10.2. Endpoint/Software Enforcement
Endpoint enforcement involves software on a connecting client that enforces policies. This kind of enforcement is similar to putting firewall software on an endpoint. In the firewall software, you can control with what the endpoint can communicate by using source IP, destination IP, ports, and protocol type of a nomenclature. That type of functionality is the most basic of endpoint enforcement. In the case of NAC, the policy engine controls the policies, instead of statically configuring those policies on the endpoint.
You can use endpoint enforcement for not only network enforcement, but also endless types of policies (including which software can be run).
|
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.