Security Solutions
2-25
Customer Needs Assessment
Evaluate the Existing Network Environment
software or a personal firewall. It could also ensure that the endpoints
attaching to your network are running the patches for their OS and applica-
tions.
Although this design guide does not focus on the other security mea-
sures—namely Virus Throttle software, IPS/IDS, and Network Immunity Man-
ager—you can take to protect your network, you should evaluate such
measures in your overall network security strategy. Protecting today’s net-
works requires a layered approach. Network access control is a critical layer,
but you should not ignore the other layers.
Evaluate the Existing Network
Environment
As you plan your network access controls, you must evaluate the equipment
on the network. The type of equipment and its capabilities directly affect both
network access controls and endpoint integrity. For example, you must know
the capabilities of your company’s switches before you can select an access
control method. You must also know which OSs and applications your com-
pany is using before you begin to define the requirements for endpoints
attaching to your network.
Size
To begin with, you want to know the size of the network. Does the network
span multiple locations? If yes, how many locations or offices are there?
How many endpoints are there at each location? How many switches? How
many wireless access points (APs)?
Edge Devices
You also need to know the capabilities of each edge device. Which authenti-
cation methods do your switches support? 802.1X, MAC authentication (MAC-
Auth), and Web-Auth? Do they support local MAC-Auth or Remote Authenti-
cation Dial-In User Service (RADIUS) MAC-Auth? These capabilities not only
affect network access but also the deployment method you use for the NAC
800. (For more information about NAC 800 deployment methods, see
Chapter 1: “Access Control Concepts.”)