Professional Documents
Culture Documents
|
!
" #
$%
'
servers and desktops are too common,
and they are difficult to detect and contain
Rlleviates patching and signature update
pressure with behavior-based protection
technology
Network Rdmission Control
°reserves enterprise resilience by auditing and
enforcing adherence to corporate endpoint
security policies when accessing the network
!
"#
$
Limit the severity of infections by reducing the
response time spent identifying and isolating
infected systems, and cleansing traffic
*++
$
%&
,
-
$
%
,
- is Cisco-led, multi-partner
program focused on limiting damage from emerging security threats
such as viruses and worms
In NRC, customers can allow network access only to compliant and
trusted endpoint devices (e.g. °Cs, servers, ° Rs) and can restrict
the access of non-compliant devices
The endpoint device is interrogated for its security posture and
compliance with policy
The network will then determine the appropriate admission
enforcement decision: permit, deny, quarantine, restrict
NRC is the first phase of the Cisco Self- efending Network Initiative,
an effort designed to dramatically improve the ability of networks to
identify, prevent, and adapt to threats
These efforts extend Cisco¶s ability to provide secure, intelligent
networks for customers
[
ü%
.
* RNCH O CR°S
CR°S
Corporate Net
å
ü
!
* RNCH CR°S
Corporate Net
emediation
Cisco
Trust Quarantine VLRN
Rgent
$*++
|
%&
è
%
23"
4'+1 $
"%
|
*++
$
%&
|
è)
Late Q2CY4
Network
Rccess
evice
onitoring &
eporting
|
'
'
"
Initiates full validation with CTR using ER°o ° when intercept RCL is
triggered (similar to Ruth °roxy) and periodically thereafter while data
path active
elays posture credentials to RRR server using R IS
eceives configuration info from RRR server (RCL, L-redirect) and
enforces on interface
°olls CTR status with Status Query periodically to see if it is still the
same client at same I° address
°erforms full validation periodically
Supports exception list based on I° or RC address
Sends request to RRR Server for clientless hosts (ER°o ° time-out)
and receives configuration info
The router is the policy enforcement point
|å
5
$
Cisco 75xx ?
NRC support available in 12.3(4th)T (°i4 Cisco 72xx ate
release) IOS images with Security Cisco 535, 54, 55 Yes *
Rdvanced Security , Rdvanced Services, and
Rdvanced Enterprise images Cisco 45 No
Cisco 3745, 3725 Yes
°latform support in table to right
Cisco 366-CO Series No
ate ± °lanned, date T* , maybe post °hase 1 FCS
? ± Still being investigated and possibly post °hase Cisco 366-ENT Series Yes *
1 FCS Cisco 364364R Yes *
Yes * - older platforms that only have NRC support Cisco 362 No
in the Classic IOS FW Feature Sets in 12.3T, these
outers do not have the Rdvanced newer images in Cisco 2691 Yes
12.3T
Cisco 26X odels Yes
For 17 platforms show in the table, support
planned on following images in addition to the Cisco 26 non-X odels No
images above: Cisco 171,1711, 1712, 1721,
Yes
I°R SLI°XRTI*VOXFWI S °lus I°Sec 3 ES, 1751, 1751-V, 176
I°R SLI°XRTI*FWI S °lus I°Sec 3 ES,
I°R SLVOXFWI S °lus I°Sec 3 ES, I°R SLFWI S Cisco 175, 172, 171 No
°LS I°Sec 3 ES
Cisco 3x ate
|
$%2
$
I° *ase
|
$+,$-
|
NRC-Enabled Rpplications
Cisco Security Rgent
NRI cRfee Rntivirus
Symantec Rntivirus
Trend icro Rntivirus
Cisco Trust Rgent
No cost component
Support for Windows 2, X° and NT
To be distributed by Cisco and partners, potentially
bundled with RV solutions
RRR Server - Cisco RCS v3.3
onitoring & eporting ± CiscoWorks SIS