Tuesday, March 06, 2007

The World of Clean Access

Another update from the front lines of network security. I hope everyone has been well and keeping busy in this ever evolving market. While this blog does focus on CS-MARS... over the next few weeks you'll begin to see me post updates about "everything security at Cisco." My most recent project has me working on a terrific product from Cisco known as Clean Access (aka Cisco NAC Appliance). For those of you in the dark, NAC is a framework and methodology for network security in which security is no longer exclusively adapted in network infrastructure devices, but also end-user work stations.

Let me go into a little detail about Cisco Clean Access (CCA) and how it will be used in our environment. CCA is comprised of a Clean Access Manager (CAM) and Clean Access Server (CAS). The CAM dictates all the policies required to gain access to the network, while the CAS handles authentication of workstations and quarantining as necessary. Both are required components of a Clean Access implementation.

During our initial pilot we will be validating workstations from a remote office, along with select users in our headquarters facility. This brings up some issues that can all be solved based upon the CCA implementation that is selected. Now this update is just a brief overview of my most recent project... but expect updates soon about the infrastructure concepts involved in CCA and some of the configuration involved with the project. The resources on Clean Access are limited on the Internet, so I do want to dedicate a portion of this blog to this exciting product. Continue to expect updates about CS-MARS... along with other Cisco security updates.

-Mike

3 comments:

Anthony said...

Sounds interesting. I heard about NAC a couple months ago and thought it was a great tool for any network. I use to manage an Air Force network and let me tell you it was a headache to get all of the workstations compliant with policy.

I look forward to reading more about it. Thanks.

Fenra said...

Nice post. I look forward to seeing more about the NAC Appliance.

We are lucky enough to be implementing the NAC Framework with ACS in a water and sewer utility control network. We will also probably be using the NAC Appliance between the plant networks and a city wide point to multi-point wireless network connecting lift stations and combined sewer overflows.

Cisco network security is definitely full of exciting technologies when you get to dig down into it.

Anonymous said...

It was very interesting for me to read that blog. Thank you for it. I like such topics and anything that is connected to this matter. I would like to read more soon.