5.6. Summary
Following are key points from this chapter:
LAN-based NAC and LAN-based patching systems do not adequately patch mobile devices.
Rely on exploit examples in this chapter as ammunition to stress the importance of Mobile NAC.
There are different types of patches with which to be concerned, not just Microsoft patches.
Patching of potentially mobile devices must take place any time a device is connected to the Internet and cannot be dependent upon VPN or LAN connectivity.
A device that does not meet minimum security requirements should be restricted, regardless of where it is being used.
Security and IT, not the end user, should decide if and when a patch is installed.
Patching is an ongoing process.
Mobile NAC solutions can help with patch enforcement.
Zero day protection can assist with protecting unpatched systems.
A patching solution should provide real-time reporting on the status of all machines, even if they are mobile.
An organization without insight into the current patch level of its devices, a means to restrict them if they are deficient, and a means to remediate them regardless of where they may be located cannot seriously consider itself to be compliant with the spirit of any major compliance statute.
You've now learned about the concepts of NAC and the actual threats that exist to LAN-based and mobile devices. Chapter 6 begins the next section of the book, where individual NAC/NAP solutions will be discussed.
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
