9.4. Get Scanned in Mid-Stream

Whatever your NAC implementation, consider using time-based scans or event-driven monitoring that your vendor might offer:

  • Time-based scans: Run periodically on the endpoint device, generally at administrator-specified intervals

  • Event-driven monitoring: Reports back to the NAC server as soon as it determines that a machine has come out of compliance

Just because a machine meets the appropriate security requirements when it first joins the network doesn't mean that it necessarily maintains that same security posture throughout the duration of the user's session. Always scan the endpoint both prior to and throughout the session.

Regardless of the mechanism, post-authentication scanning ensures that these machines stay in compliance throughout the session and that users don't game the system — for example, by turning off their personal firewalls as soon as they gain access to the network.

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial