https://community.cisco.com/t5/network-security/csa-cca-nac-cta-and-their-role-in-security/m-p/356978#M790648 <HTML><HEAD></HEAD><BODY><P>Hi Naman -</P><P></P><P>You are right-on with you descriptions. I am adding some more description to see if this can help you further.</P><P></P><P><B>CSA</B></P><P> - HIPS to reduce risk worms, viruses, spyware</P><P> - Security Policy enforcement to implement Organizations' Security Policy</P><P></P><P><B>NAC</B></P><P> - Industry Collaborative Effort (Trend Micro, McAfee, Symantec, CA, IBM and many others to come)</P><P> - enables Trust determination of end-points connecting to network devices to ensure minimimum technical requirements are met</P><P> - Phase 1 - check for Service Packs, Hotfixes, AV and/or CSA</P><P> - support IOS Routers / VPN concentrator today</P><P> - can be at any L3 hop within network</P><P> - additional device support in future (FW, AP, Switches)</P><P> - users are limited by their Trust level to resources</P><P> - users may receive a web page redirect to help fix their compliance issues </P><P></P><P><B>Cisco Clean Access</B></P><P> - Cisco-only implementation of NAC</P><P> - Trust determination done before user can communicate to any device on subnet or network</P><P> - CCA permits checking for HF/SP, PFW, AV, Spyware Cleaners, HIPs, custom application presence, etc</P><P> - users can be forced to comply with above policies before accessing network and are informed by Web Page redirects</P><P> - works with any existing network implementation, regardless of equipment manfacturor</P><P></P><P></P><P>CCA and NAC are similar in they are 2 different ways to determine Trust before users can access the network. NAC and CCA can be deployed seperately or together, depending on the customers network and requirements.</P><P></P><P>It makes sense that we may see NAC using CCA as a policy server to add additional flexability to the Trust determination of the end points. This has not happened yet nor do I know if it is planned yet since the acquisistion of Perfigo is still pretty recent.</P><P></P><P>thanks</P><P>peter</P></BODY></HTML> Fri, 25 Mar 2005 19:01:16 GMT pcomeaux 2005-03-25T19:01:16Z https://community.cisco.com/t5/network-security/csa-cca-nac-cta-and-their-role-in-security/m-p/356977#M790642 <P>Hi,</P><P>I am trying to understand the role played by the above components in a secure network as defined by Cisco. As per my understanding</P><P></P><P>CSA--&gt;Provides Host-based IPS\IDS capabilities.</P><P></P><P>CTA\NAC--&gt;Both work together to determine, if a Client is running the necassary SW, follows a certain policy ect. Then the Client is denied\allowed Access</P><P></P><P>CCA -&gt; If a Client is determined to be infected\non-compliant then CCA can take actions to fix that without User-Intervention.</P><P></P><P>Am I corret for the above statements ?</P><P>Are there any similarities between CCA and CTA\NAC solution ? Is there an overlap between these two solutions ? OR Are these designed to work together to deliver more features ?</P><P></P><P>Thanks \\ Naman</P><P></P> Fri, 21 Feb 2020 08:02:02 GMT https://community.cisco.com/t5/network-security/csa-cca-nac-cta-and-their-role-in-security/m-p/356977#M790642 mnlatif 2020-02-21T08:02:02Z https://community.cisco.com/t5/network-security/csa-cca-nac-cta-and-their-role-in-security/m-p/356978#M790648 <HTML><HEAD></HEAD><BODY><P>Hi Naman -</P><P></P><P>You are right-on with you descriptions. I am adding some more description to see if this can help you further.</P><P></P><P><B>CSA</B></P><P> - HIPS to reduce risk worms, viruses, spyware</P><P> - Security Policy enforcement to implement Organizations' Security Policy</P><P></P><P><B>NAC</B></P><P> - Industry Collaborative Effort (Trend Micro, McAfee, Symantec, CA, IBM and many others to come)</P><P> - enables Trust determination of end-points connecting to network devices to ensure minimimum technical requirements are met</P><P> - Phase 1 - check for Service Packs, Hotfixes, AV and/or CSA</P><P> - support IOS Routers / VPN concentrator today</P><P> - can be at any L3 hop within network</P><P> - additional device support in future (FW, AP, Switches)</P><P> - users are limited by their Trust level to resources</P><P> - users may receive a web page redirect to help fix their compliance issues </P><P></P><P><B>Cisco Clean Access</B></P><P> - Cisco-only implementation of NAC</P><P> - Trust determination done before user can communicate to any device on subnet or network</P><P> - CCA permits checking for HF/SP, PFW, AV, Spyware Cleaners, HIPs, custom application presence, etc</P><P> - users can be forced to comply with above policies before accessing network and are informed by Web Page redirects</P><P> - works with any existing network implementation, regardless of equipment manfacturor</P><P></P><P></P><P>CCA and NAC are similar in they are 2 different ways to determine Trust before users can access the network. NAC and CCA can be deployed seperately or together, depending on the customers network and requirements.</P><P></P><P>It makes sense that we may see NAC using CCA as a policy server to add additional flexability to the Trust determination of the end points. This has not happened yet nor do I know if it is planned yet since the acquisistion of Perfigo is still pretty recent.</P><P></P><P>thanks</P><P>peter</P></BODY></HTML> Fri, 25 Mar 2005 19:01:16 GMT https://community.cisco.com/t5/network-security/csa-cca-nac-cta-and-their-role-in-security/m-p/356978#M790648 pcomeaux 2005-03-25T19:01:16Z