2.5. Remediating the Security Deficiency

This is one of my favorite parts of NAC solutions. As you're probably getting tired of hearing already, the goal is to get people productive and have them be secure, not just locking people out. Because of this, it is important for NAC solutions to be able to fix the problems.

You will find that many NAC/NAP vendors skirt around the issues when it comes to the remediation portion of the solution. That is because many NAC/NAP solutions simply do not offer a component that will fix the discrepancies. Some do offer integration with leading patching solutions and other third-party systems, though some simply won't do anything to the device.

In my opinion, giving the end user a link to a web site where the user can fix the deficiency is ridiculous, although some solutions will do this. This takes the responsibility and control out of the hands of IT and places it on the end user. While this may sound good to some IT departments, it's really irresponsible. The end users' job is to do their job, not to learn how to install patches.

2.5.1. Remediation Actions

Remediation actions can take place via the NAC solution itself, or they can come from separate third-party remediation services, such as Tivoli, System Management Server (SMS), and so on. Here are some common means to remediate security deficiencies within NAC solutions:

  • Push down operating system patches

  • Push down Microsoft Office patches

  • Push down Internet Explorer and other browser patches ...

Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.