Security Solutions
1-42
Access Control Concepts
Network Access Control Technologies
Endpoint Integrity Posture
As a network access controller tests an endpoint, it assigns it a posture,
depending on the results of the test:
■ Unknown—Not yet tested
■ Healthy—Passed all tests
■ Check-up—Failed at least one test but allowed temporary access
■ Quarantine—Failed at least one test (and a temporary access period, if
allowed, has expired)
■ Infected—Infected with malware such as a virus, worm, or spyware
The network access controller uses the posture to determine the action it
takes (based on your particular configuration).
Quarantine Methods
Testing the endpoint determines whether or not it complies with your policies,
but ascertaining compliance is only half the solution. The other half is taking
action against non-compliant endpoints. Network access controllers typically
quarantine non-compliant endpoints, isolating them from the main portion of
the network.
While quarantined, endpoints have either no access to network resources or
limited access. Resources made available to quarantined endpoints are often
called remediation services because they help the endpoint become compli-
ant. For example, quarantined endpoints might be allowed to contact a Web
site for downloading patches.
Network access controllers quarantine endpoints in several different
ways—not surprising because endpoints connect in different ways to net-
works with different architectures and capabilities. The three standard quar-
antine methods are:
■ 802.1X
■ DHCP
■ Inline
802.1X. As you should recall from earlier in this chapter, 802.1X is a standard
method for enforcing access control in Ethernet and wireless networks. It
provides a framework for hinging the status of the endpoint’s access port
(open or closed) to the end-user’s authentication status.