SecurityExpressions Server User Guide

Enabling slow link detection might extend processing time.

Trace Route Information

Trace route is a TCP/IP utility that allows the user to determine the route that packets are taking to a particular host. Your notifications can include a trace route if you select this optional setting, Make trace route information available to notifications. Determining trace route information may be slow.

Network Admissions Control

The Network Admissions Control section of the Network page enables Cisco Network Admissions Control (NAC) to work with the server software. NAC allows network access only to trusted end- point devices that can verify their compliance to network security policies. It can permit, deny or restrict network access to any device as well as quarantine and remediate non-compliant devices.

The server software communicates with NAC through Cisco Secure Access Control Server (ACS). ACS uses the server software as its External Posture Validation Audit Server. External Posture Validation Audit Server sends posture tokens to ACS that indicate the audit status of systems. Using that information, NAC can determine whether or not these systems are in compliance.

The server software frequently checks target systems to keep the posture tokens updated. The possible posture tokens are:

Healthy - The system had a posture result of Pass when checked.

Quarantined - The system had a posture result of Fail when checked.

Transition - The system was in the middle of an audit when checked.

Unknown - The server software does not recognize the system, cannot connect to the system or lost connectivity during the last audit.

To configure the server software to work with NAC, select settings in the following categories.

Unmanaged Systems

An unmanaged system is a system on the network that the server software does not recognize or cannot connect to.

Initial Token

Sends the posture token you select to ACS if the server cannot connect to a system.

Token After Self Audit

Sends the posture token you select to ACS if a quarantined system fails a self-service audit.

Cache Validity Duration

Select how long a posture token of Healthy should remain valid. This is a way to control how often the server software verifies that an unmanaged system is still in compliance with network security policies after it receives a Healthy posture token. If you select Forever, the system's Healthy token will never expire.

Managed Systems

50

Page 57 Page 59
Page 58
Image 58
Symantec Security Expressions Server Trace Route Information, Network Admissions Control, Unmanaged Systems, Initial Token
Page 57 Page 59
Top Page Image Contents