Cisco.Press.Cisco.NAC.Appliance.Enforcing.Host.Security.with.Clean.Access.pdf

(37970 KB) Pobierz
648835454 UNPDF
Cisco NAC Appliance:
Enforcing Host Security
with Clean Access
Jamey Heary, CCIE No. 7680
Contributing Authors:
Jerry Lin, CCIE No. 6469
Chad Sullivan, CCIE No. 6493
Alok Agrawal
Cisco Press
Cisco Press
800 East 96th Street
Indianapolis, Indiana 46240 USA
648835454.023.png
ii
Cisco NAC Appliance:
Enforcing Host Security with Clean Access
Jamey Heary, CCIE No. 7680
Contributing Authors:
Jerry Lin, CCIE No. 6469
Chad Sullivan, CCIE No. 6493
Alok Agrawal
Copyright © 2008 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic
or mechanical, including photocopying, recording, or by any information storage and retrieval system, without
written permission from the publisher, except for the inclusion of brief quotations in a review.
Library of Congress Cataloging-in-Publication Data
Heary, Jamey.
Cisco NAC appliance : enforcing host security with clean access / Jamey Heary ; contributing authors, Jerry Lin ...
[et al.].
p. cm.
ISBN 978-1-58705-306-1 (pbk.)
1. Computer networks--Security measures. 2. Computers--Access control. I. Title.
TK5105.59H42 2007
005.8--dc22
2007026204
Printed in the United States of America
First Printing August 2007
ISBN-13: 978-1-58705-306-1
ISBN-10: 1-58705-306-3
Warning and Disclaimer
This book is designed to provide information about Cisco NAC Appliance. Every effort has been made to make this
book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither
liability nor responsibility to any person or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capital-
ized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service mark.
iii
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted
with care and precision, undergoing rigorous development that involves the unique expertise of members from the
professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could
improve the quality of this book or otherwise alter it to better suit your needs, you can contact us through e-mail at
feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,
which may include electronic versions and/or custom covers and content particular to your business, training goals,
marketing focus, and branding interests. For more information, please contact:
U.S. Corporate and Government Sales
1-800-382-3419
corpsales@pearsontechgroup.com
For sales outside the United States, please contact:
International Sales international@pearsoned.com
Publisher
Paul Boger
Associate Publisher
Dave Dusthimer
Cisco Representative
Anthony Wolfenden
Cisco Press Program Manager
Jeff Brady
Executive Editor
Brett Bartow
Managing Editor
Patrick Kanouse
Development Editor
Andrew Cupp
Project Editor
Seth Kerney
Copy Editor
Mike Henry
Technical Editors
Prem Ananthakrishnan, Niall El-Assaad, Sheldon Muir
Editorial Assistant
Vanessa Evans
Book Designer
Louisa Adair
Composition
ICC Macmillan, Inc.
Indexer
Tim Wright
Proofreader
Karen A. Gill
648835454.024.png 648835454.025.png 648835454.026.png 648835454.001.png 648835454.002.png 648835454.003.png 648835454.004.png 648835454.005.png 648835454.006.png 648835454.007.png 648835454.008.png 648835454.009.png 648835454.010.png 648835454.011.png 648835454.012.png 648835454.013.png 648835454.014.png 648835454.015.png 648835454.016.png 648835454.017.png 648835454.018.png 648835454.019.png 648835454.020.png 648835454.021.png 648835454.022.png
iv
About the Author
Jamey Heary , CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems,
Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000.
He currently leads its Western Security Asset team and is a field advisor for the U.S. security virtual
team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network
consultant and project leader. Before that he was the lead network and security engineer for a financial
firm whose network carries approximately 12 percent of the global equities trading volume worldwide.
His areas of expertise include network and host security design and implementation, security regulatory
compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft
MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13
years and in IT security for 9 years. He has a BS from St. Lawrence University.
About the Contributing Authors
Jerry Lin , CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern Califor-
nia. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise cus-
tomers in areas such as software development, local government agencies, K–12 and universities, high-
tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers.
He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in
the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry
earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of
California, Irvine.
Chad Sullivan , CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior
security engineer and owner of Priveon, Inc., which provides leading security solutions to customers
globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco.
Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent
product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.
Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access)
product. He leads the technical marketing team developing technical concepts and solutions and
driving future product architecture and features. He works with the Cisco sales and partner community
to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security
Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a
strong background in routing and switching and host security design and implementation. Alok holds
a master’s degree in electrical engineering from the University of Southern California and a bachelor’s
degree in electronics engineering from the University of Mumbai.
v
About the Technical Reviewers
Prem Ananthakrishnan is currently a technical marketing engineer for the Cisco NAC Appliance
(Clean Access) product. He is responsible for global scalability of the product, documentation, partner/
system engineer training, and critical escalations to ensure successful deployments. Prem has more than
five years of hands-on experience as a systems/network engineer and in implementing managed services
for data center operations. Prior to his current role, he worked at Cisco Technical Assistance Center
(TAC) handling various security products. Prem holds an MS degree in telecommunications from the
University of Colorado-Boulder and a BSEE from the University of Bombay.
Niall El-Assaad , CCIE No. 7493, is the Cisco NAC Appliance product manager for Europe, the Middle
East, and Africa. Niall joined Cisco in 2000 and supported financial services customers with Cisco secu-
rity solutions prior to his current role. Previously, he worked for a Cisco partner as head of the commu-
nications team and for a financial services organization. With more than 14 years of experience in the
communications and security fields, Niall’s areas of expertise include network and host security design
and implementation and routing and switching. His other certifications include CCNP and CCDP.
Sheldon Muir is a consulting systems engineer within Cisco for the Cisco NAC Appliance product.
Sheldon came over to Cisco with the acquisition of Perfigo in November 2004 where, with Perfigo, he
was solely responsible for all technical channel development for North America. Sheldon holds a degree
from UNLV and has been involved in the IT industry for 20 years, holding certifications with manufac-
turers such as Cisco, 3Com, and Juniper/Netscreen, with a supplemental CISSP to his credit. Prior to
working for Cisco and Perfigo, he worked as an area escalation engineer and pre-sales engineer for
3Com, specializing in VoIP during the industry’s early adoption.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin