Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

321

322

323

324

325

326

327

328

329

330

A-26

Addendum to the ProCurve Access Control Security Design Guide

Updating the Access Control Design Process

Finally, note that—even when your endpoints run Windows OS—they may use

third-party security software. NAP tests primarily for Microsoft solutions

while the NAC 800 tests for a wide variety of third-party antivirus software,

firewalls, and other security solutions.

Table A-3. Options for Endpoint Integrity Solution by Existing Network

Environment

Examples. This addendum will provide examples for two hypothetical orga-

nizations—ProCurve University (PCU) and ProCurve Inc., a corporation.

PCU must support the endpoints that students and faculty bring with them.

Network administrators have enough of a challenge forcing students to install

antivirus software. At the very least, they can allow students to use the

software that they choose. If network administrators were considering only

the existing network environment, they would select the NAC 800 for the

flexibility that it brings to a mixed environment.

ProCurve, Inc., on the other hand, can enforce more uniformity for stations. To

make employees as productive as possible, the company upgrades its stations

every three years. As a result, all stations are running at least Windows XP, and

some stations are running Windows Vista. In addition, the company is already

upgrading its Windows servers to Windows Server 2008. If network administra-

tors were considering only the existing network environment, they would select

NAP because the company has a homogeneous Windows environment.

Vulnerability to Risks and Risk Tolerance

The NAC 800 provides several security benefits over NAP:

■ As a hardware appliance rather than a service running on an OS, the NAC

800 receives more frequent test updates.

■ The NAC 800 supports many tests including checks on security settings,

hotfixes, updates, patches, and software—as well as deep checks into

endpoints’ files. NAP focuses on checking Windows settings, Windows

hotfixes, and Windows patches.

Existing Network Environment Option

Mixed environment NAC 800

Legacy devices such as Windows 2000 endpoints NAC 800

Windows Server 2003 only NAC 800

Homogeneous Windows environment with Vista and XP endpoints

and Windows Server 2008

NAP