Enterasys-networks 9034385 Instrukcja Użytkownika Pobierz pdf (Strona 33)

Model 3: End-System Authorization with Assessment

Enterasys NAC Design Guide 2-11

•Applicationconfiguration

TheNACsolutioncandeterminewhichservicesandapplicationsareinstalledandenabledon

theend‐system.Certainapplicationsshouldberemovedfromthedevicepriortoestablishing

connectivitybecausetheymayhaveanegativeimpactontheoperationoftheend‐system,

distracttheenduserfrombusiness

functions,orbeusedtolaunchattacksonthenetwork.

Furthermore,particularservicesmaybeoutdatedandvulnerabletoattack.Theseservices

shouldeitherbeupdatedordisabledtominimizetherisktoconnectingend‐systemsonthe

network.TheNACsolutionfacilitatesthisreconfigurationofapplicationsonanend ‐system



priortonetworkconnection,toensuremaximumsecurityandproductivitywhenthede vice

connects.

Diverse Security Posture Compliance Verification

InorderforaNACsolutiontobeeffective,inclusionofallend‐systemsinthenetwork

environmentmustbeaddressedwhendetecting,authenticating,assessing,andauthorizing

devices.TheEnterasysNACsolutionsupportsadiverseend‐systemenvironment,and

providesintegratedsecurityandmanagementregardlessofwhattypeofdevicesare



connectedtothebusinessnetwork.

Enterasysleveragestwoassessmentmodels:agent‐basedandagent‐less.Anagent‐based

assessmentandanagent‐lessassessmentarebothcriticaltoensuringthatanyend‐systemof

anytypecanbeincludedintheNACprocess.Thereareseveralreasonswhybothassessment

modelsarecriticaltoacompleteNACsolution.Securityagentsloadedontomanagedend‐

systemsofferextensiveassessmentcapabilities.Ifanagentisrequired,anewend‐system

connectingtothenetworkthathasnotdownloadedtheagentcanbequarantinedand

redirectedtoawebpage.Thewebpageprovides

informationonhowtheagentcanbe

downloadedandinstalledontheend‐systemtobeginitsassessment.

However,therearetypesofend‐systemsinatypicalnetworkthatmaynotbeabletoloada

softwareagent,suchasIPphones,securi tycameras,orprinters.Ifasecurity

agentisnot

availableforadevice(ortheoperatingsystemsrunningthedevice),anagent‐lessapproachis

theonlywaytoassesstheend‐system.Inaddition,considerend‐systemsthatcouldnormally

holdanagent,butarenotunderthecontroloftheITorganization.Inthecase

ofguest

networkingthatprovidessupportforcontractors,vendors,andthepublic,thedesiremaybe

tosupportminimalorspecificnetworkservices,butstillensurethesafetyandsecurityofthe

networkandthepeopleusingit.Itisnotenoughtosimplyuseanetworkusagepolicyto

restricttheservicesaguestuserisallowedtoaccess.Becausetheguestisleveragingthesame

networkinfrastructureasthecriticalbusinessusers,itisimportantthatproactivesecurity

measuresareappliedtotheguestjustastheyaretoamanageduser.Thisisanothercase 

whereanagent

‐lessapproachtoend‐systemassessmentcanbecriticaltoensuringa

comprehensiveNACstrategy.

Boththeagent‐basedandtheagent‐lessassessmentmodelscanbedeployedandintegrated

togetherintheEnterasysNACsolution.

1 2 ... 28 29 30 31 32 33 34 35 36 37 38 ... 97 98

Komentarze do niniejszej Instrukcji

Brak uwag

Enterasys-networks 9034385 Instrukcja Użytkownika Strona 33

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Narzędzia Enterasys-networks 9034385