Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
531532533534535536537538539540
12-14
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 12 Configuring Network Scanning
Configure Vulnerability Handling
Figure 12-9 Vulnerabilities
3.
For Enabled Plugins (plugins that have been enabled through the Plugins menu) select the following:
ID: This is the number of the plugin that will be listed on the scan report.
Name: Name of the plugin.
Vulnerable if: These
dropdown controls configure how the Clean Access Manager interprets the scan
result for the plugin. If the client is scanned and the result returned for a plugin matches the
vulnerability configuration, the client will be put in the quarantine role (or blocked). You can
increase or decrease the level of result that triggers a vulnerability and assigns users to the
quarantine role.
1. NEVER—Ignore the report for the plugin. Even if a HOLE, WARN, or INFO result appears on
the report, this plugin is never treated as vulnerability and will never cause the user to be put in
the quarantine role.
2. HOLE—If HOLE is the result for this plugin, the client has this vulnerability and will be put
in the quarantine role. A result of WARN or INFO on the report is not considered a vulnerability
for this plugin. In most cases, administrators should select “HOLE” to configure vulnerabilities.
“HOLE” will ignore the other types of information (if any) reported by plugins.
3. HOLE, WARN (Timeout)—This setting means the following:
A HOLE result for this plugin is considered a vulnerability and the client will be put in the
quarantine role.
A WARN result for this plugin is considered a vulnerability and the client will be put in the
quarantine role. A WARN result means the plugin scan timed out (due to personal firewalls or
other software) and could not be performed on the machine. Choosing WARN as a vulnerability
will quarantine any client that has a firewall enabled. However, it can also be used as a
precautionary measure to quarantine clients when the results of the scan are not known.
An INFO result on the report is not considered a vulnerability for this plugin.
4. HOLE, WARN, INFO—This setting means the following:
A HOLE result for this plugin means the client has this vulnerability and will be put in the
quarantine role.
A WARN result for this plugin is considered a vulnerability and the client will be put in the
quarantine role. An WARN result usually indicates a client that has a firewall enabled.