Ibm Tivoli and Cisco Manual de usuario Pagina 237
- Pagina / 516
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Chapter 7. Network enforcement subsystem implementation 219
2. Fill in the user name and password fields, and click Grant All to give all
configuration rights to the administrator. If desired, an administrator’s
privileges can be limited to individual groups and components in order to have
separate administrators for different parts of the network and network
policies.
Click Submit to complete the process.
Figure 7-5 Administration privileges
Cisco Secure ACS certificate setup
ACS should be configured with a digital certificate for establishing client trust
when challenging the client for its credentials. Cisco Secure ACS uses the X.509
v3 digital certificate standard. Certificate files must be in Base64-encoded X.509
format or Distinguished Encoding Rules (DER)-encoded binary X.509 format.
Also, Cisco Secure ACS supports manual certificate enrollment and provides the
means for managing a certificate trust list (CTL) and certificate revocation lists
(CRL). You must complete a certificate installation process and restart Cisco
Secure ACS before beginning the PEAP configuration.
- Building a Network 1
- Access Control Solution 1
- IBM Tivoli and Cisco Systems 3
- January 2007 3
- Second Edition (January 2007) 4
- “Notices” on page vii 4
- Contents 5
- Contents v 7
- Trademarks 10
- Network 11
- Admission Control 11
- Preface xi 13
- Become a published author 14
- Comments welcome 15
- Summary of changes 17
- Architecture 19
- Business context 21
- IBM Integrated 22
- Cisco Self-Defending Network 23
- Endpoint 23
- Compliance & Remediation 23
- 1.7 Conclusion 28
- Architecting the solution 31
- 2.1.1 Architecture overview 32
- Network Admission Control 33
- Security Compliance Manager 35
- Tivoli Configuration Manager 37
- Security policy 37
- Compliance query 37
- Compliance User Interface 38
- Remediation handler 38
- Quarantined 39
- Cisco NAC and IEEE 802.1x 40
- Using Cisco terminology 41
- Posture agent 42
- Network identity provisioning 42
- Remediation process 43
- Internet 45
- 2.3 Design process 46
- Creation 49
- Implementation 49
- 2.3.3 Solution objectives 50
- Default network 51
- Quarantine access 52
- Trusted network 52
- Performance controls 52
- 2.4 Implementation flow 53
- 2.6 Conclusion 55
- Component structure 57
- 3.1 Logical components 58
- Posture validation server 59
- Figure 3-2 ACS architecture 60
- Policy enforcement device 61
- Admission control client 61
- 3.1.2 Compliance 64
- Compliance client 66
- Posture collector 67
- 3.1.3 Remediation 69
- 3.2 Physical components 70
- Network access device 72
- Network Access Profiles 76
- Remediation (flow 4) 79
- 3.3.1 Secure communication 80
- 3.4 Component placement 81
- Figure 3-8 Security zones 82
- Controlled zone - intranet 84
- Other networks 84
- Branch office compliance 85
- Campus internal enforcement 86
- Branch Office Compliance 87
- (Campus Ingress Enforcement) 87
- SOHO Compliance 88
- (PAT access protection) 88
- Extranet compliance 89
- Lab compliance 90
- Data Center protection 91
- 3.5 Conclusion 92
- Customer 93
- Armando Banking Brothers 95
- Corporation 95
- 4.1 Company profile 96
- 4.2 Current IT architecture 97
- Uncontrolled zone - Internet 98
- Controlled zone - DMZ 98
- Controlled intranet 98
- Production network 98
- NAC Framework 98
- NAC Appliance 100
- Firewall 104
- Project overview 106
- 4.4 Conclusion 109
- Solution design 111
- 5.1 Business requirements 113
- 5.2 Functional requirements 114
- Remediation 117
- Production 117
- Compliance 117
- Security compliance criteria 118
- Remediation services 118
- 5.3.1 Logical components 120
- Enforcing compliance criteria 127
- Posture token 128
- Healthy indicates that the 132
- Performing remediation 133
- 5.3.2 Physical components 134
- Compliance subsystem 135
- Access Control Server 136
- NAC-enabled network device 138
- Layer 2 devices 138
- Layer 3 devices 138
- Cisco Trust Agent 139
- Remediation subsystem 140
- Software Package Web Server 140
- 5.4 Conclusion 141
- Figure 6-11, click Next 155
- English and click Next 159
- 6.2.1 Posture collectors 171
- 6.2.2 Policy collector 172
- Figure 6-34, click Next 177
- Figure 6-37 Policies view 180
- Rule operators 192
- Rule results 193
- Rule format 193
- TCMCLI utility policy 207
- 6.3.1 Cisco Trust Agent 208
- 6. Click Next (Figure 6-66) 214
- (Figure 6-71) 219
- 6.4 Conclusion 230
- Network enforcement 231
- Installing Cisco Secure ACS 233
- Configuring logging 244
- client 247
- Figure 7-16 AAA clients 251
- Figure 7-18 AAA Clients 253
- Configuring RADIUS attributes 254
- Configuring groups 255
- Figure 7-21 Group Setup 256
- Configuring users 257
- Internal Database 258
- Global authentication setup 259
- (Figure 7-24 on page 241) 260
- 6. Click Submit + Restart 261
- To do this: 262
- Token (APT) of 268
- Figure 7-33 on page 251 268
- (Figure 7-33) 269
- Figure 7-35 271
- 12.Click Done 271
- 27.Click Done (Figure 7-44) 280
- Allow any Protocol 289
- Grant access 290
- NAC_IISSCN_Posture_Profile 292
- Healthy PA message: 294
- 24.Click Submit 300
- External User Database 301
- Unknown user policy 301
- Clientless user 301
- Figure 7-64 Naming of ACL 303
- 7. Click Submit 304
- Figure 7-66 Binding the ACL 305
- Router# 321
- 7.2.1 Installing CCA Agent 322
- The steps are: 325
- (Figure 7-77) 327
- Figure 7-82 Managed subnets 332
- Configure default login page 333
- Configuring a Switch Group 334
- 3. Click Add 335
- Configuring a switch profile 337
- Configuring Port Profile 338
- Configuring SNMP receiver 341
- Adding a managed switch 342
- IP Address box, and a 343
- Figure 7-94 Managed switch 344
- Defining user roles 345
- Creating traffic policies 347
- Access to TCM 349
- Creating local users 350
- Configure Clean Access Agent 352
- Figure 7-106 New rule 356
- Validity 358
- Figure 7-109 Requirements 359
- 26.Click Update 363
- Discovered clients 364
- Logging on as a client 365
- Continue 367
- 7.3 Conclusion 372
- 8.2.1 Prerequisites 376
- Figure 8-16 Welcome window 394
- is False) and click Next 401
- IISSCN Extension Pack2 for 404
- 8.3.1 Locating HTML 416
- Base HTML 418
- Posture item HTML 418
- HTML pages example 419
- Posture element HTML 420
- The wfattribute tag 421
- The field Tag 421
- The remattribute tag 422
- 8.3.3 Debug attributes 424
- Logging posture items 425
- Logging the HTML search path 426
- TCRNavScan workflow 436
- TCRNavVirusDefUpdate 441
- TCRNavSoftwareInstalled 443
- TCRMSPatchesInstallWinXP 444
- HotfixId 446
- TCRZLSoftwareInstalled 450
- TCRZLSoftwareRunning 452
- TCRMessengerDisabled 453
- 8.5 Conclusion 455
- Appendixes 457
- Hints and tips 459
- Deployment overview 460
- Top-level sequence of events 462
- Cisco NAC sequence of events 465
- Fault isolation 466
- SCM Push Client 468
- Tools and tricks 469
- Cisco IOS Software router 470
- Cisco IOS Software switch 470
- Cisco Secure ACS server 471
- NAC Appliance details 473
- In-band versus out-of-band 474
- NAC Appliance integration 475
- Integration design 476
- NAC Appliance Agent 477
- TSCMAgent.bat 478
- NACApplianceCompliance.entry 478
- Policy collector 478
- Scheduler 479
- System path 481
- Scheduler.bat 481
- NAC Appliance Manager 482
- State mapping and scenarios 483
- Conclusion 488
- Executive summary 490
- The benefit of NAC 490
- NAC implementation options 492
- The NAC Appliance 493
- NAC Framework solution 494
- Investment protection 494
- The next steps 496
- NAC technology 496
- NAC Framework components 497
- Additional material 499
- Using the Web material 500
- Related publications 501
- Online resources 502
- How to get IBM Redbooks 502
- Help from IBM 503
- Numerics 505
Relacionado con productos y manuales para Hardware Ibm Tivoli and Cisco
Hardware Ibm SY27-0345-06 Manual de usuario
(148 paginas)
(148 paginas)
Hardware Ibm 19K4206PT1 Manual de usuario
(10 paginas)
(10 paginas)
Hardware Ibm 22P6972 Manual de usuario
(46 paginas)
(46 paginas)
Hardware Ibm B50 Manual de usuario
(198 paginas)
(198 paginas)
Hardware Ibm WebSphere Adapters Manual de usuario
(226 paginas)
(226 paginas)
Hardware Ibm 22P6959 Manual de usuario
(50 paginas)
(50 paginas)
Hardware Ibm Ultra320 Manual de usuario
(54 paginas)
(54 paginas)
Hardware Ibm 09-0572-000 Manual de usuario
(101 paginas)
(101 paginas)
Hardware Ibm EP-8KTA Manual de usuario
(73 paginas)
(73 paginas)
Hardware Ibm 28L2234 Manual de usuario
(66 paginas)
(66 paginas)
Hardware Ibm 71P7285 Manual de usuario
(77 paginas)
(77 paginas)
Hardware Ibm CFC2 Manual de usuario
(154 paginas)
(154 paginas)
Hardware Ibm 2292 Manual de usuario
(230 paginas)
(230 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.064 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales