or blocked.

6.3.2. Authorized Users with Deficient Security Postures

The Clean Access solution can assess the security posture of devices either with the CAA installed on the devices or by using Network Scanning. The CAA will provide much greater detail in the assessment. If the security posture of the device is deficient, it can be restricted, or access to the network can be blocked. An opportunity to remediate the deficiency can also be made available.

6.3.3. Mobile Users

Mobile users can be assessed at two points with this solution. The first is when the user physically returns to the LAN, and the second is when the user VPNs back into the network. While this provides a layer of protection to the LAN, this solution does not provide any protection to the mobile device as the device is mobile. The assessment, quarantining, and remediation elements are not in play as the device is mobile. Figure 6-15 illustrates how the Clean Access solution protects the LAN from mobile devices as they attempt to gain access to the network.

Figure 6-15. Protecting the LAN from mobile devices

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.219.102.189