Chapter 10 - Endpoint defense

Chapter 10 Endpoint defense.
Basically the Host Checker feature

Host Checker is a client side agent that performs checks by collecting IMC  integrity measurements   then sends thos measurements to the   IMV  which is teh MAG.
It can also check software,signatures, third party DLL certificates or similar.

It is compliant with the TNC trusted network connect.

This works in two ways.
If the device has Junos/OAC  it has IMCs
If the device is java or agentless MAG will send him the IMCs.
The IMCs collect data and send it to the IMV  (MAG)

There are two ways of using it.
One on the Authentication REALM as the device is entering the network.
The second is on the ROLE. so if it does not meet the IMV  it will not be given the role.

Deny or Fix(remediation)

Steps.
Create the Host Checker policies.
Apply the policies to the REALM or the ROLE
specify user access to the hostchecker client
set up loggin.

- authentication >> endpoint security >> host checker
autoupgrade option
and the package to use.
First ivs VIRUS it can check for the signatures of AV software. list is XML
Second is patch , you can get a patchdata.dat
Third you can update the ESAP.   Endpoint security assessment plug-in.

Create the POLICY. of what to check.
Yo uwill specify what happens on every operating system  and what checks will be done on it.
The checks will change based on the operating system
They are rule checks for example. Require latest AV
You can also set up Remediation options if those items are NOT met.
Ports
Process
Files.
Registry keys
MAC
MAchine certificate must have a CN of your domain for example.
Patch Assesment.

You can require ALL of the rules
ANY of the rules
or create rule-set combos.

REMEDIATION
you can offer manual or system.
Manual are instructions
Automatic are killing processes deleting files.
you can also send the reasons to the user.

After the user fails he will be given two options.
Try again or enter without a certain role.

Message
Your connection has failed and the remediation page.

EES is an additional scanning license Enhanced Endpoint security.
It protects against MALWARE and AV.


Setting up the policy on the realm.
user >Authentication Realms >   user_realm
First is source IP
Browse limit
Certificate limit
Pssword limit
host checker resutls

Last is you can apply restrictions based on the host check results
so if they did not pass they only get a limited ROLE>