Model 3:
Features and Value
In addition to the features and values found in Model 1 and Model 2, the following are key pieces of functionality and value propositions supported by Model 3, End‐System Authorization with Assessment:
Extensive Security Posture Compliance Verification
The following describes a few examples of tests that can be executed for connecting end‐ systems and the relevance of these tests from a compliance and security standpoint:
•Antivirus software configuration
The NAC solution can determine if an end‐system has antivirus software installed, if it is properly configured (real‐time protection is enabled), if it is up‐to‐date with the most recent virus definition file, and if it is enabled. Antivirus software has the ability to detect infections as they happen, and to prevent further propagation of the virus to other end‐systems. It is important to verify that end‐systems are protected with antivirus software when they connect to the network, in case the end‐system is subsequently infected with a worm or virus after connectivity is established.
•Operating system patch level
The NAC solution can determine if the end‐system is up‐to‐date with the latest operating system patches. This ensures that any vulnerabilities present in services running on unpatched laptops are appropriately remediated, so that attacks that target those vulnerabilities are not successful, if they reach the device on the network.
•Malware infection
The NAC solution can determine if the end‐system is infected with malware (worms, viruses, spyware, and adware) by identifying backdoor ports on which the end‐system is listening, running processes and services, and/or registry key settings. By identifying infected end‐ systems prior to network connection, the NAC solution protects other end‐systems on the network from possible infection and prevents the unnecessary consumption of network bandwidth.
•Host firewall configuration
The NAC solution can determine if the end‐system has a host firewall enabled. By having a firewall enabled, the end‐system can protect itself against attacks targeting vulnerable services and applications on the device.
•Peer‐to‐Peer (P2P) file sharing software configuration
The NAC solution can determine if the end‐system is installed with or is running a P2P file sharing application. Since P2P file sharing applications facilitate the illegal file transfer of copyrighted data on the network and can be used for recreational purposes, it is important that the NAC solution validates that this type of application is not in use on end‐systems prior to network connection. This avoids legal issues involved with the transfer of copyrighted data or loss of productivity due to inappropriate online activity.