Security Solutions
3-77
Designing Access Controls
Choose Endpoint Integrity Testing Methods
Example. After totaling all of the methods that seem desirable according to
one factor or another (see Table 3-54), the PCU network administrators decide
that the NAC EI agent and the ActiveX agent are the most useful testing
methods in the public zones. They will install the agent on computers in
computer labs, and they will train support staff in guiding guests through
automatically installing the agent.
The NAC EI agent also suits the private and remote zones. The network
administrators will publish the NAC EI agent in the directory to deploy it to
all endpoints in the private zone. Endpoints in the private zones are members
of the domain, so agentless testing is a viable backup option.
Table 3-54. Preliminary Decisions for Testing Method
Factor Public Wired Private Wired Public Wireless Private Wireless Remote
Administrative control ActiveX
NAC EI agent
Agentless
NAC EI agent
ActiveX
NAC EI agent
NAC EI agent
ActiveX
ActiveX
NAC EI agent
Post-connect testing NAC EI agent
ActiveX
NAC EI agent
Agentless
NAC EI agent
ActiveX
NAC EI agent
Agentless
NAC EI agent
ActiveX
User sophistication NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
ActiveX
Administrative workload ActiveX
NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
ActiveX
NAC EI agent
Agentless
ActiveX
NAC EI agent
Network overhead NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
NAC EI agent
ActiveX
Totals NAC EI agent: 5
ActiveX: 5
NAC EI agent: 5
ActiveX: 3
Agentless: 4
NAC EI agent: 5
ActiveX: 5
NAC EI agent: 5
ActiveX: 4
Agentless: 3
NAC EI agent: 5
ActiveX: 5
Selections NAC EI agent
ActiveX
NAC EI agent
Agentless
NAC EI agent
ActiveX
NAC EI agent
Agentless
NAC EI agent
ActiveX