Security Solutions
3-122
Designing Access Controls
Finalize Security Policies
You might select tests such as these for a policy intended to test guest
endpoints before letting them use your network to access the Internet. You
eliminate the most common threats from unknown equipment without frus-
trating guests with policies they cannot meet.
1. Does your policy mandate that endpoints be free of viruses, worms, and
other malware?
Check the cell for that test.
2. Does your policy mandate that endpoints have all patches (“hotfixes” for
Windows or “security updates” for Mac OS X)?
Check the cell for every version of Windows that might run on endpoints
that connect to your network. Check the “security updates” cell if your
network might need to accommodate Mac endpoints.
Table 3-94. Tests for Minimal Endpoint Integrity
3. For Windows machines, do you require a particular SP?
Fill in the required SP for every version of Windows that might run on
endpoints that connect to your network.
Table 3-95. Tests for Minimal Endpoint Integrity
Tests for Medium Endpoint Integrity. The tests above eliminated the
most immediate threats. Your security policy might mandate other tests that
help endpoints remain protected with anti-virus software and personal
firewalls.
These tests are often used to test your own network’s equipment (private
zones). After all, an organization that has purchased anti-virus software can
reasonably require its endpoints to use that software. However, you might also
activate some of these tests for high security public zones, particularly those
that offer a degree of access to the private network in addition to Internet
access.
Viruses,
Worms,
Malware
Windows
2000
Windows
2003 SP1
Windows
2003 SP2
Hotfixes
Windows
2003
Hotfixes
Windows
XP SP2
Hotfixes
Windows
XP Hotfixes
MAC
Security
Updates
Activate
this test?
Windows 2000 Windows 2003
Server
Windows NT Windows XP
Required SP?