8.The next policy we configure checks whether the personal firewall is installed and running. Since we are using the generic posture collectors, this policy was implemented as two separate policies, one for checking the registry if the firewall is installed and the second to check the services if it is running.

As an example we have chosen to check for the ZoneLabs firewall, but you can easily adjust these policies for any other personal firewall.

First, at the collectors view select ZoneAlarm Firewall Installed, right-click, and click Edit collector parameters from the pop-up menu. You are presented with parameters for the generic nac.win.any.regkey.PostureRegKeyV2 collector, as shown in Figure 6-44.This is one of the most universal collectors, as it allows you to check the existence and value of any Windows registry key.

Figure 6-44 Parameters for RegKey collector

All the parameters for the nac.win.any.regkey.PostureRegKeyV2 collector are described in the Table 6-5.

Table 6-5 Parameter information for nac.win.any.regkey.PostureRegKeyV2

Parameter name

Parameter type

Description

 

 

 

KEY

Operational

Used to specify the name of the registry key to evaluate.

 

 

Exactly one parameter value is required. If no parameter

 

 

value is provided, no posture elements will be generated.

 

 

If a parameter value is provided it will be used for the

 

 

registry key existence check. If more than one parameter

 

 

value is provided, only the first parameter value will be

 

 

used.

 

 

 

Chapter 6. Compliance subsystem implementation

171

Page 189
Image 189
IBM Tivoli and Cisco manual 171, Key