Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NAC appliance - Virus scan

Is it possible to force a virus scan prior to giving acces to the network using nac appliance (with or without cca) ?

Also, any way to know when was the last time the machine fully virus scanned ?

Thx

8 REPLIES

Re: NAC appliance - Virus scan

Hi Charles,

Yes that is possible with NAC,Please check this NAC demo presentation,

http://www.cisco.com/cdc_content_elements/flash/nac/demo.htm

If user system is infected NAC will put that user in the isolated network.

Also check NAC Faq's

Regards,

~JG

Re: NAC appliance - Virus scan

Using the CAM GUI, where do you go go configure this ? All I can see is rule for av installation/service/definition. Maybe by the network scanner ?

Thx

Re: NAC appliance - Virus scan

Yes,

Device manager--->Clean Access---->Network scanner.

Kindly see the attachment.

Pls rate if helps

Regards,

~JG

Re: NAC appliance - Virus scan

Looks like I must manually choose all virus I wanna scan a pc for ? Is there a plugin like "scan hardrive for any virus" ?

Re: NAC appliance - Virus scan

Charles,

Yes, that is correct you need to define it.

Go into ---Rules---New AV rule select ANY for antivirus vendor.

Device management-----> Clean Access-----> Network Scanner ---> Plugin Updates

NAC is not for the purpose to scan whole system. AV is used for that purpose. It check and make sure that AV and MS update are up to date.

Regards,

~JG

Re: NAC appliance - Virus scan

So I cannot be sure that a user pc isn't infect before allowing network access ?

Re: NAC appliance - Virus scan

NAC FAQ's

Q. Does the Cisco NAC Appliance actually clean, or does it just make sure programs are installed and updated so that machines remain clean?

A. In the case of a failed Windows hotfix, the Cisco NAC Appliance can automatically launch the Windows AutoUpdate tool. If the Cisco NAC Appliance detects an infection or vulnerability, it can push a fix tool to the user (Symantec's MyDoom Fix Tool, for example) and require that user to use it before accessing the network. In addition, any registry setting that is detected can trigger the download of software or scripts that secure the user's device to meet established security policies.

Q. How does the Cisco NAC Appliance work?

A. When a device attempts to log onto the network, the Cisco NAC Appliance requests authentication credentials and identifies what kind of device it is. Depending on the role of the user, a posture assessment is performed based on the requirements of the network. If the device is found to be noncompliant, the Cisco NAC Appliance redirects the machine to a quarantine area where the user can perform the necessary downloads to update the machine. The machine is then rescanned and, if compliant, is granted access to the network.

Q. What kind of scans does the Cisco NAC Appliance perform?

A. The Cisco NAC Appliance performs network- and agent-based scans. Network-based scans look for network vulnerabilities such as remote-procedure call (RPC) buffer overflows or messenger buffer overflows. Agent-based scans check a user's system registry, file system, and system memory for specific services and applications.

Hope that helps

~Jg

Re: NAC appliance - Virus scan

Thx, that all clear now !

446
Views
10
Helpful
8
Replies