9.2. Which Device Gets the Trust?
NAC vendors have responded to customer needs for endpoint security with a wide range of endpoint scanning functionality. Some solutions use agentless scans to check for known vulnerabilities, and other solutions include downloadable agents that take a more in-depth inventory of machine security. Before analyzing the advantages and tradeoffs between downloadable agents and agentless approaches, first, you need to focus on what you can look for on these machines.
9.2.1. Endpoint security applications
One of the most commonly used types of endpoint security policies are those that verify the presence, operation, and up-to-date nature of third-party endpoint security applications — ranging from personal firewall and antivirus applications to anti-spyware and disk encryption suites. Essentially, these types of policies ensure that endpoints connected to your network have the appropriate self-protection mechanisms in place. Not all NAC solutions are equal in their capabilities. Your NAC solution needs to do more than simply look at a registry setting or search for a file to ensure that the endpoint device has a certain antivirus package installed, for example. Your NAC solution should ensure that the endpoint device has active protection enabled.
9.2.1.1. Operating system
Operating system scans allow you to verify the operating system (OS), and potentially the service pack, of the incoming endpoint device.
This information can help you to verify which ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
