14.3. Extending NAC on the Endpoint
NAC solutions are quickly driving towards a more complete integration across the entire network. The preceding sections focus on extending NAC into the traditional network and security infrastructure. But extending NAC to the endpoint also has some merits because all NAC solutions provide some form of endpoint integrity inspection by scanning endpoint devices to ensure that the appropriate antivirus, personal firewall, anti-malware, and other standard endpoint security suites are installed and running. Although most enterprises can meet all of their endpoint integrity needs by using this kind of inspection, you might have more specialized needs.
Client-side open standards and APIs allow the NAC vendor's endpoint integrity agents to fully scan the endpoint machine for endpoint software and posture assessment that the NAC solution from your vendor might not natively include. For example, although your NAC vendor might provide a native ability to scan for and remediate missing operating-system patches, your team might have already spent considerable time and money on your own chosen patch remediation solution. By using APIs (including the Trusted Computing Group's Trusted Network Connect and Microsoft's NAP SHA/SHV APIs), you can work with your patch vendor or on your own to successfully create scans that are fully integrated into the capabilities of the NAC endpoint-integrity inspection engine.
By extending NAC on the endpoint, you create a native ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.