Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

The increasing number of endpoints used to access a network in any enterprise environment can greatly affect security.

Endpoints that connect to the enterprise and are corrupted in some way can infect other parts of the enterprise and cause significant IT infrastructure damage and loss of productivity.

Additionally, organizations must address security compliance as they are faced with an increasing numbers of internal, industry, and government policies, standards, and regulations.

This IBM Redbook discusses the IBM Integrated Security Solution for Cisco Networks, which offers a security-rich, policy-based security compliance and remediation solution for small, medium, and large businesses. We explain how administrative tasks can be simplified by centralizing the administration of defined security policies, automating security policy enforcement and execution, and automating endpoint security scans. As a result we can create notifications of security compliance vulnerabilities, quarantine, and automatically remediate noncompliant workstations before a potential security incident occurs.

This book is targeted at security professionals, architects, and senior security and IT managers to provide valuable architectural, technical, and planning information.

Part 1. Architecture and design
Chapter 1. Business context
Chapter 2. Architecting the solution
Chapter 3. Component structure
Part 2. Customer environment
Chapter 4. Armando Banking Brothers Corporation
Chapter 5. Solution design
Chapter 6. Compliance subsystem implementation
Chapter 7. Network enforcement subsystem implementation
Chapter 8. Remediation subsystem implementation
Appendix A. Hints and tips
Appendix B. Network Admission Control
Appendix C. Additional material

• TCP/IP Tutorial and Technical Overview, GG24-3376-07
• IBM Power 595 Technical Overview and Introduction, REDP-4440-00
• IBM System z Connectivity Handbook, SG24-5444-10

Publish Date
17 January 2007

Rating:
(based on 4 reviews)

Rate this book

Author(s)

Axel Buecker is a Certified Consulting Software IT Specialist at the International Technical Support Organization, Austin Center. He writes extensively and teaches IBM classes worldwide in Software Security Architecture and Network Computing Technologies. He holds a degree in Computer Science from the University of Bremen, Germany. He has 20 years of experience in a variety of areas related to Workstation and Systems Management, Network Computing, and e-business Solutions. Before joining the ITSO in March 2000, Axel worked for IBM in Germany as a Senior IT Specialist in Software Security Architecture.

• Axel Buecker

Richard Abdullah is a Consulting Engineer with Cisco Systems Strategic Alliances. Prior to joining Cisco Systems in 2001, he worked in technical capacities within various service providers. He has spent 19 years in the IT industry focusing on networking and most recently on network security solutions. He holds a BSEE degree from the University of Michigan, Dearborn.

• Richard Abdullah

Markus Belkin is a Network Architect with IBM Australia. He has worked in the IT Industry for 10 years and works predominately with Cisco technologies. He specializes in routing and switching, security and optical technologies. He has an MCP, MCSE, CCNA, CCDA, CCNP, and CCDP and is currently working towards his Routing and Switching CCIE.

• Markus Belkin

Mike Dougherty is a Consulting Engineer at Cisco Systems, Inc. in San Jose, California. He has worked in the industry for 16 years supporting Cisco networking equipment ranging from routers and switches to security and unified communication solutions. He obtained his CCIE in Routing and Switching in 1996 and is currently working on his CCIE in Security. Mike is a technical consultant working in Strategic Alliances under the business development umbrella at Cisco Systems, Inc.

• Mike Dougherty

Wlodzimierz Dymaczewski is an IBM Certified Senior IT Specialist with IBM Software Group in Poland. Before joining the Tivoli Technical Sales team in 2002 he worked for four years in IBM Global Services where he was a technical leader for several Tivoli deployment projects. He has almost 13 years of experience in systems management, recently specializing in security. He holds a degree in Computer Science from the Poznan Technical University, Poland. Vlodek is a Certified Deployment Professional for Security Compliance Manager 5.1 and Risk Manager 4.1 as well as for some Tivoli automation products (TEC, NetView, and Monitoring).

• Wlodzimierz Dymaczewski

Vahid Mehr is a Consulting Engineer with Cisco Systems Strategic Alliances working on joined architectural solutions with IBM. In his more than 13 years of experience with Cisco he has been in various customer consulting and alliance development roles. Prior to this, he was a Software Engineer working on Object Oriented programming. He has a BSEE from the University of Colorado and resides in San Ramon, California.

• Vahid Mehr

Frank Yeh is a member of the IBM Corporate Security Strategy Team who works in Costa Mesa, California. He has more than 25 years of computing experience in a variety of functions including Operations, Support, MIS, Development, Sales, and Business Development. Prior to joining IBM, Frank served as the Strategic Architect for Access360, a pioneer in the Identity Management space that was acquired by IBM in October 2002. He holds a degree in Economics from the University of California, Los Angeles.

• Frank Yeh

ISBN

0738489883

IBM Form Number
SG24-6678-01

Number of pages
480