Cisco Network Admission Control (NAC) solutions allow network administrators to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops, and other corporate assets are compliant with an organization's security policies, and it repairs vulnerabilities before permitting access to the network.
Cisco NAC Manager is a centralized, web-based console for establishing roles, checks, rules, and policies. The Cisco NAC Lite Manager manages up to three Cisco NAC servers.
Authentication integration with single sign-on
Cisco NAC serves as an authentication proxy for most forms of authentication, natively integrating with Kerberos, Lightweight Directory Access Protocol (LDAP), RADIUS, Active Directory, S/Ident, and others. To minimize the inconvenience to end users, Cisco NAC supports single sign-on for VPN clients, wireless clients, and Windows Active Directory domains. Administrators can maintain multiple user profiles with different permission levels through the use of role-based access control.
Cisco NAC supports scanning of all Windows, Mac OS, and Linux-based operating systems and machines, as well as non-PC networked devices such as game consoles, PDAs, printers, and IP phones. It conducts network-based scans or can use custom-built scans as required. Cisco NAC can check for any application as identified by registry key settings, services running, or system files.
Cisco NAC can place noncompliant machines into quarantine, which prevents the spread of infection while enabling the machines to maintain access to remediation resources. Quarantine can be accomplished by using subnets as small as /30, or by using a quarantine VLAN.
Automatic security policy updates
Automatic security policy updates that are part of Cisco's standard software maintenance package provide predefined policies for the most common network access criteria, including policies that check for critical operating system updates, common antivirus software virus definition updates, and common anti-spyware definition updates. This eases the management cost for network administrators, who can rely on Cisco NAC to constantly maintain updated policies.
The Cisco NAC web-based management console allows administrators to define the types of scans required for each role, as well as the related remediation packages necessary for recovery. One management console can manage multiple servers.
Remediation and repair
Quarantine gives devices access to remediation servers that can provide operating system patches and updates, virus definition files, or endpoint security solutions such as Cisco Security Agent. Administrators can enable automated remediation through the optional agent, or specify a series of remediation instructions. In addition, Cisco NAC delivers user-friendly features, such as the monitoring mode and silent remediation, to minimize user impact.
Flexible deployment modes
Cisco NAC offers the broadest array of deployment modes to fit into any customer network. Customers can deploy the product as a virtual or real IP gateway, at the edge or centrally, with Layer 2 or Layer 3 client access, and in-band or out-of-band with network traffic.