Designing Access Controls

Finalize Security Policies

1.Does your organization require anti-virus software?

In Table 3-96, fill in the anti-virus software solutions that meet your requirements. The NAC 800 allows you to choose multiple solutions; as long as an endpoint has one, it passes the test.

2.Does your organization require anti-spyware? Fill in the solutions that meet your requirements.

3.Does your organization require personal firewalls?

Fill in the solutions that meet your requirements in the “Personal fire- walls” cell (for vendor and Windows firewalls). If you require the Mac firewall on Mac endpoints, check the “Mac firewall” cell.

Table 3-96. Tests for Medium Endpoint Integrity

Anti-Virus

Anti-Spyware

Personal Firewalls

Mac Firewall

 

 

 

 

Solutions that meet requirements

More Rigorous Tests for Endpoint Integrity. You might want to test end- points in particularly high security zones more rigorously. These tests might:

Verify that endpoints are protected from less-common but real threats such as attacks activated through macros

Minimize risky or undesirable applications and behavior

Check that not just the endpoints’ OS but also various applications are patched

Verify that endpoints remain patched

Some of these tests might scan not only for insecure settings and applications, but also for settings and applications that—for whatever reason—are unde- sirable (or, conversely, desirable) in your network. For example, you might want to prohibit an application that has caused trouble in your network. Or a department head might want all users working on a particular project to have a particular application necessary for that project.

These tests in this section might start to interfere with the way those who connect to the network can use the network. Hopefully, users will begin to employ their network access in safer and more productive ways. However, you do not want to hinder legitimate use; as recommended in Chapter 2:

3-123

Page 239
Image 239
HP Access Control Client Software manual Tests for Medium Endpoint Integrity