【正文】 no latency, switch integration Infrastructure Independent: All works, All devices, All OSs Zero Day protection without signatures Agentless: Easy to Deploy and Manage Quarantines without switch integration Patented technology Check on Connect PreAdmission Zero Day Threat Prevention Post Admission Policy Enforcement 43 CONFIDENTIAL Thank You 演講完畢，謝謝觀看！ 。 effective both pre and post admission ? Cons: If implemented improperly work equipment can misidentify this as an attack and drop this traffic 31 CONFIDENTIAL Today’s NAC Landscape Evolving proprietary standards ? Cisco Network Admission Control (CNAC) ? Three critical elements Cisco Trust Agent (CTA), updated Network Access Device (NAD), Cisco Access Control Server (ACS) ? Integration with endpoint agents to municate with ACS regarding appropriate access level to the work ? Microsoft Network Access Protection (NAP) ? Available in Vista ? Endpoint needs System Health Agent (SHA) ? SHA reports to System Health Validator (SHV) to do policy checks ? Network isolation through enforcement integrations – DHCP Quarantine Enforcement Server (QES) – VPN QES – Trusted Network Connect open standard ? TNC pliant client required on endpoints ? Policy Decision Point (PDP) for security policy parisons ? Policy Enforcement Point (PEP) for quarantining 32 CONFIDENTIAL Summary NAC is an evolving technology space Know what problems are most important to address ? Unknown/unauthenticated user control ? Policy enforcement for endpoints ? Preventing threats on your work Understand implementation tradeoffs ? Quarantine flexibility ? Performance impact ? Cost of solution ? IT effort to implement Keep track of early evolving standards 33 CONFIDENTIAL About Mirage Background Key Acplishments Company Highlights ? First GA Product: January, 2023, V3 Launched in July, 2023 ? Acquisition of WholePoint Corporation Dec 04 ? 1 NAC Patent Granted。 May require additional integration with work for mitigation because of this ARP management ? Security appliance selectively goes inline for a single host and bees its default gateway by ARP manipulation ? Pros: No work integration required for full quarantine capabilities。 Can granularly block suspect traffic。 Usually not granular in quarantine server assignment。 also includes Network Based Anomaly Detection (NBAD) vendors ? Outofband: Most monly NBAD and old Distributed Denial of Service (DDoS) security vendors Key considerations ? Does the security device watch for policy violations as well as threats? ? Does it see devices as they enter the work? ? Can they work across both voice and data works without negatively impacting quality and performance? ? What is the management overhead associated with both approaches? 27 CONFIDENTIAL Mitigate Mitigation Approaches for NAC Two elements for NAC mitigation ? Quarantine capabilities (required) ? Onentry restrict access for devices not meeting requirements ? Postentry take a device off the work and send to quarantine zone if they violate policy or propagate a threat ? Ideally should be able to assign to different quarantine server based on problem, . registration server for guests, AV scanner for infected devices, etc. ? Remediation services for identified problems (optional) ? Additional diagnostic tools for deeper checks – Vulnerability scanners – AV scanners, etc. ? Tools for fixing identified problems – OS patch links – AV signature update and malware removal tools – Registration pages for unknown devices 29 CONFIDENTIAL Quarantine Approaches DHCP integration ? Uses DHCP process for identification and endpoint integrity checks on entry to the work. ? Pros: Assigns appropriate IP and VLAN according to their risk level ? Cons: After IP address is assigned they don’t have an independent quarantine capability。 may not check all IP devices Inline security appliance/switch ? Pros: Sees all devices both managed and unmanaged and doesn’t require agent based software ? Cons: If it is not inline with, or does not replace the access switch then it will not see the device as it es on the work Out of band appliances with work awareness