+ Reply to Thread
Results 1 to 7 of 7
  1. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #1

    Default Posture Assessments

    What does it mean to perform a posture assessment and why is the NAC used to perform them on unknown devices that connect to the network? This may be more of a security question but it was on my N+ practice exam. Thanks in advance.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Dec 2005
    Location
    somewhere in cyberspace
    Posts
    125

    Certifications
    A+ certified
    #2

    Default NAC and posture aassesment

    The posture assessment is the evaluation of system security based on the applications and settings that a particular system is using.

    Network Admission Control - Wikipedia, the free encyclopedia
    http://www.opus1.com/www/whitepapers/nac_deployment.pdf

    Since it perfprms evaluation based on the application settings for that particular system, most devices signatures stored in Windows registry, so if a device signature is not found NAC can block it.
    Last edited by sys_teck; 02-12-2012 at 11:07 PM. Reason: addition
    Reply With Quote Quote  

  4. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #3
    Good research sys_teck.

    It seems rather deep for Network+, but here's a little more.

    Network access control (NAC) will often inspect the "health" of clients when they connect. Health is based on pre-configured conditions and can be considered a posture assessment, or assessing the current state of the client.

    For example, when a computer connects, NAC can inspect the computer to determine if patches are up-to-date, if antivirus software is installed, running, and has up-to-date signatures, and if the firewall is enabled. If the computer passes all these tests it passes the assessment and is given a health certificate. The computer can use this health certificate to access the network. If the computer doesn't meet the assessment, it doesn't get a health certificate and is only granted limited access to the network. In some cases, it will be granted access to a quarantined network where it can access resources to get healthy.

    Here's another example.

    Imagine a company regularly has visitors that bring their laptops and these visitors want to connect to the Internet through the wireless network. NAC can be used to determine if these devices are known or unknown by simply checking to see if they can authenticate. Internal computers will have accounts and passwords and authenticate when they connect to the network, but visitor computers will not have computer accounts in the network and are unknown. Unknown computers can be restricted to a quarantined network that provides access to the Internet, but no access to internal system resources. Known computers (computers that can authenticate) can be checked for health before being granted full access to the network.

    HTH,
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2005
    Location
    somewhere in cyberspace
    Posts
    125

    Certifications
    A+ certified
    #4
    Darril

    I agreed. Seems to me that its crossover between Network+ and Security+. still good.
    Reply With Quote Quote  

  6. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #5
    Darril, your first example seems a lot like what Kerberos does with the granting of tickets. With the second example, the restricting of computers to a quarantined area seems familiar. I may have heard about it on a CBT video but I don't know if it had anything to do with this. On a completely different note, does your security book come with a PDF?

    Sys-tech, thanks for your response and good-luck with your exam. I should be taking mine this week. I'm just waiting for the place I'm taking it to get a new shipment of vouchers.
    Reply With Quote Quote  

  7. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #6
    Quote Originally Posted by RoyalTech View Post
    Darril, your first example seems a lot like what Kerberos does with the granting of tickets.
    They may sound similar, but Kerberos and NAC are used for different purposes. Kerberos primarily uses tickets for authentication. In other words, Kerberos provides a method for secure authentication so that clients can prove their identity. Once an identity is known, users are granted access based on their proven identity.

    In contrast, NAC controls access based on other factors and is not used for secure authentication. NAC may check to see if the client authenticated, but NAC is not part of the authentication process. Another difference is that Kerberos is a standardized protocol (V5 is specified in RFC 4120). NAC isn't a protocol or standard, but rather a group of different methods used to control network access. I gave a couple of detailed examples of NAC but it can be as simple as using MAC address filtering on a network device for port security.


    Quote Originally Posted by RoyalTech View Post
    With the second example, the restricting of computers to a quarantined area seems familiar. I may have heard about it on a CBT video but I don't know if it had anything to do with this.
    The quarantined area is often associated with a restricted network that includes resources to help make a client healthy. For example, it may have a server that can deploy patches to bring a system up-to-date, or a with antivirus software and up-to-date signature files that the client can use to install.

    The phrase "quarantined network" or "quarantined area" may be used elsewhere, but right now I'm drawing a blank.

    Quote Originally Posted by RoyalTech View Post
    On a completely different note, does your security book come with a PDF?
    Sorry, but no. Adding a CD/DVD would have increased the cost of the book too much and no PDFs are available for the book. I instead decided to make the Kindle available for only $9.99. Some people want both the paperbook and the Kindle. Some people just get one or the other. A cool thing about the Kindle edition is that a Kindle isn't needed. Amazon provides free applications that work on just about any platform for Kindle ebooks so people can read Kindle ebooks on their computer or mobile device.

    HTH
    Reply With Quote Quote  

  8. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #7
    Quote Originally Posted by Darril View Post
    Sorry, but no. Adding a CD/DVD would have increased the cost of the book too much and no PDFs are available for the book. I instead decided to make the Kindle available for only $9.99. Some people want both the paperbook and the Kindle. Some people just get one or the other. A cool thing about the Kindle edition is that a Kindle isn't needed. Amazon provides free applications that work on just about any platform for Kindle ebooks so people can read Kindle ebooks on their computer or mobile device.

    HTH
    That's a shame as I live on PDFs. I'm still very interested in your book though as it seems highly rated and I love the explanations you give me here.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks