IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

58 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

 Cisco Secure ACS policy creation (1d)

An ACS policy consists of rules that must match required posture criteria.

Depending on the matched criteria, a token is assigned to the network client

that requires validation. The token results in the network client being

dynamically assigned to a group. Based on the

Network Access Profiles

configured on the ACS, the group has an access policy (for example, an ACL

or a RAC) associated with it. Thus depending on the client’s posture, the ACS

assigns an access policy to the client that is enforced by the NAD.

An example of such

posture criteria in our solution is to match the OS type,

the Security Compliance Manager Policy_Version noted in step 1b, and the

violation count to a predetermined value defined by the enterprise policy. This

criteria must be deployed as a policy on the ACS. The ACS policy also has a

feature to provide an action parameter with each rule. Whenever a new

Security Compliance Manager policy is deployed, the ACS Server’s policy

must be updated with the new Policy_Version as noted at the Security

Compliance Manager server in 1b.

 NAD configuration deployment (1e)

The NAD should be a NAC-compliant hardware device with specific software

that supports NAC. It has to be deployed at the appropriate network points.

The NAD must be deployed with a NAC-related configuration.

Posture collection process (flow 2)

After the policy has been deployed in the various subsystems, the next step is to

collect the posture compliance from the clients. This is the posture collection

process:

 Posture collection (2a)

The policy that has been deployed to the clients in process 1c includes

posture collectors that are responsible for determining the client’s posture.

The posture collector determines the client’s posture status by comparing the

required posture data value with collected posture data.This data is stored in

the posture cache.

 Violation count (2b)

The policy collector determines the number of violations. The number of

violations and the policy collector version, which form the posture credentials,

are passed on to the Cisco Trust Agent when it queries the Security

Compliance Manager client. The policy collector passes the posture

credentials to the Cisco Trust Agent using a posture plug-in.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual