Chapter 9. Verifying that a PC Is Safe
In This Chapter
Classifying the machines on your network
Knowing what to scan for
Dealing with unsafe machines
Scanning machines while they're on the network
Most organizations that deploy a NAC policy tend to group the NAC options into two key categories: user identity and machine security posture. This chapter deals with machine security posture, helping you answer the question of which machines you want to allow onto your network. Chapter 8 covers user identity.
The capabilities of NAC products certainly go beyond the questions of user identity and machine posture — many NAC products allow you to create policies based on location, time-of-day, wired versus wireless, and so on. Although these policies might seem more or less important to your deployment, depending on your deployment criteria, these two primary categories need to be done first and foremost; therefore, these categories are of key importance.
Industry analysts, journalists, vendors, and enterprises fiercely debate machine integrity because many different schools of thought relate to how much security it adds to a network, and whether a system should quarantine users or prevent them from accessing network resources as a result of machine integrity. Most organizations now have to simultaneously deal with ever increasing sets of user groups and machine types on the networks. IT departments in every major industry are opening up their networks to employees, partners, contractors, ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
