tailieunhanh - Network Access Control For Dummies

Welcome to Network Access Control For Dummies. It s a scary networking world out there, and this book provides you with a working reference for understanding and deploying what type of network access control (NAC) is best suited for your network and you. Because you re holding this book, you already know that security issues exist out there — and you ve probably, maybe frantically, attempted to protect the network you re responsible for from the scenarios that get printed on the front page | Intrusion detection and prevention (IDP), or intrusion prevention systems (IPS), have become increasingly popular in recent years, especially when vendors respond to early challenges in the NAC market, such as perceived deployment and usability difficulties. Many large organizations have now fully deployed IDP/IPS, but prior to NAC, those solutions were somewhat limited in their abilities to prevent new attacks from occurring against the corporate network. You can configure all IPS sensors to drop malicious or otherwise unwanted traffic on the network. For example, if a particular endpoint launches an attack against an application server in a corporate datacenter and the IPS detects that traffic as malicious, the IDP/IPS can respond by dropping the traffic as configured in its policies. Although that response is sufficient, for certain situations, you might want to go even further in order to prevent future attacks on the network. NAC can help you to take information from your IDP/IPS device, and use it to take action on end user access as a result of attacks or other unwanted behavior.