The goal of a Network Admission Control (NAC) solution in its simplest form is to provide a means to validate that network endpoints are in compliance with the organization’s security policy. Cisco Systems offers two methods of performing NAC: NAC Framework and NAC Appliance.
Download this PDF in its entirety. Registration with the Fast Lane Community site is required.
White hot sand dominates the parched desert floor below--a patchwork quilt of bleached beige and muted mineral hues separated by bone dry washes, sand scored ravines, and sun weathered rock fields. The setting sun sits low on the horizon of this desolate sand-scape, painting a baby blue sky with dusty red-orange rays. Finger-like shadows seem to grow among the rolling desert hills, stretching to reach the darkened base of a distant mountain range. The blistering heat of the day has already begun to lose some of it’s intensity, fading with the approach of nightfall and destined to drop by as much as 50 degrees from the day’s 134 degree high. I’m in Northern Iraq, but with the alien harshness of the environment it might as well be somewhere on the surface of Mars in July at midday.
Download this PDF in its entirety. Registration is required.
ONE of the most challenging aspects in managing an IPS installation is tuning the sensor appliances to your unique mix of applications and protocols. An un-tuned sensor can be very frustrating because hundreds or even thousands of high-severity signatures fire each day. But after investigation, most events are determined to be false alarms. In IPS vernacular, those alarms are called false positives. If sensors remain un-tuned, analysts will eventually disregard the findings of the sensor as unreliable.
Download this PDF in its entirety. Registration is required.
I often hear a similar story from customers about their Cisco Intrusion Detection implementations. At first they are excited about the great things they will be able to do with IPS, but like children with a new puppy, their enthusiasm for the implementation wanes as they realize the need for ‘care and feeding’. Many times the sensor becomes ‘shelfware’ and is unused.
The truth is ongoing tuning of the sensor(s) is necessary to accommodate changes to your network and respond to the evolving threat landscape. An old security axiom goes something like, “if you log it, you should read it”. This means that if you want to benefit from IPS protection, someone needs to monitor and tune the device.
Download this PDF in its entirety. Registration is required.
