ASA built-in Posture-assesment ?

mcroft · ‎12-11-2008

Hi,

I am looking a secure solution for around 25 users to remote-in to our datacentre.

Obviously a secure tunnel is needed (SSL/Ipsec), BUT ALSO, i want a solution to provide 'posture assesment' of sorts.

Now, NAC is very expensive for this small type of small archicture.

I have been looking at the ASA feature "Pre-Connection Posture Assessment" with the Cisco Secure Desktop :-

It offers "Host integrity verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access."

I think this is PERFECT

Can anyone please tell me how this differs from NAC and would it survice ?

Thank you.

P.S I intend to use the IPS module too, to ensure data passing the ASA will be "scrubed" clean.

tstanik · ‎12-17-2008

Yes you can use Cisco ASA 5500 Series SSL Host integrity verification checking seeks to detect the presence of antivirus software, personal firewall software, and Windows service packs on the endpoint system prior to granting network access.

A significantly expanded list of applications and versions are now supported through this mechanism. Frequent updates are available to support new product releases. Administrators also have the option of defining custom posture checks based on the presence of running processes.