Filter
Top Products
116 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
See 8.4, “Building the remediation workflows” on page 417, for information about
the creation of the workflows for the IBM Integrated Security Solution for Cisco
Networks.
Remediation handler HTML pages
The remediation process does not link back to a central policy as do the security
compliance posture and the Access Control Server posture token and access
control list. The compliance client provides a way to display HTML-based
information to the user. This mechanism relies on locally based HTML content
staged in specific client directories. When presented to the user, the user in turn
can personally resolve the noncompliance issue with this information, or call the
automated remediation if needed. However, it must be noted that managing the
remediation help files is a
process that includes these steps:
1. Understanding the policy posture compliance criteria.
2. Creating the informational HTML pages used by the compliance client to
display detailed information to the user. For more information refer to
Chapter 8, “Remediation subsystem implementation” on page 355.
3. Distributing the HTML pages to the client systems.
At the time of writing this book, there is no Security Compliance Manager in-band
mechanism for distributing the HTML pages. Therefore the security administrator
must rely on other mechanisms for both the initial distribution of the HTML pages
and future updates. As a best practice, the HTML pages should be incorporated
into the standard gold-disk images for new client workstations being deployed. In
the absence of an automatic remediation subsystem, any HTML page updates
must be distributed using an out-of-band tool or process. However, with the
addition of the automatic remediation subsystem a distribution workflow can be
put in place to update the HTML pages as necessary (this exercise is left for the
reader.)
You can also bundle updated HTML pages into the policy collector JAR file. If
you do this, they can be deployed automatically with a new or updated policy.
5.3.2 Physical components
Referencing Figure 5-3 on page 102, note that the solution is comprised of three
major subsystems: the compliance subsystem, the Network Admission Control
subsystem, and the remediation subsystem. In this section we delve further into
the various physical components comprising each of the these subsystems.