The outside sales reps from your company use notebook computers, tablets, and phones to connect to the internal company network.

While traveling, they connect their devices to the Internet using airport and hotel networks. You are concerned that these devices will pick up viruses that could spread to your private network. You would like to implement a solution that prevents devices from connecting to your network unless antivirus software and the latest operating system patches have been installed. When a host tries to connect to the network, the host should be scanned to verify its health. If the host is not healthy, then it should be placed on a quarantine network where it can be remediated. Once healthy, the host can then connect to the production network. Which solution should you use?

Answer:

NAC

Network Access Control (NAC) prevents devices from accessing network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have:
•Antivirus software with uptodate definition files.
•An active personal firewall.
•Specific operating system critical updates and patches.
A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or can be given restricted access to a quarantine network, where remediation servers can be contacted to help the client to become compliant.
A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the Internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch ports. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A networkbased IDS (NIDS) scans network traffic looking for intrusion attempts. Network Address Translation (NAT) modifies the IP addresses in packets as they travel
from one network (such as a private network) to another (such as the Internet).

Get instant access to
all materials

Become a Member