Pages

Saturday, January 2, 2016

Posture

In the context of Cisco Identity Services Engine (ISE), "posture" refers to the security posture assessment of endpoints connecting to the network. Cisco ISE includes a feature called "Endpoint Posture Assessment," which evaluates the security posture of devices (endpoints) attempting to access the network based on predefined criteria, such as the presence of security software, patches, and configuration settings.

Endpoint posture assessment is an essential component of network access control (NAC), allowing organizations to enforce security policies and ensure that only compliant and secure devices are allowed to connect to the network. The posture assessment process typically involves the following steps:

1. **Agent Deployment**: Cisco ISE may require the installation of endpoint posture assessment agents or software on client devices to collect information about the endpoint's security posture. These agents gather data such as antivirus status, patch levels, firewall settings, and other security-related information.

2. **Endpoint Assessment**: When an endpoint attempts to connect to the network, Cisco ISE evaluates the endpoint's security posture based on the information collected by the posture assessment agents. It compares the endpoint's security status against predefined policy criteria to determine whether the device meets the organization's security requirements.

3. **Policy Enforcement**: Depending on the results of the posture assessment, Cisco ISE enforces appropriate access policies for the endpoint. If the endpoint is compliant with security policies, it may be granted access to the network with full or limited privileges. If the endpoint is non-compliant, Cisco ISE may enforce remediation actions, such as placing the device in a restricted VLAN, quarantining it from the network, or redirecting it to a remediation portal.

4. **Remediation**: For non-compliant endpoints, Cisco ISE may initiate automated or manual remediation processes to address security issues and bring the device into compliance. This may involve updating software, installing patches, enabling security features, or configuring settings to meet security policy requirements.

Endpoint posture assessment helps organizations improve network security by ensuring that only trusted and secure devices are allowed to access the network. It helps detect and mitigate security risks posed by non-compliant endpoints, such as malware infections, unpatched vulnerabilities, and misconfigurations, thereby reducing the overall attack surface and enhancing the organization's security posture.

Posture Assessment and Remediation
Checking and Enforcing Compliance

NAC Agents
Checks
Status

How posture operates on ISE environment.

Check below things before letting computer into the network
windows update
antivirus, antispyware installed or not
Some registry settings
Some application or services running

This is possible with the help of NAC (Network access control) agents.
NAC is s/w installed on the computer also known as NAC agent which can permanent or temporary. It provides the information to ISE regarding if the device is compliant or not with our policy.

Posture comes in picture during authorization

Posture status can be :
compliant
non-compliant
unknown: in case NAC agent is not installed on the device

We can create three new authorization profiles:
1. Is your posture unknown
redirect it to ISE. This is not for authentication but to download NAC agent

2. Non compliant
We have NAC agent running but device aren’t compliant
put this into Quarantine vlan or Remediation vlan

3. Compliant
Put them into the VLAN they are supposed to be in and we can download the ACL .








No comments:

Post a Comment