Access Control Concepts
Network Access Control Technologies
The policy also specifies the action taken when an endpoint fails the test. Most network access controllers generally quarantine the endpoint (see “Quaran- tine Methods” on page
Different network access controllers support different tests. The ProCurve NAC 800 tests endpoints in ways such as these:
■Security Settings
These tests examine an endpoint’s security settings, checking, for example:
•Enabled services
•Networks to which the endpoint connects
•Security settings for macros
•Local security settings, which determine how users are allowed to access the endpoint
•Personal firewall status
■Software
These tests check software that is installed on an endpoint. Some tests look for required software such as personal firewalls and
■Operating System
All OSs have vulnerabilities that hackers can exploit. The OS manufactur- ers distribute updates to close these vulnerabilities. Some tests examine a Windows endpoint’s OS to verify that all required hotfixes and patches are installed.
■Browser Security Policy
These tests verify that an endpoint’s Web browser enforces the proper level of security for various zones (for example, on IES, Internet sites, local sites, trusted sites, and untrusted sites).
Pre-connect and Post-connect Testing
A network access controller may test endpoints at various points in the connection:
■