Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
111112113114115116117118119120
2-37
Customer Needs Assessment
Determine Your Endpoint Integrity Requirements
Any Web site that is not included in the other zones is automatically placed in
the Internet zone. For these Web sites, the NAC 800 default setting is Medium.
This setting provides protection against many types of attacks while still
enabling functionality users might require to complete their jobs.
If your company requires tighter security, you may need to change the settings
for these zones. In general, however, you should not lower the security
settings.
Operating System—Windows
The Operating System—Windows tests examine a Windows endpoint to verify
that its OS is running all the hotfixes and patches you require as part of your
company’s security policy. In addition to specifying tests for the specific
version of Windows running, you can select tests to check Windows software
such as Microsoft Internet Information Services (IIS), Microsoft Virtual
Machine (MVM), and Windows Media Player.
These tests are particularly important for organizations that rely on users to
download and install patches on their own.
Security Settings—OS X
The Security Settings—OS X tests allow you to check Macintosh endpoints.
For example, you can enforce secure settings for AirPort wireless networks
and ensure that the Macintosh firewall is enabled but Internet sharing is
disabled. You can also control settings such as file and printer sharing, remote
login, remote Apple events, and FTP access.
Security Settings—Windows
The Security Settings—Windows tests provide similar checks on Windows
endpoints. The tests check, among other settings:
Enabled servicesSome services enable remote access to an endpoint,
which can pose a security hazard. Hackers often exploit Remote Proce-
dure Call (RPC) or the Routing and Remote Access service. You might
prohibit those services on employee or guest endpoints if your environ-
ment requires particularly high security. On the other hand, patches have
been created to address vulnerabilities, and these services are necessary
in some environments or on some endpoints. (For example, if you select
the agentless testing method for the NAC 800, RPC is required.)