Security Solutions
2-34
Customer Needs Assessment
Determine Your Endpoint Integrity Requirements
Determine Your Endpoint Integrity
Requirements
Once you identify the endpoints, the OSs, and the applications being used on
the network, you can begin to determine the endpoint integrity requirements
for those endpoints. That is, you can determine what an endpoint should be
running and how it should be configured before it is allowed onto the network.
Your goal in setting these security requirements is to eliminate vulnerabilities
that could be exploited by a malware attack or a hacker.
For example, if Windows XP endpoints are accessing your network, you might
require these endpoints to be running SP 2 and all the critical hotfixes that
Microsoft has released. However, if you want to test hotfixes on a lab network
before applying them to your production network, you may want to require
only the hotfixes you have already tested, rather than all of the available
hotfixes.
Although installing OS service packs and hotfixes is an important part of
decreasing your network vulnerabilities, your endpoint integrity requirements
should extend to security settings and applications. Your network access
controller must of course support tests for these additional requirements. This
guide focuses on the wide array of tests provided by the NAC 800.
On the NAC 800, tests are organized into the following categories:
■ Browser Security Policy—Windows
■ Security Settings—Windows
■ Security Settings
■ Software
■ Operating System—Windows
Browser Security Policy—Windows
The Browser Security Policy tests are designed to eliminate vulnerabilities in
Web browsers. For example, you can protect your network against exploits
targeting the latest vulnerabilities by ensuring that endpoints are running the
most up-to-date version of the Web browser.