The Flow of This Book
As you would hope, a lot of thought was put into how this book was going to be laid out. The book is mean to be very comprehensive in providing a robust understanding of NAC and NAP. The book is broken down into two main sections:
Laying the Foundation
Understanding the Technologies
I remember when I was in the Coast Guard on a boat in Alaska. I was working for a Boatswain Mate who was telling me to perform a task. After getting done telling me to do the task, I told him I didn't understand why he wanted it done in that matter. I recall him clearly saying that he was up on the mountain and had a clear view of why this was important. I was simply in the valley and could not see the big picture. Being in the military, he never did feel the need to tell me the big picture. Clearly, understanding the big picture puts things in perspective. It would have also helped me to perform the tasks better. He obviously didn't think so.
This book will ensure that a good NAC and NAP foundation is laid. Different standards and organizations will be covered, as will terms and technologies. Also, NAC and NAP solutions are all pretty much made up of the same components. They may not all contain each component and vendors may implement components differently, but the role of each component is very similar across the various solutions. A whole chapter is dedicated to understanding what these components will provide. There is a good amount of background information on NAC and NAP terms and technologies.
Adding to the foundation will be justification for the need of different NAC and NAP solutions. When it comes down to it, what threats are really being addressed? After reading these chapters, the reader will be armed with information on actual exploits and tactics that can be mitigated by the different types of NAC and NAP solutions. These are not hypothetical threats that some sales guy is trying to scare you with. These are actual bad things that can happen. Taking the "Ethical Hacking" mindset, the exploits and related steps will actually be shown.
Once you have a firm foundation and are "standing on the mountain," it's time to enter the valley and talk about actual NAC and NAP solutions from different vendors. Needless to say, there are many solutions available today. As with any technology, most of them do a fine job, although some might be considered better than others. The various solutions will be compared against a common set of criteria. For this part of the book, I will do my best to be as objective as possible and allow you to form your own opinion.
With all of the various solutions in the marketplace, it would be impractical to cover all of them. Consequently, I will cover the solutions that occur most commonly in the conversations I have with companies. If you are a vendor reading this book and your solution is not mentioned, don't feel slighted. No solution was purposely excluded. Certainly, Cisco and Microsoft will be covered, as will Fiberlink's Mobile NAC and NAC solutions from companies that are historically Antivirus vendors, such as McAfee and Symantec, will also be mentioned.
Undoubtedly, you will come across NAC or NAP solutions that will not be mentioned in this book. For those, solutions it's really easy to refer to Chapter 4, "Understanding the Need for LAN-based NAC/NAP," and Chapter 5, "Understanding the Need for Mobile NAC." Again, the components will be pretty much the same; the features and bells and whistles will just be different. I actually encourage you to compare various solutions to these chapters and see just how similar many of the solutions actually are.
The following is a breakdown of the chapters included in this book:
Chapter 1: Understanding Terms and Technologies. — This chapter provides an overview of common terms and technologies you should be aware of when discussing NAP/NAC.
Chapter 2: The Technical Components of NAC/NAP Solutions. — This chapter describes the common components of NAC solutions, including how to analyze a security posture, set policies for device analysis, communicate the security policy to the device, and take action based on the security posture. You will also learn about remediating a security deficiency and prepare reports.
Chapter 3: What Are You Trying to Protect?. — This chapter provides an overview of the various devices that require protection and how LAN-based NAC systems and Mobile NAC systems can assist.
Chapter 4: Understanding the Need for LAN-Based NAC/NAP. — This chapter dives into the LAN-based NAC topic and provides more detail on the security reasons for using this system, as well as real-world hacking examples and solutions for security addressing the threats.
Chapter 5: Understanding the Need for Mobile NAC. — This chapter provides more detail on the Mobile NAC solution. You will learn about what to look for in selecting your system, as well as learn specific hacks and threats that affect mobile devices and how to protect against them.
Chapter 6: Understanding Cisco Clean Access. — This chapter provides information about understanding the Cisco Clean Access solution, as well as information about the technical components involved.
Chapter 7: Understanding Cisco Network Admission Control Framework. — This chapter examines the Cisco NAC Framework solution, including information on deployment scenarios and topologies, as well as information about the technical components involved.
Chapter 8: Understanding Fiberlink Mobile NAC. — This chapter examines the Fiberlink Mobile NAC solution, including information on deployment scenarios and topologies, as well as information about the technical components involved.
Chapter 9: Understanding Microsoft NAP Solutions. — This chapter examines the Microsoft NAP solution, including information on deployment scenarios and topologies, as well as information about the technical components involved.
Chapter 10: Understanding NAC and NAP in Other Products. — This chapter ties together all of the information provided in this book and provides some insight into similar technologies not specifically addressed in earlier discussions.
Appendix A: Case Studies and Additional Information. — This appendix provides links to specific case studies and sources of additional information.