Security Solutions
3-73
Designing Access Controls
Choose Endpoint Integrity Testing Methods
Sophisticated users, on the other hand, are so comfortable changing settings
that you may have to take measures to prevent them from trying to avoid the
testing process. With the ActiveX testing method, for example, users could
close their Web browser to bypass the post-connect testing.
Table 3-48. Testing Method by User Sophistication
Example. The PCU students are computer literate. In fact, many are expert
users. Although some of the university administrators and faculty are less
knowledgeable about computers, all of them are using computer programs to
do their jobs and are comfortable completing basic tasks. Based solely on user
sophistication, the PCU network administrators decide to set up support for
the testing methods outlined in Table 3-49.
Table 3-49. Testing Methods for User Sophistication
Agentless ActiveX NAC EI Agent
User sophistication • Low (domain members)
• Medium (non-domain
members)
Low to medium Low to medium
User interaction May need to enable print and
file sharing
May need to supply network
administrator with admin
credentials
Support for ActiveX and
JavaScript on the Web
browser
Keep Internet Explorer open
Download and install agent
one time
User evasion None Change settings before pre-
connect testing, then change
them back after pre-connect
testing is completed
Close browser to avoid post-
connect testing
None
Factor Public Wired Private Wired Public Wireless Private
Wireless
Remote
User sophistication NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
Agentless
ActiveX