Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) ® Cisco Network Admission Control (NAC) solutions allow you to authenticate wired, wireless, and VPN users and devices to the network; evaluate and remediate a device for policy compliance before permitting access to the network; differentiate access based on roles; and then audit and report on who is on the network. Product Overview The Cisco NAC Solution is a powerful, easy-to-deploy admission control and compliance enforcement component ® of the Cisco TrustSec solution. With comprehensive security features, in-band or out-of-band deployment options, user authentication tools, and bandwidth and traffic filtering controls, the Cisco NAC Solution is a comprehensive offering for controlling and securing networks. You can implement security, access, and compliance policies through a central management point rather than configure policies throughout the network on individual devices. Features and Benefits The Cisco NAC Solution is an integral component of the Cisco TrustSec. The Cisco NAC Solution: ● Prevents unauthorized network access to protect your information assets Helps proactively mitigate network threats such as viruses, worms, and spyware Addresses vulnerabilities on user machines through periodic evaluation and remediation Brings you significant cost savings by automatically tracking, repairing, and updating client machines Recognizes and categorizes users and their devices before malicious code can cause damage Evaluates security policy compliance based on user type, device type, and operating system Enforces security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without needing administrator attention Applies posture assessment and remediation services to a variety of devices, operating systems, and device access methods including LAN, WLAN, WAN, and VPN Enforces policies for all operating scenarios without requiring separate products or additional modules Supports seamless single sign-on through an agent with automated remediation Provides clientless web authentication for guest users Authentication Integration with Single Sign-On Cisco NAC works with existing authentication sources, natively integrating with Active Directory, Lightweight Directory Access Protocol (LDAP), RADIUS, Kerberos, S/Ident, and others. For the convenience of end users, Cisco NAC supports single sign-on for VPN clients, wireless clients, and Windows Active Directory domains. Administrators can maintain multiple user profiles with different permission levels through the use of role-based access control. © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Device Quarantine Cisco NAC places noncompliant machines into quarantine, preventing the spread of infection while giving the machines access to remediation resources. Through DHCP, inline traffic filters, or a quarantine VLAN, quarantine is achieved. Automatic Security Policy Updates Automatic updates in Cisco’s standard software maintenance package provide predefined policies for common network access criteria. These include policies that check for critical operating system updates, virus definition updates for antivirus software, and antispyware definition updates. This eases the management...

Additional NAC Services The Cisco NAC Solution can be optionally deployed with the Cisco Identity Services Engine for profiling services and the NAC Guest Server. ● Cisco Identity Services Engine (ISE): Cisco ISE provides profiling capabilities that can discover, analyze, and classify in real time all the endpoints connecting to the network. Cisco ISE comes with hundreds of built-in profiles for devices such as IP phones, printers, mobile devices (IPads, IPhones), scanners, and more, making it possible to identify the type of device connecting to the network. Cisco ISE provides the administrator...

The Cisco Secure Network Server family is based on the Cisco UCS C220 M3 Rack Server and is configured specifically to support security applications. The Secure Network Server is an innovative platform that supports these applications in two server configurations: SNS-3415 and SNS-3495. The SNS-3415 is designed to be deployed in small and medium-sized deployments, while the SNS-3495 has several redundant components making it suitable for large deployments needing highly reliable system configuration. Table 2 highlights both the SNS-3415 and SNS-3495 in NAC Server and NAC Manager roles. Table...

Cisco NAC is preconfigured to offer policy checks for more than 350 applications from 50 vendors. This list is constantly being expanded; visit http://www.cisco.com/en/US/products/ps6128/prod_release_notes_list.html for the latest supported applications (listed under “Cisco NAC Appliance Supported AV/AS Product List”). Note: Not all check types are supported for all products, and some vendors do not support Windows 9x. In addition to the preconfigured checks, you have full access to the Cisco NAC rules engine and can create any custom check or rule for any other third-party application. Service...