Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
31323334353637383940
1-14
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 1 Introduction
Client Posture Assessment Overview
Note The Cisco NAC Agent does not support Nessus-based network scanning.
Step 5 Test your configurations for user roles and operating systems by connecting to the untrusted network
as a client. Monitor the Certified Devices List, Online Users page, and Event Logs during testing. Test
network scanning by performing web login, checking the network scanning process, the logout page, and
the associated client and administrator reports. Test the Agent by performing the initial web login and
Agent download, login, Requirement checks and scanning, and view the associated client and
administrator reports.
Step 6 If needed, manage the Certified Devices List by configuring other devices, such as floating or exempt
devices. Floating devices must be certified at the start of every user session. Exempt devices are always
excluded from Network Scanning (Nessus scans). See Manage Certified Devices, page 11-10.
For more information, see:
Configuring Agent-Based Posture Assessment, page 9-39
Network Scanning Implementation Steps, page 12-3
Cisco NAC Appliance Agents
Cisco NAC Agent
The Cisco NAC Agent provides local-machine Agent-based posture assessment and remediation for both
32- and 64-bit Windows operating systems and supports “double-byte” character formats that, along
with full UTF-8 compliance, enable the you to offer native client-side localization for a number of
common languages. (For a list of supported languages, see Cisco NAC Agent XML Configuration File
Settings, page 9-23.) Users must download and install the Agent, which allows for visibility into the host
registry, process checking, application checking, and service checking. The Agent can be used to
perform AV/AS definition updates, distribute files uploaded to the Clean Access Manager, or distribute
links to websites in order for users to fix their systems.
Note There is no client firewall restriction with Cisco NAC Agent posture assessment. The Agent can check
client registry, services, and applications even if a personal firewall is installed and running.
Cisco NAC Agent client machine login and session behavior is determined by settings specified in the
NACAgentCFG.xml Agent configuration file, residing in the install directory on the client machine.
(The default install directory on Windows XP is C:\Program Files\Cisco\Cisco NAC Agent\. However,
you or the client machine user may specify a different directory.) You can customize the settings in the
NACAgentCFG.xml file according to the parameters outlined in Cisco NAC Agent XML Configuration
File Settings, page 9-23, or you can let the Cisco NAC Agent construct its own Agent configuration
XML file using default settings.
The Cisco NAC Agent provides the following support:
Easy download and installation of the Agent on the client via initial one-time web login. The Agent
installs by default for the current user and all other users on the client PC.
Posture assessment support for both 32- and 64-bit Windows operating systems (prior releases of
Cisco NAC Appliance only provided authentication support for 64-bit Windows operating systems)