As a leading manufacturer of network security technology products, Cisco publishes a series of technical handbooks describing its product line and offering technical guidance in applied network implementations. One such family of proprietary network security products uses a process called network admission control (NAC) to effectively enforce security policy compliance on all devices seeking access to network computing resources. A NAC-based schema uses the Extant network infrastructure to only allow access to compliant and trusted endpoint devices (such as personal computers and servers), while restricting the network access of even remediating noncompliant devices.

This review covers the first volume of the NAC-based product series, which describes Cisco’s approach to the design and implementation of a NAC framework architecture and associated control protocols. (Volume 2 of this series considers the deployment and troubleshooting of a Cisco NAC approach.) These handbooks specifically focus on Cisco NAC framework release 2.0 technologies, and provide an in-depth technical description of each element of the Cisco NAC 2.0 architecture and process protocols. Their implementation and operation within a Cisco-based self-defending network are also covered. In addition to providing an introduction to the Cisco NAC framework, volume 1 specifically addresses design guidelines for enforcing network admission policies and how to handle NAC agentless host processors. These guidelines describe NAC conforming network designs that only allow access to trusted and compliant endpoint devices. They identify noncompliant endpoint devices, effectively deny them access, place them in a quarantined area for remediation, or give them controlled (restricted) access to designated network resources.

This handbook is organized into eight chapters, and sequentially covers each of the technologies and protocols that are components of the Cisco NAC framework. The first two chapters introduce and provide an overview of this NAC framework; subsequent chapters build on these framework elements by describing specific tasks necessary to prepare, plan, design, implement, operate, and optimize a target NAC framework solution. The last section of each chapter presents summary review questions (the answers are found in the appendix). Unfortunately, this volume does not include a technical glossary or definitions of key terms. In addition, the authors assume that the reader has a solid understanding of the Cisco SAFE security blueprint, and a familiarity with Cisco security point products and security technologies.

This handbook will be a useful reference for networking and security professionals responsible for the implementation and operation of any Cisco NAC framework 2.0-based network. Due to its focus on a family of specific Cisco network security products, it would not be particularly useful for those in an educational or network design environment--such an audience requires a more general understanding of network security solutions.