Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Model 3: End-System Authorization with Assessment

2-10 NAC Deployment Models

Features and Value

InadditiontothefeaturesandvaluesfoundinModel1andModel2,thefollowingarekeypieces

offunctionalityandvaluepropositionssupportedbyModel3,End‐SystemAuthorizationwith

Assessment:

Extensive Security Posture Compliance Verification

Thefollowingdescribesafewexamplesofteststhatcanbeexecutedforconnectingend‐

systemsandtherelevanceofthesetestsfromacomplianceandsecuritystandpoint:

•Antivirussoftwareconfiguration

TheNACsolutioncandetermineifanend‐systemhasantivirussoftwareinstalled,ifitis

properlyconfigured(real‐timeprotection

isenabled),ifitisup‐to‐datewiththemostrecent

virusdefinitionfile,andifitisenabled.Antivirussoftwarehastheabilitytodetectinfections

astheyhappen,andtopreventfurtherpropagationofthevirustootherend‐systems.Itis

importanttoverifythatend‐

systemsareprotectedwithantivirussoftwarewhentheyconnect

tothenetwork,incasetheend‐systemissubsequentlyinfectedwithawormorvirusafter

connectivityisestablished.

•Operatingsystempatchlevel

TheNACsolutioncandetermineiftheend‐systemisup‐to‐datewiththelatestoperating

systempatches.

Thisensuresthatanyvulnerabilitiespresentinservicesrunning on

unpatchedlaptopsareappropriatelyremediated,sothatattacksthattargetthose

vulnerabilitiesarenotsuccessful,iftheyreachthedeviceonthenetwork.

•Malwareinfection

TheNACsolutioncandetermineiftheend‐systemisinfectedwithmalware(worms,viruses,

spyware,

andadware)byidentifyingbackdoorportsonwhichtheend‐systemislistening,

runningprocessesandservices,and/orregistrykeysettings.Byidentifyinginfectedend‐

systemspriortonetworkconnection,theNACsolutionprotectsotherend‐systemsonthe

networkfrompossibleinfectionandpreventstheunnecessaryconsumptionofnetwork

bandwidth.

•Hostfirewallconfiguration

TheNACsolutioncandetermineiftheend‐systemhasahostfirewallenabled.Byhavinga

firewallenabled,theend‐systemcanprotectitselfagainstattackstargetingvulnerableservices

andapplicationsonthedevice.

• Peer‐to‐Peer(P2P)filesharingsoftwareconfiguration

TheNACsolutioncandetermineif

theend‐systemisinstalledwithorisrunningaP2Pfile

sharingapplication.SinceP2Pfilesharingapplicationsfacilitatetheillegalfiletransferof

copyrighteddataonthenetworkandcanbeusedforrecreationalpurposes,itisimportant

thattheNACsolutionvalidatesthatthistypeofapplicationis

notinuseonend‐systemsprior

tonetworkconnection.Thisavoidslegalissuesinvolvedwiththetransferofcopyrighteddata

orlossofproductivityduetoinappropriateonlineactivity.

previous next