HP Access Control Client Software manual Operating System-Windows, Security Settings-OS

Customer Needs Assessment

Determine Your Endpoint Integrity Requirements

Any Web site that is not included in the other zones is automatically placed in the Internet zone. For these Web sites, the NAC 800 default setting is Medium. This setting provides protection against many types of attacks while still enabling functionality users might require to complete their jobs.

If your company requires tighter security, you may need to change the settings for these zones. In general, however, you should not lower the security settings.

Operating System—Windows

The Operating System—Windows tests examine a Windows endpoint to verify that its OS is running all the hotfixes and patches you require as part of your company’s security policy. In addition to specifying tests for the specific version of Windows running, you can select tests to check Windows software such as Microsoft Internet Information Services (IIS), Microsoft Virtual Machine (MVM), and Windows Media Player.

These tests are particularly important for organizations that rely on users to download and install patches on their own.

Security Settings—OS X

The Security Settings—OS X tests allow you to check Macintosh endpoints. For example, you can enforce secure settings for AirPort wireless networks and ensure that the Macintosh firewall is enabled but Internet sharing is disabled. You can also control settings such as file and printer sharing, remote login, remote Apple events, and FTP access.

Security Settings—Windows

The Security Settings—Windows tests provide similar checks on Windows endpoints. The tests check, among other settings:

■Enabled services—Some services enable remote access to an endpoint, which can pose a security hazard. Hackers often exploit Remote Proce- dure Call (RPC) or the Routing and Remote Access service. You might prohibit those services on employee or guest endpoints if your environ- ment requires particularly high security. On the other hand, patches have been created to address vulnerabilities, and these services are necessary in some environments or on some endpoints. (For example, if you select the agentless testing method for the NAC 800, RPC is required.)

2-37