We've been waiting for this too and now that we have background posture assessment (woohoo!) it's probably up on our Top 3 list of things to push for next.
Rob to answer your question though, even without posture assessment the Agent (IMO) provides a much more user friendly experience for logins than the web login does. This is of course dependent on how you authenticate your clients and how often, we make students reauth every 7 days so having the agent live on the machine means that after being removed the agent is able to just pop-up and the user log back in. If you do it once a semester/year then it probably won't effect you. And as Aaron said, you get AV/AS checking which while we haven't started yet for students we are doing for Faculty/Staff and it works nicely with McAfee AV. --Jeremy On Mon, Aug 9, 2010 at 17:00, Aaron T. Davis <[email protected]> wrote: > On Aug 9, 2010, at 3:09 PM, Biddle, Rob wrote: > >> Has anyone heard anything as to when Cisco will start publishing NAC Agent >> Checks & Rules for Apple OS X Security Patches? >> I'd like to start making use of the Mac OS X NAC Agent, but it seems a bit >> silly without the posture assessment capabilities. >> >> _____________________________ >> Rob Biddle >> Network Systems Engineer / Administrator >> College of Mount St. Joseph >> >> >> >> > > Bob, > > The Cisco NAC has had no remediation capabilities for Mac OS X--besides > AntiVirus/AntiSpyware (AV/AS) checking--since we started using it, which was > version 4.6 (approximately May 2009). In addition, it does not have a Mac OS > X API or any other way to programmatically tap into the information that the > CCA Agent (client) reports. Finally, the only remediation it can do on its > own is to update the virus definition file for ClamXAV. We use McAfee here at > Illinois State University and while the NAC will detect various version of > McAfee for Mac the only way to remediate it is by file/URL linking. > > We discussed this with Cisco some time ago, but never received an answer as > to whether they plan to implement these procedures and if so, when. We > followed up with Cisco when McAfee released McAfee Security for Mac v1.0 > back at the end of August 2009, but it took months (it looks to be about nine > months) until it was recognized with the v4.7.2 release. > > It is particularly frustrating especially since v4.7.2 of the CCA Agent > (client) can identify Major versions of Mac OS X, i.e., Mac OS X 10.4, 10.5, > etc., and whether Snow Leopard is running in 64 bit mode. I think the agent > is pulling a lot of information, but the NAC system does not take advantage > of this in any way. > > Let's keep pushing Cisco to implement these features. > > Good luck, > > _________________________________ > Aaron T. Davis > Call Center Supervisor > University Computer Help Desk > Illinois State University > Direct: 309-438-5777 > Support: 309-438-4357 >
