Security Solutions

1-41

Access Control Concepts

Network Access Control Technologies

Note The NAC 800 allows endpoints to automatically download the NAC EI agent

the first time that they are tested—combining the ease of deployment of the

a transient agent with the advantages of a permanent agent. However, the

automatic download requires ActiveX.

■ Transient-agent based—Web browser with ActiveX and JavaScript

allowed in the security settings

Web browsers implement security in slightly different ways. Most Web

browsers allow you to set up different settings for different Web sites. For

example, the Web browser might generally prohibit ActiveX but allow it

for the network access controller. The ProCurve Access Control Solutions

Implementation Guide shows you how to set up various Web browsers.

■ Agentless—application such as:

•WMI

These Microsoft Windows OSs support WMI:

– Windows 2000

–Windows ME

– Windows Server 2003

–Windows XP

• SNMP agent

•RPC

All Windows OSs (Windows 95 and later) support RPC. The network

access controller must know administrator credentials for the end-

point to successfully make use of RPC.

In addition, the endpoint’s security settings most not interfere with testing. In

practice, this usually means that you must open ports in personal firewalls or

other firewalls that stand between the endpoint and the network access

controller. Often, however, agents will automatically open the correct ports

without user interaction.

For example, the NAC 800 agent uses TCP and UDP ports 1500, and the agent

automatically opens these ports on all personal firewalls (except a non-

Windows firewall on an XP endpoint). However, you must open these ports

on a router firewall manually.