Filter
Top Products
100 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
4. The Security Compliance Manager client is armed with a remediation
handler
. The remediation handler provides a method of displaying the
compliance posture data to the end user. In addition to informing the user of
the specific posture failures, the remediation handler can display additional,
customizable information informing the user what the current security policy
requirements are and what steps have to be taken and whom to contact for
additional assistance with resolving the specific compliance violations.
Finally, the remediation handler also provides a method for reinitiating the
local security compliance scanning process.
5. When the workstation has completed the remediation process and is healthy
again, it will be allowed access to the production network following the next
periodic status query issued by the Cisco enforcement device.
Security compliance criteria
According to the published security policy for desktops, ABBC will institute the
following compliance criteria for Network Admission Control checking:
1. Local workstation password quality must meet the following criteria:
a. Password age must not be older than 90 days.
b. Password minimum length must be eight characters.
2. The Windows Messenger service on user workstations must be disabled.
3. A system must have run a full virus scan during the past 7 days.
4. The antivirus software version must be correct (Symantec Antivirus Version
9.0.3.100).
5. The virus definition file must be up to date, meaning not older then September
29th, 2006.
6. The users’ workstations have to run Windows XP Service Pack 2.
7. There must be specific Microsoft hotfixes (for example, we used KB896423
and KB893756) installed on the workstation.
8. The personal firewall software must be installed and running.
9. The Windows messenger service must not be allowed.
Remediation services
ABBC will deploy and configure the infrastructure to enforce network admission
based on business policy. However, to minimize the impact on users’ productivity
the remediation methodology will utilize automated remediation processes.
It must be noted that the Network Admission Control (NAC) system is not
intended to be a replacement for traditional workstation life cycle management.
As documented in 2.3.2, “Security policy life cycle management” on page 30, we