An Ethical Hacker's Perspective
If you're a security engineer like myself, the last person you want telling you about security is a sales or marketing person. Unfortunately, that is often the source of security information, as they are on the front lines communicating those messages. This book is going to take a different perspective on NAC and NAP. This information is going to come from the perspective of a security engineer who is well versed in the specific threats and how various exploits actually take place. It will also come from the perspective of a director of information systems (IS), IS manager, and system administrator — the people who actually need to understand what these solutions are meant to do and what the various pieces of each solution actually contain.
The goal of security applications is to mitigate risk. With NAC/NAP, it's important to understand exactly what the different types of threats actually are before a solution to address those threats can be put into place. As I'll mention in this book, many people tell me they are looking at a NAC/NAP solutions because they don't want unwanted systems plugging into their LAN and infecting their network. OK, that sounds good and is a valid concern. Should that specific scenario be the top concern based upon the actual threats and exploits that actually exist? I don't think so. Personally, I would be more concerned about a wanted system that is mobile and connecting to public Wi-Fi hotspots, is handling sensitive ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
