Implementing NAP and NAC Security Technologies : The Complete Guide to Network Access Control
by Hoffman, Daniel V.Edition: 1st
Format: Hardcover
Pub. Date: 2008-04-21
Publisher(s): Wiley
Other versions by this Author
List Price: $58.67
Buy New
Usually Ships in 3-4 Business Days
$58.61
Rent Textbook
Select for Price
Used Textbook
We're Sorry
Sold Out
eTextbook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
This guide presents real-world hacking scenarios along with complete implementation guidance for the right NAP/NAC solution, so you can understand which solution makes the most sense based upon the most prevalent risks in your environment. Follow the actual steps hackers take to perform specific exploits, determine which security solutions will stop the exploits from happening, and learn all about the standard components of any NAP/NAC solution. By learning to analyze a security posture, set policies for device analysis, and communicate with the device, youll be able to take action.
Author Biography
Daniel V. Hoffman has designed mobile security solutions for the largest companies in the world. His hacking and security expertise has been featured in educational curriculum, conferences, and media outlets globally. He is the author of Blackjacking: Security Threats to Blackberry Devices, PDAs, and Cell Phones in the Enterprise, also from Wiley.
Table of Contents
| Acknowledgments | |
| Introduction | |
| Understanding Terms and Technologies | |
| Who Is the Trusted Computing Group? | |
| Is There a Cisco NAC Alliance Program? | |
| NAC-Certified Shipping Product | |
| Developing NAC Solutions | |
| Understanding Clientless and Client-Based NAC | |
| Clientless NAC | |
| Client-Based NAC | |
| Pre-Admission NAC | |
| Post-Admission NAC | |
| Summary | |
| The Technical Components of NAC Solutions | |
| Analyzing the Security Posture | |
| What to Analyze? | |
| Does Your Company Have the ææStrengthÆÆ? | |
| Patch Analysis Best Practices | |
| How the Analysis Takes Place | |
| Utilizing APIs for Analysis | |
| Monitoring Processes | |
| Monitoring for Unwanted Processes and Applications | |
| Setting Policy for Device Analysis | |
| The Need for Different Analysis Policies | |
| Communicating the Security Posture of the Device | |
| Communicating with NAC/NAP-Specific Software Components | |
| Communicating the Security Posture to Third-Party Applications | |
| Communicating with Network Devices | |
| Cisco Trust Agent | |
| Understanding TCG IF-TNCCS and Microsoft IF-TNCCS-SOH | |
| Taking Action Based on the Security Posture | |
| Mobile NAC Action | |
| LAN-Based NAC Actions | |
| Remediating the Security Deficiency | |
| Remediation Actions | |
| The Reporting Mechanism | |
| Knowing the Current State of Devices | |
| Helping with Audits and Compliance Standards | |
| Reports Help Find the Problem | |
| Summary | |
| What Are You Trying to Protect? | |
| LAN-Based NAC | |
| Sedentary Desktop | |
| Laptops Used on and off the LAN | |
| Mobile-Only Laptops | |
| Employee-Owned Home Computers | |
| Unknown Devices | |
| PDAs and Other Devices | |
| Mobile NAC | |
| Dangers of Mobility | |
| Sedentary Desktop | |
| Laptops Used on and off the LAN | |
| Mobile-Only Laptops | |
| Employee-Owned Home Computers | |
| Pros | |
| Cons | |
| Unknown Devices | |
| PDAs and Other Devices | |
| Summary | |
| Understanding the Need for LAN-Based NAC/NAP | |
| The Security Reasons for LAN-Based NAC | |
| Unintentional LAN-Based Threats | |
| The Pros and Cons of a Guest Network | |
| Pro | |
| Con | |
| The Pros and Cons of Assessing Each Device | |
| Pro | |
| Con | |
| Real-World Example of an Unintentional Threat | |
| Infecting by Transferring Files | |
| How Files Really Get Transferred | |
| Infecting via Worms | |
| System Changes | |
| Registry | |
| Does LAN-Based NAC Protect against Infection? | |
| Intentional LAN-Based Threats | |
| Exploitation by Authorized Access and Malicious Use | |
| Exploitation by Authorized Physical Access and Unauthorized LAN Access | |
| Exploitation with Unauthorized Physical Access and Unauthorized LAN Access | |
| Exploitation from Unauthorized Wireless and Remote Access Connectivity to the LAN | |
| Does LAN-Based NAC Protect against Intentional Threats? | |
| Summary | |
| Understanding the Need for Mobile NAC | |
| WhatÆs the Primary Need? | |
| Why Companies Look to Mobile NAC | |
| Mobile NAC and Compliance Regulations | |
| Mobile NAC and Direct Attacks | |
| Exploiting Laptops with Direct Attacks | |
| View aWeb Page for Two Seconds and Get Hacked! | |
| Protecting against AP Phishing and Evil Twin | |
| Using Mobile NAC to Protect against Attacks | |
| Why Proxy Settings DonÆt Offer Robust Security | |
| Mobile NAC and theWireless Threat | |
| Public Wi-Fi Hotspot Risks | |
| The Risky Home Office | |
| Wireless AttacksWhen ThereÆs No Wireless Network | |
| Mobile NAC and the Malware Threat | |
| How Old Should Antivirus Definitions Be? | |
| Adware IsnÆt Your Biggest Problem | |
| Encryption IsnÆt All You Need to Protect Data | |
| Summary | |
| Understanding Cisco Clean Access | |
| Deployment Scenarios and Topologies | |
| Cisco Clean Access | |
| The Cisco NAC Guest Server | |
| The Technical Components of Cisco Clean Access | |
| Analyzing the Security Posture of a Device | |
| Setting Policy for Device Analysis | |
| Communicating the Security Posture of the Device | |
| Taking Action Based on the Security Posture | |
| Remediating the Security Deficiency | |
| The Reporting Mechanism | |
| The Cisco NAC Profiler | |
| The Purpose of Cisco Clean Access | |
| Unauthorized Users | |
| Authorized Users with Deficient Security Postures | |
| Mobile Users | |
| Summary | |
| Understanding Cisco Network Admission Control Framework | |
| Deployment Scenarios and Topologies | |
| Network Admission Control Framework | |
| The Technical Components of the Cisco NAC Framework | |
| Analyzing the Security Posture of a Device | |
| Setting Policy for Device Analysis | |
| Communicating the Security Posture of the Device | |
| Taking Action Based on the Security Posture | |
| Remediating the Security Deficiency | |
| The Reporting Mechanism | |
| The Purpose of Cisco NAC | |
| Unauthorized Users | |
| Authorized Users with Deficient Security Postures | |
| Mobile Users | |
| Summary | |
| Understanding Fiberlink Mobile NAC | |
| Deployment Scenarios and Topologies | |
| Fiberlink Mobile NAC Components | |
| The Technical Components of Fiberlink Mobile NAC | |
| Analyzing the Security Posture of a Device | |
| Setting Policy for Device Analysis | |
| Communicating the Security Posture of the Device | |
| Taking Action Based on the Security Posture | |
| Remediating the Security Deficiency | |
| The Reporting Mechanism | |
| The Purpose of Fiberlink Mobile NAC | |
| Unauthorized Users | |
| Authorized Users with Deficient Security Postures | |
| Mobile Users | |
| Summary | |
| Understanding Microsoft NAP Solutions | |
| Deployment Scenarios and Topologies | |
| Network Access Quarantine Control | |
| Microsoft 802.1x | |
| NAP | |
| The Technical Components of Microsoft NAP | |
| Analyzing the Security Posture of a Device | |
| Setting Policy for Device Analysis | |
| Connection Request Policies | |
| Health Policies | |
| Network Access Protection Policies | |
| Network Policies | |
| Communicating the Security Posture of the Device | |
| Taking Action Based on the Security Posture | |
| Remediating the Security Deficiency | |
| The Reporting Mechanism | |
| The Purpose of Microsoft NAP | |
| Unauthorized Users | |
| Authorized Users with Deficient Security Postures | |
| Mobile Users | |
| Summary | |
| Understanding NAC and NAP in Other Products | |
| NAC-Like Functionality in Non-NAC Technologies | |
| NAC Functionality in IPSec VPN | |
| NAC Functionality in SSL VPN | |
| NAC and NAP Solutions from Other Vendors | |
| What to Look for in a NAC/NAP Solution | |
| Other NAC/NAP Vendors | |
| Summary | |
| Appendix A Case Studies and Additional Information | |
| Cisco Clean Access | |
| McAfee NAC | |
| Bradford Networks | |
| Juniper Uniform Access Control | |
| Bibliography | |
| Index | |
| Table of Contents provided by Publisher. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.