Security level, security mode, and device action, Isolation mode – H3C Technologies H3C Intelligent Management Center User Manual
Page 33
17
Security level, security mode, and device action
A security level for smart devices contains check items and their respective security modes and device
actions. Security modes define actions to take in response to non-compliant users. Device actions are
taken on any smart devices used by non-compliant users.
EAD supports the following security modes in descending order of severity:
•
Kick Out—The EAD server works with the UAM server to log off non-compliant users and generates
security logs for violations.
•
Isolate—The EAD server isolates non-compliant users in a restricted area, informs the users of the
security vulnerability and remediation methods, and generates security logs for violations.
•
No Action—The EAD server only generates security logs for violations.
EAD supports the following device actions in descending order of severity:
•
Wipe Data—The EAD server works with the MDM server to wipe all data and restore factory
settings on the smart device, and generates security logs for violations.
•
Wipe Corporation Data—The EAD server works with the MDM server to wipe the corporation data
on the smart device and generates security logs for violations.
•
Lock—The EAD server works with the MDM server to lock the smart device and generates security
logs for violations.
When a smart device fails the security check, EAD immediately takes the configured actions for the
non-compliant user and smart device, regardless of the Action After parameter setting.
Isolation mode
Smart device user isolation is implemented based on ACLs or VLANs, which are deployed to the access
device.
ACLs and VLANs can be defined for network security or for isolation.
•
Security ACLs and VLANs define the accessible areas for users who pass the security check.
•
Isolation ACLs and VLANs define the quarantine areas for users who fail the security check to fix
security vulnerabilities.
EAD provides several isolation modes for smart devices, as shown in
.
Table 8 Smart device isolation modes
Isolation mode
Description
Remarks
Deploy ACLs to access device
The EAD server deploys security and isolation
ACLs to the access device for users' access
control.
The mechanism for processing ACLs depends
on the device vendor and model.
The access device must
support the ACL deployment
feature.
Deploy VLANs to access
device
The EAD server deploys security and isolation
VLANs to the access device for users' access
control.
The mechanism for processing VLANs
depends on the device vendor and model.
The access device must
support the VLAN deployment
feature.