I have been searching for a security solution to protect our LAN (Cisco switches, wired only, wireless not used) from unauthorized PC connecting to an endpoint, or from authorized users tweaking the restrictions set on their PCs (possibilities include installing a parallel OS, replacing the Hard Drive, etc.)
We work in an MS Windows doamin environment. Once a user logs on to the domain, security policies from the domain controller and other 3rd party softwares are applied to the users PC.
We are currently focusing on forcing the network to permit PCs that are only joined to the windows domain to gain access, so that we ensure all policies are downloaded to those PCs.
I have read reviewed solutions based on 802.1x using certificates, but I'd like to introduce a complete NAC to our environment. We have seen symantec NAC (DHCP enforcer was nice) solution, but I would like to have more information on how Cisco NAC solution can secure our environment. To summarize, the NAC Solution should,
- Ensure any PC connecting to the network be part of the Windows Domain.
- Check that AV, if possible Altiris & Pointsec Reflex Magnetics (PC Port contrl Software), are present on the PC
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...