ISE Network Access Security Policy Document - High/Low

Unanswered Question
Sep 2nd, 2014
User Badges:

Has anybody created the High and Low level designs for the NASP?

 

This is my first time and its always easier to have a template to work off of than to reinvent the wheel.  An incomplete example is displayed below but I was hoping someone had a complete one of high and low.

 

Employee Authorization Rule
Table of Contents for Employee Security Policy:
I. Members pg. xxx
II. Acceptable Use Policy pg. xxx
III. Windows 7 Security Requirements pg. xxx
1. Approved AV Installed & Up-to-date pg. xxx
a. Security checks pg. xxx
b. Security rules pg. xxx
IV. Network Access Permissions pg. xxx
1. VLAN Segmentation pg. xxx
a. Noncompliant Posture VLAN pg. xxx
b. Access VLAN Name/ID pg. xxx
2. Access Control List pg. xxx
3. SmartPort Macro pg. xxx
4. Security Group Tag number pg. xxx
...
IV. Network Access Permissions
1. VLAN Segmentation – Yes
a. Noncompliant Posture VLAN = quarantine-vlan/100
b. Access VLAN Name/ID = employees/10
2. Access Control List – Yes
a. Compliant ACL = permit All IP
b. Noncompliant ACL =
5 Permit TCP from any to “AUP web server” equaling 80
Description: Allow anyone to access the acceptable use policy link
64 Cisco ISE for BYOD and Secure Unified Access
10 Permit TCP from any to “Link based remediation resources” equaling 80 & 443
Description: Allow web traffic to the appropriate remediation resources
20 Permit TCP from any to “file based remediation” equaling 80 & 443
Description: Allow web traffic to the cam for remediation file distribution
30 Permit UDP from any to “dmz DNS Server” equaling DNS
Description: Allow DNS only to the dmz dns server
40 Deny IP from any to any
Description: Block everything else
3. SmartPort Macro – no
4. Security Group Tag number – 10

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Actions

This Discussion