IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

20 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

tables that contain data gathered by the collectors. In a generic Security

Compliance Manager deployment, the compliance queries are evaluated on the

server, but with NAC-enabled clients using new posture collectors they can also

be evaluated on the client. A compliance query is written to return a list of policy

violations.

The results of the compliance queries associated with a particular policy can be

used on the Security Compliance Manager server to provide a current picture, or

snapshot, of the level of compliance for all clients in a client group. The results of

the compliance queries evaluated locally on the client are passed as a posture

status. They define the client’s compliance status.

Compliance User Interface

When a client is found to be out of compliance, the Tivoli Security Compliance

Manager Client opens a window that notifies the user of the violation and

provides a means to invoke the remediation process. This user interface includes

a functional Web browser that supports customized HTML content that can assist

the user in remediating. In addition, if an automated remediation handler is

installed, a button to start automated remediation is presented to the user.

Remediation handler

A remediation handler performs the functions of communicating with the

remediation server to download remediation content, installing downloaded

content and providing respective notification to the user.

Network Admission Control process

The following are the conceptual steps of the Network Admission Control

process. Figure 2-3 on page 21 displays the result of what happens to compliant,

noncompliant, and clientless devices.

 A user tries to connect (remotely or locally) to the corporate network.

 A Network Access Device (NAD) challenges the client for compliance posture

information.

 The Security Compliance Manager policy-enabled

client communicates with

the NAC system.

 The NAC system

validates the client’s health (posture) based on predefined

rules.

 The NAC system either admits the client to the network if it complies with all

of the policies or quarantines the client, allowing access only to a remediation

network if the client is not complying with the policies.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual