With Phase II of the Cisco NAC push, Cisco has brought much of the NAC functionality to Layer 2 devices; upgraded the Cisco Secure ACS server to version 4.0; and updated the Cisco Trust Agent to 2.0, which now includes 802.1x wired support, a Red Hat Linux port and the ability to author your own posture checks. Many Cisco switching lines now can use the Cisco Trust Agent to pass identity and posture information up to the network at a switch level, and allow a NAC-enabled infrastructure to take actions accordingly (see "NAC Switch Support," left).
For example, suppose you're facing a new Windows vulnerability that has a high chance of being "wormable," and you're unsure whether all your users will be patched in time. You might create a policy that looks for the presence of a specific patch, and grant nodes full access to the network only if they have that patch deployed. You might simultaneously place all nonpatched nodes onto a remediation network, or allow those nodes to go only to www.windowsupdate. com. Before Phase II, only part of this functionality was available using Layer 3 NAC, and only on routers.
We tested some Layer 2 functionality by creating a policy in the Secure ACS server that looked for a specific version of a DLL, and placed the node into our quarantine VLAN if the file wasn't present. It should be noted that there's some important context information needed for this task to work: We had to specify the exact file or registry key we wanted to look for. This specificity isn't a problem if you're looking for one or two things, but simply saying, "Must have updated antivirus file," or "Must have latest IE patch" is more problematic. Many organizations won't have the necessary file checksums and registry keys for every patch or update they want to require. To gain a holistic posture-checking ability, Cisco requires integration with a NAC-enabled patch-management system, such as Bigfix or Patchlink, or the more self-contained Cisco Clean Access (CCA) products.
CCA, which joined Cisco's portfolio through its Perfigo acquisition in late 2004, delivers Layer 3 NAC-like functionality but does so using an inline appliance that has its own agents, authorization mechanism and management infrastructure. We tested CCA briefly by setting up a CCA appliance inline in a remote-access model, and much like its Juniper counterpart, the device temporarily blocked our PC, forced us to deploy an agent and then queried our node for a number of posture requirements we had defined.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
With low earth orbit (LEO) satellites fast becoming the norm and 3GPP unifying telecom standards around the globe, the satellite IoT and machine-to-machine (M2M) sector ought to be looking at a bright horizon. But is this the case?
