Security Solutions
3-59
Designing Access Controls
Choose Endpoint Integrity Testing Methods
Choose Endpoint Integrity Testing
Methods
The endpoint integrity testing method determines how a NAC 800 accesses
endpoints and tests them. (The testing method does not affect which tests the
the NAC 800 performs; these tests are selected in a NAC policy, which you will
formulate in “Create the NAC Policies” on page 3-120.)
The NAC 800 offers flexible support for endpoint integrity in a variety of
environments because it uses all three common testing methods:
■ NAC EI agent (permanent agent)
■ ActiveX (transient agent)
■ Agentless (using Microsoft’s Remote Procedure Call [RPC] protocol)
Table 3-43 lists the advantages and disadvantages of each testing method.
Table 3-43. Summary of Testing Methods
Testing Method Advantages Disadvantages
NAC EI agent • The agent can be installed on any endpoint
running Windows 98 or above.
• The endpoint can be retested at any time.
• The agent receives automatic updates.
• The endpoint can be tested through the
firewall.
• A user must download and install the agent
(one time interaction).
• Upgrades are required.
ActiveX • ActiveX does not require maintenance or
upgrades.
• All Windows endpoints are supported.
• The endpoint can be tested through the
firewall.
• The agent must be temporarily installed
every time the endpoint connects to the
network.
• Internet Explorer must be open for testing;
no post-connect testing is possible if the
browser is closed.
• Non-IE browsers are not supported.
• Browser settings must allow ActiveX
control operation of signed and safe
controls.
• Interaction from the end-user might be
required.