Cisco Systems G01028-1E User Manual
e
A
TrustTM Agent for Cisco Network
dmission Control (NAC)
Installation Guide
r1
G01028-1E
This documentation and related computer software program (hereinafter referred to as the "Documentation") is for
the end user's informational purposes only and is subject to change or withdrawal by Computer Associates
International, Inc. ("CA") at any time.
This documentation may not be copied, transferred, reproduced, disclosed or duplicated, in whole or in part, without
the prior written consent of CA. This documentation is proprietary information of CA and protected by the copyright
laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of this documentation for
their own internal use, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only
authorized employees, consultants, or agents of the user who are bound by the confidentiality provisions of the
license for the software are permitted to have access to such copies.
This right to print copies is limited to the period during which the license for the product remains in full force and
effect. Should the license terminate for any reason, it shall be the user's responsibility to return to CA the reproduced
copies or to certify to CA that same have been destroyed.
To the extent permitted by applicable law, CA provides this documentation "as is" without warranty of any kind,
including without limitation, any implied warranties of merchantability, fitness for a particular purpose or
noninfringement. In no event will CA be liable to the end user or any third party for any loss or damage, direct or
indirect, from the use of this documentation, including without limitation, lost profits, business interruption,
goodwill, or lost data, even if CA is expressly advised of such loss or damage.
The use of any product referenced in this documentation and this documentation is governed by the end user's
applicable license agreement.
The manufacturer of this documentation is Computer Associates International, Inc.
Provided with "Restricted Rights" as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or
DFARS Section 252.227-7013(c)(1)(ii) or applicable successor provisions.
© 2004 Computer Associates International, Inc.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contents
Chapter 1: Overview 5
How the eTrust Agent for Cisco NAC Works ..................................................... 5
Computer Associates NAC-Enabled Applications................................................. 6
System Requirements .......................................................................... 6
Product Components........................................................................... 7
Chapter 2: Setting Up eTrust Agent for Cisco NAC 9
Add Computer Associates Attributes to the NAC Database ....................................... 10
Install the Cisco Trust Agent ................................................................... 10
Install the eTrust Agent for Cisco NAC ......................................................... 11
Verify the Installation ......................................................................... 11
Appendix A: Computer Associates Attribute Information 13
Application Types ............................................................................ 13
eTrust Antivirus Attributes .................................................................... 14
eTrust PestPatrol Anti-Spyware Attributes ...................................................... 15
Contents iii
Chapter 1: Overview
This chapter provides a brief description of how the eTrust Agent for Cisco
Network Admission Control (NAC) works and lists the Computer Associates
applications that are currently NAC-enabled. In addition, this chapter describes
system requirements and product components.
Note: This document assumes that Cisco NAC is fully installed and running in
your network environment. For information about Cisco NAC, refer to the
following Cisco documents:
Network Admission Control (NAC) home page:
http://www.cisco.com/en/US/netsol/ns466/networking_solutions_sub_so
lution_home.html
NAC User Guide for Cisco Secure ACS 3.3
http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_u
ser_guide_chapter09186a0080233612.html
NAC Attribute Management
http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_u
ser_guide_chapter09186a0080233621.html#wp617627
How the eTrust Agent for Cisco NAC Works
The eTrust Agent for Cisco NAC discovers the posture attributes for Computer
Associates applications on an end-point device that attempts to access or use
resources on a network administered with Cisco NAC. The Cisco Trust Agent
(CTA), also located on the end-point device, passes the posture attributes to a
Cisco Access Control Server (ACS). The ACS compares the posture attributes
with a set of policies previously defined by a network administrator. Based on
the results of the comparison, the end-point device may either be granted full
primary network access or placed into a separate virtual network, where the
device can go through a remediation process before it is allowed to connect to the
primary network.
Overview 5
Loading...