2.3. Communicating the Security Posture of the Device
Once the NAC/NAP solution has the appropriate policy so that it knows what security components to analyze and actually performs that analysis, the security state of the device must be communicated. This communication can go to:
Another NAC/NAP-specific software component
A third-party software component
A component external from the device itself (such as a server or piece of hardware)
Keep in mind that the first two points have to do with NAC/NAP-related software running on an individual machine. The third component has to do with the NAC/NAP software on the machine communicating outside of the device itself.
Whatever the component, the intention is the same. The state of the security posture has been determined, and another component (or components) must know about it. The type of NAC/NAP that you are utilizing, as well as how you are using it, will determine which of these methods will be used.
This communication must take place so that the other NAC/NAP components know what action to take based upon the compliance state of the device. If a network device is going to restrict where on the network a device can go because it's noncompliant, that network device first must know if the device is compliant or not. This is simply done via communication.
2.3.1. Communicating with NAC/NAP-Specific Software Components
It is common for NAC/NAP solutions to have multiple components in the solution as a whole. Going back to the car example, ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.