See 8.4, “Building the remediation workflows” on page 417, for information about the creation of the workflows for the IBM Integrated Security Solution for Cisco Networks.

Remediation handler HTML pages

The remediation process does not link back to a central policy as do the security compliance posture and the Access Control Server posture token and access control list. The compliance client provides a way to display HTML-based information to the user. This mechanism relies on locally based HTML content staged in specific client directories. When presented to the user, the user in turn can personally resolve the noncompliance issue with this information, or call the

automated remediation if needed. However, it must be noted that managing the remediation help files is a process that includes these steps:

1.Understanding the policy posture compliance criteria.

2.Creating the informational HTML pages used by the compliance client to display detailed information to the user. For more information refer to Chapter 8, “Remediation subsystem implementation” on page 355.

3.Distributing the HTML pages to the client systems.

At the time of writing this book, there is no Security Compliance Manager in-band mechanism for distributing the HTML pages. Therefore the security administrator must rely on other mechanisms for both the initial distribution of the HTML pages and future updates. As a best practice, the HTML pages should be incorporated into the standard gold-disk images for new client workstations being deployed. In the absence of an automatic remediation subsystem, any HTML page updates must be distributed using an out-of-band tool or process. However, with the addition of the automatic remediation subsystem a distribution workflow can be put in place to update the HTML pages as necessary (this exercise is left for the reader.)

You can also bundle updated HTML pages into the policy collector JAR file. If you do this, they can be deployed automatically with a new or updated policy.

5.3.2 Physical components

Referencing Figure 5-3 on page 102, note that the solution is comprised of three major subsystems: the compliance subsystem, the Network Admission Control subsystem, and the remediation subsystem. In this section we delve further into the various physical components comprising each of the these subsystems.

116Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 133 Page 135
Page 134
Image 134
IBM Tivoli and Cisco manual Physical components, Remediation handler Html pages
Page 133 Page 135
Top Page Image Contents