Hi Nataraj, we found out the hard way that perimeter security doesn't always equal security. The last few times we were hit by malware it was because someone brought in an unpatched and unprotected laptop computer and infected other machines on the network. We had to go around an manually clean and patch all infected machines after shutting them down.
We've since mitigated many of the risks by:
- Reducing the attack surfaces on all platforms
- Implemented MS SUS for patching OSs
- Deployed a centrally managed AV solution
- Installing CSA on all hosts.
- Implemented an email scanning and filtering system
We will start testing NAC soon and hope to have it in place sometime next year if it works out.
It's a lot better than what we had and it's already been tested successfully several times (and probably paid for itself too!).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...