Enterasys Networks 9034385 2 Security Domain Configuration Guidelines for Assessment, Examples

Area of the network, or a group of end-systems or users, that require end-system assessment with either the same set of assessment parameters, or a distinct set of parameters different from other areas of the network

•Switches that provide open access to the network, such as guest access areas. This requires that the Security Domain be associated to an Assessment Configuration that deeply scans connecting end-systems, since untrusted users are allowed access to the network.

•Switches that provides access to trusted users on the network. This requires that the Security Domain be associated to an Assessment Configuration that scans for vulnerabilities common to applications and platforms utilized by trusted users, such as Windows XP and Microsoft Internet Explorer.

•Switches that provide access to a specific group of devices (for example, IP phones and printers), devices running a specific set of applications (such as e-mail servers, web servers), or PCs running a specific OS (Microsoft 2003 Server, Microsoft XP, RedHat Linux, MAC OS). This requires that the Security Domain be associated to an Assessment Configuration that scans the connecting end-systems for vulnerabilities specific to the type of end-system.

•A group of devices identified by MAC address, that are running a specific OS. This requires that a MAC override identifying these devices be associated to an Assessment Configuration that scans these connecting end-systems for vulnerabilities specific to the type of OS.

•A group of devices identified by MAC address, that are a specific device type, such as printers or IP phones. This requires that a MAC override identifying these devices be associated to an Assessment Configuration that scans for vulnerabilities specific to the type of end-system, such as web servers with default login credentials.

•Users, identified by username, that are identified as high risk personnel on the network. This requires that a user override identifying these users is associated to an Assessment Configuration that deeply scans these connecting end-systems for potentially malicious tools, applications, malware, and vulnerabilities.

Create an Assessment Configuration specifically configured to validate these security compliance parameters.

In NAC Manager, create a Security Domain that uses this Assessment Configuration and leverages assessment servers configured to validate these security compliance parameters.