cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3042
Views
0
Helpful
4
Replies

Help in research : BYOD and Any Connect

PiCar
Level 1
Level 1

Hello,

I have read through various articles and posts but looking for some clarification please; 

Could I to allow a BYOD devices (laptops/tablets), to use Any Connect but prior to using Any Connect, could the device be checked for a certain specification, such as a Windows device is running Windows 10 to a minimum specification of, lets say 1909?  Also, for the device to have a form of antivirus installed that is up to date?

I don't know if this is correct, I shall ask anyway, as I won't learn anything if I don't ask;

How would all the above work with the ISE (Cisco Identity Service Engine), to check through Host Scan to see whether the posture of the device is running adequate security as proposed as minimum security settings to run the Cisco Any Connect – how does Terminal Access Controller Access-Control System fit into Any Connect? 

 

Thank you in advance for your help :-)

2 Accepted Solutions

Accepted Solutions

marce1000
VIP
VIP

 

 https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

Mike.Cifelli
VIP Alumni
VIP Alumni
On top of the link provided. Here is another area with free tutorials that should be able to assist you in configuration your configuration journey: http://labminutes.com/sec
could the device be checked for a certain specification, such as a Windows device is running Windows 10 to a minimum specification of, lets say 1909? Also, for the device to have a form of antivirus installed that is up to date?
-With the posture module you can check for them items that you have mentioned. Some checks to meet those requirements could be the following:
Cisco has pre-built registry checks that can be utilized to determine what OS version. Or you could specifically create your own registry check to determine exact version such as:
Registry Condition: OS = Windows 10 (all); HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuild String EQUALS <18363>
Another example could be to ensure you have McAfee agent running: Service Condition: McAfee Agent; OS Windows 10; Service Name EQUALS masvc; Service operator EQUALS Running
There are a plethora of things you can target to determine posture status prior to onboarding to include specific matches on AV versions. I recommend taking a peek at some of the tutorials & the guide provided to gain a better understanding of the overall workflow. Good luck & HTH!

View solution in original post

4 Replies 4

marce1000
VIP
VIP

 

 https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank you for the link :-)

Mike.Cifelli
VIP Alumni
VIP Alumni
On top of the link provided. Here is another area with free tutorials that should be able to assist you in configuration your configuration journey: http://labminutes.com/sec
could the device be checked for a certain specification, such as a Windows device is running Windows 10 to a minimum specification of, lets say 1909? Also, for the device to have a form of antivirus installed that is up to date?
-With the posture module you can check for them items that you have mentioned. Some checks to meet those requirements could be the following:
Cisco has pre-built registry checks that can be utilized to determine what OS version. Or you could specifically create your own registry check to determine exact version such as:
Registry Condition: OS = Windows 10 (all); HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuild String EQUALS <18363>
Another example could be to ensure you have McAfee agent running: Service Condition: McAfee Agent; OS Windows 10; Service Name EQUALS masvc; Service operator EQUALS Running
There are a plethora of things you can target to determine posture status prior to onboarding to include specific matches on AV versions. I recommend taking a peek at some of the tutorials & the guide provided to gain a better understanding of the overall workflow. Good luck & HTH!

Thanks for that, it was really useful :-)