Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

281

282

283

284

285

286

287

288

289

290

A-14

Appendix A: Glossary

MS Management Server. When using a NAC 800 in a multiple-server installation,

the server that is used for managing and controlling the ESs.

MS-CHAP Microsoft CHAP. The Microsoft implementation of CHAP. For more informa-

tion, see RFC 2759 at http://tools.ietf.org/html/rfc2759.

NAC Network Access Controller. The generic term for any device that controls

network access, particularly based on compliance with network policies

(endpoint integrity).

NAC EI agent A ProCurve-developed agent that is installed permanently on an endpoint to

enable testing. The agent runs as a new Windows service.

NAC agent test

method

Also called “agent test method,” a test method that requires a one-time interac-

tion from end-users and minimal memory on the endpoint (about .80 Mb). After

end-users download and install the NAC EI agent, the endpoint is always

available for retesting, and the agent is automatically updated when a new

version of the agent is available. All versions of Windows are supported by this

testing method.

NAC policy A collection of tests that evaluate the security status of endpoints that attempt

to access the network. A policy includes a list of activated tests, their proper-

ties, and actions, as well as a list of endpoints to which the policy applies. In

addition, the policy defines how to handle endpoints that run OSs that the

NAC 800 does not support, retest frequency, and how to handle inactive

endpoints. Three default NAC policies are provided: high, medium, and low.

You can also define your own policies.

NAC policy group A logical set of NAC policies that applies to one or more enforcement clusters.

Each cluster uses only one NAC policy group.

NAS Network Access Server. A server that provides endpoints access and that

enforces the decisions of AAA servers, thereby guarding access to the Internet,

printers, phone networks, or other protected resources. While a NAS does not

contain information about which endpoints and end-users can connect, it does

send an end-user’s credentials to the AAA server, which processes them and

directs the NAS how to proceed.

NAT Network Address Translation. A method of reusing IP addresses wherein

endpoints inside the network have IP addresses that are different from those

that are presented to the Internet. For more information, see RFC 3022 at http:/

/tools.ietf.org/html/rfc3022.