Enterasys Networks 9034385 User Manual
Page 69
Procedures for Out-of-Band and Inline NAC
Enterasys NAC Design Guide 5-5
•
How health results are processed.
When an assessment is performed on an end‐system, a “health result” is generated. For each
health result, there may be several “health result details.” A health result detail is a result for
an individual test performed during the assessment. Each health result detail is given a score
ranging from 1 to 10, and based on this score, the health result is assigned a risk level.
However, it is possible to override the score with a different value that better aligns the score
with the enterpriseʹs compliance policy. For example, Wireshark is a popular network traffic
analysis application that can be used for both informational and malicious intentions. If IT
operations determines that Wireshark is an application that should not be installed on end‐
systems connecting to the network, a scoring override can be configured to associate a high‐
risk score if Wireshark is detected on an end‐system.
•
Which end‐systems are quarantined.
NAC Manager uses risk levels to determine whether or not an end‐system will be
quarantined. Based on the scores from the health result details, end‐system are classified into
one of four risk levels: high risk, medium risk, low risk, and no risk. Depending on the risk
level to which the end‐system is classified, the end‐system may be quarantined.
Authorization
The NAC configuration also specifies the authorization levels, referred to as “access policies,” that
will be applied to the end‐system, depending on the authentication and assessment results.
•
Accept Policy – the policy that is assigned to compliant end‐systems.
•
Quarantine Policy– the policy that is assigned to noncompliant end‐systems that have failed
assessment.
•
Assessment Policy – the policy that is (optionally) assigned to end‐systems while they are
being assessed.
•
Failsafe Policy – the policy that is assigned to end‐systems when an error occurs in the NAC
process.