Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
51525354555657585960
1-37
Access Control Concepts
Network Access Control Technologies
The policy also specifies the action taken when an endpoint fails the test. Most
network access controllers generally quarantine the endpoint (see “Quaran-
tine Methods” on page 1-42). Sometimes, however, network access controllers
simply send an email message to notify the network administrator.
Different network access controllers support different tests. The ProCurve
NAC 800 tests endpoints in ways such as these:
Security Settings
These tests examine an endpoint’s security settings, checking, for
example:
Enabled services
Networks to which the endpoint connects
Security settings for macros
Local security settings, which determine how users are allowed to
access the endpoint
Personal firewall status
Software
These tests check software that is installed on an endpoint. Some tests
look for required software such as personal firewalls and anti-virus soft-
ware. Other tests look for prohibited software such as file-sharing soft-
ware. Another test scans for viruses and other malware.
Operating System
All OSs have vulnerabilities that hackers can exploit. The OS manufactur-
ers distribute updates to close these vulnerabilities. Some tests examine
a Windows endpoint’s OS to verify that all required hotfixes and patches
are installed.
Browser Security Policy
These tests verify that an endpoint’s Web browser enforces the proper
level of security for various zones (for example, on IES, Internet sites,
local sites, trusted sites, and untrusted sites).
Pre-connect and Post-connect Testing
A network access controller may test endpoints at various points in the
connection:
Pre-connect testing—This testing takes place before the endpoint con-
nects at all. It makes initial access to the network contingent on compli-
ance with the endpoint integrity policy.