3 EAD Configuration

Introduction to EAD

Endpoint admission defense (EAD) is an attack defense solution. Using this solution, you can enhance the active defense capability of network endpoints, prevents viruses and worms from spreading on the network, and protects the entire network by limiting the access rights of insecure endpoints.

With the cooperation of device, AAA sever, security policy server and security client, EAD is able to evaluate the security compliance of network endpoints and dynamically control their access rights.

With EAD, a device:

z

z

Verifies the validity of the session control packets it receives according to the source IP addresses of the packets: It regards only those packets sourced from authentication or security policy server as valid.

Dynamically adjusts the VLAN, rate, packet scheduling priority and access control list (ACL) for user terminals according to session control packets, whereby to control the access rights of users dynamically.

Typical Network Application of EAD

EAD checks the security status of users before they can access the network, and forcibly implements user access control policies according to the check results. In this way, it can isolate the users that are not compliant with security standard and force these users to update their virus databases and install system patches. Figure 3-1 shows a typical network application of EAD.

Figure 3-1Typical network application of EAD

Virus patch server

Authentication server

Client

Security policy server

After a client passes the authentication, the security Client (software installed on the client PC) interacts with the security policy server to check the security status of the client. If the client is not compliant with the security standard, the security policy server issues an ACL to the device, which then inhibits the client from accessing any parts of the network except for the virus/patch server.

3-1

Page 290
Image 290
3Com WX3000 operation manual EAD Configuration, Introduction to EAD, Typical Network Application of EAD