Many IT managers are shocked by what they find. One IT manager discovered he had several virtual machines on his network he was unaware of another found that more than half of the laptop computers were not running the latest security patches yet another found their desktop security suite was incorrectly configured and that all of their desktop firewalls were disabled.
This insight into your network is one of the greatest benefits of NAC. While few companies deploy NAC for this reason, it is always the first thing IT staff notice and appreciate. Never before have they been able to have this central view of every device on the network and, importantly, the security status of those devices. In spite of your efforts, employees often ignore the rules. Even with NAC, you need to think about authentication of both devices and users.
- Bad for You (Sea Breeze, Book 7).
- Conductor: Distributed Adaptation for Heterogeneous Networks (The Springer International Series in Engineering and Computer Science);
- Implementing NAP and NAC Security Technologies: The Complete Guide to….
- Encyclopedia of Nanoscience and Nanotechnology Volume 1.
For example, many companies are now using Wi-Fi access points to provide easy wireless access to the corporate network, but they forget to add the necessary security. But in our recent survey of 40 small and medium enterprises, more than half used a shared password for all wireless access. Regardless of your choice of encryption, this is an obvious Achilles heel because individual users cannot easily be identified and any change to the shared password creates massive disruption. Identifying wireless users and dealing with changing a shared password regularly is one task that makes wireless access a management nightmare.
This requires every user to authenticate with his or her own username and password when connecting. Although initial setup of WPA Enterprise can be difficult, the day-to-day burden of changing a shared password is eliminated.
WPA Enterprise also means you can give guests access by creating a guest user. I have yet to meet an organisation that didn't have at least one computer on their network that was out of compliance or that presented a direct threat to the network. No matter what they have, if they don't have a way to check devices before they access the network, they risk having a virus or other threat spread across the company.
NAC Buyer’s Guide - IT Security Pages 1 - 17 - Text Version | FlipHTML5
While you may not be able to control everything your employees do, you can take control back of mobile computing and implement better policies and technologies that make sure all devices accessing the network are healthy and secure. You forgot to provide an Email Address. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address. Please check the box if you want to proceed. For companies having trouble finding qualified IT professionals to hire, the solution may be closer than you think.
Therefore, a security enforcement mechanism for the network is required to protect the network against the threats especially from internal. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U. Includes bibliographical references and index. ISBN cloth : alk.
Computer networks Access control. Computer networks Security measures. Computer network protocols. All other trademarks are the propertyof their respective owners. Wiley Publishing, Inc. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Hoffman began his security career while proudly serving his country as a decorated Telecommunications Specialist in the United States Coast Guard.
He gained his operational experience by working his way up in the private sector from a System Administrator to an Information Services IS Manager, Director of IS, and ultimately President of his own security consulting company. He is currently a Senior Engineer for the world leader in mobile workforce security solutions.
Hoffman is well-known for his live hacking demonstrations and online hacking videos, which have been featured by the Department of Homeland Security and included in the curriculum of various educational institutions. He regularly speaks at computer conferences worldwide and has been interviewed as a security expert by media outlets throughout the world, including Forbes, Network World, andnewsweek. Hoffman is a regular columnist for ethicalhacker.
Hoffman is a dedicated and loving father, husband, and son, who takes great pride in his family and realizes that nothing is more important than being there for his wife and children. In addition to his family, Hoffman enjoys politics, sports particularly the Chicago Cubs , music, great food, beer, and friends, and maintains his love of the sea.
Indexer Robert Swanson v. Their expertise and painstaking work have not only made this book possible but have ultimately helped to protect computer systems, corporations, consumers, and citizens everywhere. They are the experts and they deserve praise and recognition. I thank my parents, Roger and Teri, for exposing me to the possibilities in life, while instilling the conviction that I am entitled to absolutely nothing other than what I solely achieve. Thanks also go to my brothers, Jeff and Rich, for their friendship and for setting the bar of success and excellence so high for our family.
I also thank Dan Traina and Rob Cummings for their lifelong friendship, though I am still better at Fantasy Football than either of them. Much gratitude goes to Frank W. Abagnale, whose speech in Washington, DC, inspired me to begin speaking and writing publicly. Thanks to all of my fellow engineers and colleagues at Fiberlink, including my good friend Jamie Ballengee and the team of Moira, Jim, Matt, Jayne, Thomas, Ciaran, and Claus; to ethicalhacker. Donzal for his insight and drive. Special recognition goes to Bill O Reilly for tirelessly focusing on what really matters.
Great appreciation goes out to one of the smartest engineers I know and my technical editor, Jayne Chung, as well as the entire Wiley team, with special thanks to Carol Long, Kevin Shafer, and Dassi Zeidel. To the rest of my family, the reader, all those listed here, and to those I have forgotten, I wish you all fair winds and following seas This confusion leads to many misconceptions and, frankly, many people take bits and pieces of information that they hear and form incorrect assessments of what various products can do and what threats they actually address.
For a living, I get to talk to the security departments of some of the largest companies in the world. I also get to talk to security-minded folks all over the world and share ideas with them when I speak at security conferences. Over the past few years, I ve come to the conclusion that when it comes to NAC and NAP, many people don t understand the technologies and have many misconceptions as to what the solutions consist of and the security value they can offer.
These misconceptions and the confusion in the marketplace are what has prompted me to write this book An Ethical Hacker s Perspective If you re a security engineer like myself, the last person you want telling you about security is a sales or marketing person. Unfortunately, that is often the source of security information, as they are on the front lines communicating those messages. This information is going to come from the perspective of a security engineer who is well versed in the specific threats and how various exploits actually take place.
It will also come from the perspective of a director of information systems IS , IS manager, and system administrator the people xv. The goal of security applications is to mitigate risk. OK, that sounds good and is a valid concern. Should that specific scenario be the top concern based upon the actual threats and exploits that actually exist? I don t think so. Personally, I would be more concerned about a wanted system that is mobile and connecting to public Wi-Fi hotspots, is handling sensitive data, and has been exploited because it hasn t received critical patches in a month and its antivirus and antispyware applications are out of date.
If such systems are exploited because they weren t assessed, restricted, and remediated while they were mobile, is a LAN-based NAC system going to catch a rootkit that is running deep and was installed during this vulnerable period? You can form your own opinion, as this book covers the actual vulnerabilities and exploits that the various types of NACs can address. Then, you can determine what type of solution makes the most sense based upon the risks that are most prevalent to your environment.
I ve heard this statement many times. I ve heard engineers say it. I ve heard salespeople and marketing people say it. The problem is that it s not true. You could integrate Clean Access with Cisco networking equipment, but you don t have to. To provide protection, doesn t the assessment, quarantining, and remediation functionality need to be accessible to provide the protection? If a user is sitting at a Starbucks surfing the Internet, the user simply wouldn t be in. This book will specifically show how mobile devices are particularly susceptible to exploitation and how an exploited mobile device can cause serious problems on the LAN.
Here s another one: NAC solutions automatically fix security deficiencies. That s not really true. As you ll find in this book, many NAC solutions don t contain any remediation servers whatsoever. Some will tie into existing, specific solutions, and others more or less don t have anything to do with remediation. Almost all of the solutions with the exception of Mobile NAC won t fix any security problems for laptops and other systems as the devices are actually mobile. If a device is missing a patch or has a security application disabled, these items must be remediated as the devices are mobile, not just when they attempt to gain access to the corporate network.
After reading this book, you will be in a position where you will be able to see through these misconceptions and any misinformation that might come your way. Most importantly, you won t be one of those people passing along misconceptions. The Flow of This Book As you would hope, a lot of thought was put into how this book was going to be laid out. Iwas working for a Boatswain Mate who was telling me to perform a task. After getting done telling me to do the task, I told him I didn t understand why he wanted it done in that matter.
I recall him clearly saying that he was up on the mountain and had a clear view of why this was important. I was simply in the valley and could not see the big picture. Being in the military, he never did feel the need to tell me the big picture. Clearly, understanding the big picture puts things in perspective.
It would have also helped me to perform the tasks better. He obviously didn t think so. Different standards and organizations will be covered, as will terms and. They may not all contain each component and vendors may implement components differently, but the role of each component is very similar across the various solutions. A whole chapter is dedicated to understanding what these components will provide. When it comes down to it, what threats are really being addressed? After reading these chapters, the reader will be armed with information on actual exploits and tactics that can be mitigated by the different types of NAC and NAP solutions.
These are not hypothetical threats that some sales guy is trying to scare you with. These are actual bad things that can happen. Taking the Ethical Hacking mindset, the exploits and related steps will actually be shown.
Once you have a firm foundation and are standing on the mountain, it s time to enter the valley and talk about actual NAC and NAP solutions from different vendors. Needless to say, there are many solutions available today. As with any technology, most of them do a fine job, although some might be considered better than others. The various solutions will be compared against a common set of criteria. For this part of the book, I will do my best to be as objective as possible and allow you to form your own opinion.
- Risk Assessment, Modeling and Decision Support: Strategic Directions.
- Having a NAC for network security.
- Annals of Theoretical Psychology!
- Racism, Sexism, Power and Ideology (Critical Studies in Racism and Migration).
- CW Nordics: Nordea links up with IBM to meet fintech challenge.
- Games, Logic, and Constructive Sets?
With all of the various solutions in the marketplace, it would be impractical to cover all of them. Consequently, I will cover the solutions that occur most commonly in the conversations I have with companies. If you are a vendor reading this book and your solution is not mentioned, don t feel slighted.
NAC Buyer’s Guide - IT Security
No solution was purposely excluded. Again, the components will be pretty much the same; the features and bells and whistles will just be different. I actually encourage you to compare various solutions to these chapters and see just how similar many of the solutions actually are. The following is a breakdown of the chapters included in this book: Chapter 1: Understanding Terms and Technologies. This chapter describes the common components of NAC solutions, including how to analyze a security posture, set policies for device analysis, communicate the security policy to the device, and take action based on the security posture.
You will also learn about remediating a security deficiency and prepare reports. This chapter dives into the LAN-based NAC topic and provides more detail on the security reasons for using this system, as well as real-world hacking examples and solutions for security addressing the threats. This chapter provides more detail on the Mobile NAC solution. You will learn about what to look for in selecting your system, as well as learn specific hacks and threats that affect mobile devices and how to protect against them.
Chapter 6: Understanding Cisco Clean Access. This chapter provides information about understanding the Cisco Clean Access solution, as well as information about the technical components involved. This chapter examines the Cisco NAC Framework solution, including information on deployment scenarios and topologies, as well as information about the technical components involved. This chapter examines the Fiberlink Mobile NAC solution, including information on deployment scenarios and topologies, as well as information about the technical components involved.
This chapter examines the Microsoft NAP solution, including information on deployment scenarios and topologies, as well as information about the technical components involved. This chapter ties together all of the information provided in this book and provides some insight into similar technologies not specifically addressed in earlier discussions.
How to implement network access control
This appendix provides links to specific case studies and sources of additional information. Hopefully, you find that it isn t a typical, nerdy security book. Well, it might be a little nerdy, but the hacking parts are certainly cool.