Access Control Concepts

Network Access Control Technologies

The policy also specifies the action taken when an endpoint fails the test. Most network access controllers generally quarantine the endpoint (see “Quaran- tine Methods” on page 1-42). Sometimes, however, network access controllers simply send an email message to notify the network administrator.

Different network access controllers support different tests. The ProCurve NAC 800 tests endpoints in ways such as these:

Security Settings

These tests examine an endpoint’s security settings, checking, for example:

Enabled services

Networks to which the endpoint connects

Security settings for macros

Local security settings, which determine how users are allowed to access the endpoint

Personal firewall status

Software

These tests check software that is installed on an endpoint. Some tests look for required software such as personal firewalls and anti-virus soft- ware. Other tests look for prohibited software such as file-sharing soft- ware. Another test scans for viruses and other malware.

Operating System

All OSs have vulnerabilities that hackers can exploit. The OS manufactur- ers distribute updates to close these vulnerabilities. Some tests examine a Windows endpoint’s OS to verify that all required hotfixes and patches are installed.

Browser Security Policy

These tests verify that an endpoint’s Web browser enforces the proper level of security for various zones (for example, on IES, Internet sites, local sites, trusted sites, and untrusted sites).

Pre-connect and Post-connect Testing

A network access controller may test endpoints at various points in the connection:

Pre-connecttesting—This testing takes place before the endpoint con- nects at all. It makes initial access to the network contingent on compli- ance with the endpoint integrity policy.

1-37

Page 51
Image 51
HP Access Control Client Software manual Pre-connect and Post-connect Testing, Security Settings, Operating System