Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Procedures for Out-of-Band and Inline NAC

Enterasys NAC Design Guide 5-5

•Howhealthresultsareprocessed.

Whenanassessmentisperformedonanend‐system,a“healthresult”isgenerated.Foreach

healthresult,theremaybeseveral“healthresultdetails.”Ahealthresultdetailisaresultfor

anindividualtestperformedduringtheassessment.Eachhealthresultdetailisgiven

ascore

rangingfrom1to10,andbasedonthisscore,thehealthresultisassignedarisklevel.

However,itispossibletooverridethescorewithadifferentvaluethatbetteralignsthescore

withtheenterpriseʹscompliancepolicy.Forexample,Wiresharkisapopularnetworktraffic



analysisapplicationthatcanbeusedforbothinformationalandmaliciousintentions.IfIT

operationsdeterminesthatWiresharkisanapplicationthatshouldnotbeinstalledonend‐

systemsconnectingtothenetwork,ascoringoverridecanbeconfiguredtoassociateahigh‐

riskscoreifWiresharkisdetectedon

anend‐system.

•Whichend‐systemsarequarantined.

NACManagerusesrisklevelstodeterminewhetherornotanend‐systemwillbe

quarantined.Basedonthescoresfromthehealthresultdetails,end‐systemareclassifiedinto

oneoffourrisklevels:highrisk,mediumrisk,lowrisk,andnorisk.

Dependingontherisk

leveltowhichtheend‐systemisclassified,theend‐systemmaybequarantined.

Authorization

TheNACconfigurationalsospecifiestheauthorizationlevels,referredtoas“accesspolicies,”that

willbeappliedtotheend‐system,dependingontheauthenticationandassessmentresults.

• AcceptPolicy–thepolicythatisassignedtocompliantend‐sys tems.

•QuarantinePolicy–thepolicythatisassignedtononcompliantend‐systems

thathavefailed

assessment.

• AssessmentPolicy–thepolicythatis(optionally) assignedtoend‐systemswhiletheyare

beingassessed.

• FailsafePolicy–thepolicythatisassignedtoend‐systemswhenanerroroccursintheNAC

process.

previous next