Remediation process – IBM Tivoli and Cisco User Manual
Page 43
Chapter 2. Architecting the solution
25
This requirement can be fulfilled by providing each user with a unique identity
and verifying it even before the posture condition of a client is checked. This
process was standarized with the IEEE 802.1x protocol, and IBM provides the
solution to facilitate it. IBM Tivoli Identity Manager delivers a flexible provisioning
engine to create and manage user accounts on the Secure Access Control
Server. For more information, contact your IBM representative.
Remediation process
The
remediation process
, either HTML-assisted or automated, is an integral part
of the IBM Integrated Security Solution for Cisco Networks. The role of this
process is to provide the noncompliant client with a means to become compliant
again and thus providing access to the network.
The remediation process is facilitated by the following components:
Remediation handler
The
remediation handler
initiates the remediation process. It receives the list
of noncompliant settings from the compliance client, then asks the
remediation server to provide the new software or the correct settings as
required by the security policy. In the presented solution, each compliance
check performed by the compliance agent is associated with a related
remediation object
that is capable of correcting the client posture if it is not
compliant.
Remediation server
The
remediation server
provides the approved compliant settings templates
for the clients. It listens to the clients’ requests and responds to them. The
response may include a number of elements, for example:
– Installing the software package on the client
– Starting or stopping a service on the client
– Changing software settings on the client
Remediation object
The
remediation object
includes the required software and scripts required for
the client to become compliant again. For example, the object for recovering
from an outdated virus definition file would include the new virus definition file
and would automatically install it.
Depending on the conditions and security policy requirements, objects can be
more or less complex.