User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

341

342

343

344

345

346

347

348

349

350

OmniAccess SafeGuard OS Administration Guide

344

Chapter 9: End Point Validation

C If the scan agent determines that the end point is in compliance with the

corporate security policy, as defined on the ICS administration page, the end

point is declared to be in good posture.

It also, optionally, can present a web page to the user saying they have passed

posture validation. If the user is not in compliance, they are presented with a

results page that tells what rules failed, how to remediate, and gives them the

option to rescan.

The EPV feature provides web based configuration of conformance policy.

This is available by accessing the ICS configuration and reporting tools by

following this link, where

serviceport IP is the IP address assigned to the

management port. This IP address can be obtained using the

show

serviceport

command. See Displaying Configuration Information for the

Management Port on page 48:

http://serviceport IP:31862/ics/bin/ctool.cgi

Use the ICS graphical user interface (GUI) to configure these ICS features:

… ICS rules.

… ICS policies. When there are multiple policies, determine which policies

are applied.

… The rescan interval.

… Whether a user has access to non-standard operating systems.

Before accessing the ICS tools, you must log in. The default login process is

described in the Integrity Clientless Security Administration Guide. To add

additional users and passwords to the Alcatel-Lucent system, use the optional

EPV configurations described in Adding or Deleting Additional ICS

Administrators on page 352.

When configuring ICS, Alcatel-Lucent recommends that the following boxes

have check marks on ICS gateway page:

… Require Integrity Security Scanner

… Allow access to endpoints running a non-supported OS

… Enforce Interval Scan

Set a scan interval that is 15 minutes or longer and ensure that a corporate

security compliance policy is selected from the drop down list. Do not check

NOTE: When the remediating action is a URL hyperlink to download a file or

a patch, the EPV bypass policy must be configured not to trigger EPV for

HTTP packets going to the remediation web server or network.