Filter
Top Products
88 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
In the practice of IT security, it is possible to design an extremely secure,
hardened system. However, this apex of maximum security will likely incur a cost
of reduced system usability. Likewise it is possible to create a very user friendly,
highly accessible network, but at a cost of reduced security. The IT Security
Administrator must strive to strike a balance between these extremes. The
introduction of a Network Admission Control system is a new technology for
most, if not all, companies today. Armando Banking Brothers is no exception.
To implement the whole solution, ABBC has to designate the project, which will
consist of three teams, each of them responsible for implementing one of the
three parts presented below:
Compliance team primarily responsible for implementing the corporate
security policy for desktops in Tivoli Security Compliance Manager. This team
will maintain the security policy, run the compliance audits, and operate the
Tivoli Security Compliance Manager server.
Network team responsible for configuration and maintenance of the Network
Admission Control components enforcing the compliance to the security
policy for the workstations connected to the ABBC’s corporate network. This
team is also responsible for network design allowing the noncompliant
workstation to access the resources necessary for remediation as well as for
the guest network access required by partners and contractors.
Operations team responsible for user workstation configuration and user
support. Part of their job is to maintain compliance of the user's workstations.
They will facilitate this process by operating the remediation server that is
already in use at ABBC: IBM Tivoli Configuration Manager. Enhanced,
automated remediation capability provides a way to minimize user frustration,
rising help-desk costs, and loss of user productivity.
Project overview
Table 4-1 provides a high-level overview of the major ABBC project parts and
project steps. Remember, ABBC is a hypothetical company. There are many
more steps, substeps, and considerations in an actual deployment. IBM always
recommends the procurement of qualified service consultants as well as
utilization of the IBM Solution Assurance Review Process.
Table 4-1 High-level project overview
Action Notes Reference
Part I - Security compliance server
Tivoli Security
Compliance Manager
setup.
Detailed steps for a
Security Compliance
Manager server
installation.
6.1, “Tivoli Security
Compliance Manager
setup” on page 126