9.3. Help! My Machine Is Infected!

When endpoint security scans reveal that machines are out of compliance with security policies, you can deal with the issue in several ways:

  • Device remediation: Includes any process that's designed to correct the issue on the machine before allowing that machine full network access

  • Device quarantine: Describes processes that restrict access to the network — either wholly or partially — for either the duration of the session or until the machine corrects the issue

NOTE

Most NAC solutions offer some form of remediation, as well as some form of quarantine.

9.3.1. Remediate

Remediation comes in two flavors:

  • Automatic remediation: A NAC system's ability to repair or correct issues identified on an endpoint machine without end-user intervention

    Common types of automatic remediation include

    • Enabling a personal firewall

    • Updating an antivirus application

    • Applying operating system or application patches to an endpoint system

    When a NAC system uses these schemes, the system automatically fixes a machine when it's out of compliance, instead of burdening the end user with instructions about how to solve system issues.

  • Manual remediation: Puts the task of correcting machine deficiencies in the hands of the end user.

    Although a successful NAC implementation should remove the end user from as much interaction as possible, you sometimes can't avoid it. In these cases, NAC vendors generally provide the tools necessary to make this task an easy one for end users. For ...

Get Network Access Control For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.