Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
171172173174175176177178179180
3-60
Designing Access Controls
Choose Endpoint Integrity Testing Methods
Requirements for Testing Methods
This section elaborates further on advantages and disadvantages of each
method, as well as steps required for the method to function correctly. The
following section (“Deciding Which Testing Methods to Enable” on page 3-64)
helps you decide for which method or methods you will fulfill the required
steps.
NAC EI Agent
The NAC 800 stores the ProCurve NAC EI agent. An end-user can download
and install this agent to his or her endpoint in these ways:
Automatically before testingFor example, you can use network
management tools such as Active Directory to deploy the agent to many
endpoints.
Automatically at initial testing—When a NAC 800 that uses the NAC
agent testing method detects an endpoint that does not have the agent, it
installs the agent to the endpoint automatically. The user sees the screen
in Figure 3-4, and unless he or she cancels the installation, the agent is
installed permanently. The automatic installation relies on ActiveX, so it
fails if the Web browser is not opened or does not allow the ActiveX
content.
Agentless There is no installation on the endpoint.
There is no user interaction.
The endpoint must have four ports (137, 138,
139, and 445) opened on its firewall.
Admin credentials for the endpoint must be
known.
RPC must be running on the endpoint. (It is
enabled by default on all testable
endpoints.)
Testing Method Advantages Disadvantages