Abstract: Systems and methods for facilitating self-service device integration for a NAC server is provided. According to one embodiment, a database is maintained by a NAC server. The database includes mappings of system object identifiers to corresponding implementation details of associated devices. A system object identifier of a device that is to be modeled within the NAC server based on implementation details of another device is received. A list of candidate devices is retrieved from the database based on the system object identifier. A user of the NAC server is prompted to select a candidate device from the list. Responsive to receipt of the selected candidate device, implementation details of the selected candidate device are mapped against the system object identifier and access to the network device is facilitated based on the implementation details of the selected candidate device by storing the mapping as an entry in the device database.

Abstract: Systems and methods for facilitating self-service device integration for a NAC server is provided. According to one embodiment, a database is maintained by a NAC server. The database includes mappings of system object identifiers to corresponding implementation details of associated devices. A system object identifier of a device that is to be modeled within the NAC server based on implementation details of another device is received. A list of candidate devices is retrieved from the database based on the system object identifier. A user of the NAC server is prompted to select a candidate device from the list. Responsive to receipt of the selected candidate device, implementation details of the selected candidate device are mapped against the system object identifier and access to the network device is facilitated based on the implementation details of the selected candidate device by storing the mapping as an entry in the device database.

Abstract: Systems and methods for facilitating self-service device integration for a network access control (NAC) server are provided. An enforcement engine running on a NAC server initializes modeling of a network device by reading a system object identifier associated with the network device and queries a device information database for the system object identifier to determine whether a mapping for the system object identifier exists in the database. When a match of the system object identifier is not found, the enforcement engine retrieves a list of network devices from the database based on the system object identifier to enable a user to select a potential network device from the list. Furthermore, the enforcement engine, maps implementation details of the potential network device against the system object identifier and stores the mapping as an entry in the database in order to access the network device using implementation details of the potential network device.

Abstract: A system and method for network access control (NAC) of remotely connected devices is disclosed. In embodiments, agents support role mapping and policy-based scanning. Embodiments automatically perform authentication, assessment, authorization, provisioning, and remediation. Capabilities include user authentication, role-based authorization, endpoint compliance, alarms and alerts, audit logs, location-based rules, and policy enforcement. Processes collect information about the user as well as the host being used from sources including, but not limited to, LDAP, the remote access device, and the agent. Once this data has been obtained, embodiments construct a comprehensive model of the host. This model is subsequently used to govern the actual host's network access when it connects to the network. Passive monitoring includes vulnerability scanning to control access rights throughout the duration of the connection.

Abstract: A system and method for dynamic device configuration enabling network and security administrators to define policies that indicate event and alert conditions within their networks. The policies incorporate information about network devices, endpoints connected to those devices, input from external security systems, local endpoint policy compliance, and date/time-of-day to determine whether to generate an event or alert. Events and alerts can be associated with actions that effect changes to network device configurations in order to maintain a desired operational state of the network.

Abstract: A system and method for network access control (NAC) of remotely connected devices is disclosed. In embodiments, agents support role mapping and policy-based scanning. Embodiments automatically perform authentication, assessment, authorization, provisioning, and remediation. Capabilities include user authentication, role-based authorization, endpoint compliance, alarms and alerts, audit logs, location-based rules, and policy enforcement. Processes collect information about the user as well as the host being used from sources including, but not limited to, LDAP, the remote access device, and the agent. Once this data has been obtained, embodiments construct a comprehensive model of the host. This model is subsequently used to govern the actual host's network access when it connects to the network. Passive monitoring includes vulnerability scanning to control access rights throughout the duration of the connection.