Symantec Security Expressions Server manual Trace Route Information, Network Admissions Control

Page 58

SecurityExpressions Server User Guide

Enabling slow link detection might extend processing time.

Trace Route Information

Trace route is a TCP/IP utility that allows the user to determine the route that packets are taking to a particular host. Your notifications can include a trace route if you select this optional setting, Make trace route information available to notifications. Determining trace route information may be slow.

Network Admissions Control

The Network Admissions Control section of the Network page enables Cisco Network Admissions Control (NAC) to work with the server software. NAC allows network access only to trusted end- point devices that can verify their compliance to network security policies. It can permit, deny or restrict network access to any device as well as quarantine and remediate non-compliant devices.

The server software communicates with NAC through Cisco Secure Access Control Server (ACS). ACS uses the server software as its External Posture Validation Audit Server. External Posture Validation Audit Server sends posture tokens to ACS that indicate the audit status of systems. Using that information, NAC can determine whether or not these systems are in compliance.

The server software frequently checks target systems to keep the posture tokens updated. The possible posture tokens are:

Healthy - The system had a posture result of Pass when checked.

Quarantined - The system had a posture result of Fail when checked.

Transition - The system was in the middle of an audit when checked.

Unknown - The server software does not recognize the system, cannot connect to the system or lost connectivity during the last audit.

To configure the server software to work with NAC, select settings in the following categories.

Unmanaged Systems

An unmanaged system is a system on the network that the server software does not recognize or cannot connect to.

Initial Token

Sends the posture token you select to ACS if the server cannot connect to a system.

Token After Self Audit

Sends the posture token you select to ACS if a quarantined system fails a self-service audit.

Cache Validity Duration

Select how long a posture token of Healthy should remain valid. This is a way to control how often the server software verifies that an unmanaged system is still in compliance with network security policies after it receives a Healthy posture token. If you select Forever, the system's Healthy token will never expire.

Managed Systems

50

Image 58
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsViewing Audit Results SetupDatabase Connection Secure Connection Windows 2000 ServersCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights