9.3. Help! My Machine Is Infected!
When endpoint security scans reveal that machines are out of compliance with security policies, you can deal with the issue in several ways:
Device remediation: Includes any process that's designed to correct the issue on the machine before allowing that machine full network access
Device quarantine: Describes processes that restrict access to the network — either wholly or partially — for either the duration of the session or until the machine corrects the issue
NOTE
Most NAC solutions offer some form of remediation, as well as some form of quarantine.
9.3.1. Remediate
Remediation comes in two flavors:
Automatic remediation: A NAC system's ability to repair or correct issues identified on an endpoint machine without end-user intervention
Common types of automatic remediation include
Enabling a personal firewall
Updating an antivirus application
Applying operating system or application patches to an endpoint system
When a NAC system uses these schemes, the system automatically fixes a machine when it's out of compliance, instead of burdening the end user with instructions about how to solve system issues.
Manual remediation: Puts the task of correcting machine deficiencies in the hands of the end user.
Although a successful NAC implementation should remove the end user from as much interaction as possible, you sometimes can't avoid it. In these cases, NAC vendors generally provide the tools necessary to make this task an easy one for end users. For ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
