IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

Chapter 5. Solution design 115

SVIs. Each Shared RADIUS Authorization Component had a corresponding ACL

defined on the NAD. The example below shows the configuration used for the

Healthy Engineering VLAN and the Quarantine Sales VLAN.

access-list 120 remark **Healthy Engineering VLAN ACLs**

access-list 120 deny ip any 192.168.13.0 0.0.0.255

access-list 120 deny ip any 192.168.14.0 0.0.0.255

access-list 120 deny ip any 192.168.15.0 0.0.0.255

access-list 120 permit ip any any

access-list 130 remark **Quarantine Sales VLAN ACLs**

access-list 130 permit icmp any host 192.168.9.220

access-list 130 permit icmp any host 192.168.104.10

access-list 130 permit ip any host 192.168.9.220

access-list 130 permit ip any host 192.168.104.10

access-list 130 permit udp any eq bootpc any eq bootps

access-list 130 deny ip any 192.168.11.0 0.0.0.255

access-list 130 deny ip any 192.168.12.0 0.0.0.255

access-list 130 deny ip any 192.168.14.0 0.0.0.255

access-list 130 deny ip any 192.168.15.0 0.0.0.255

access-list 130 permit tcp any any eq www

access-list 130 permit tcp any any eq domain

access-list 130 deny ip any any log

Note that the Healthy Engineering VLAN ACL has three deny entries before the

permit statement. This is to stop any member of this VLAN trying to initiate any

connections to any of the Quarantine VLANs, as an added security measure.

Similarly, note that the Quarantine Sales VLAN ACL allows the Security

Compliance Manager and Tivoli Configuration Manager to be pinged, as a check

for network connectivity, and also allows IP access to just the Security

Compliance Manager and Tivoli Configuration Manager. This is for receiving an

updated policy and other automated remediation tasks.

Performing remediation

Now that the Security Compliance Manager and ACS policies have been

configured, the next step is to prepare the appropriate remediation workflows.

The operations team based on the names of the workflows assigned during

policy creation have to design and deploy the set of software package blocks also

known as remediation packages or workflows on Tivoli Configuration Manager

server. These steps require the remediation server to be installed and

operational. Detailed procedures for setting up the remediation server are

described in Chapter 8, “Remediation subsystem implementation” on page 355.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual