After you allow users and machines onto the network, you need to ensure that they remain in compliance with the policies that they passed in order to get on the network.
|
The final phase — monitoring — comes into play when you want to make sure that everyone stays compliant.
When NAC monitors your network, it continually watches users and endpoints for updates or changes in their compliance status, as shown in Figure 3-6.
If a user switches off his or her personal firewall or antivirus application, your NAC system should be able to detect that change and react accordingly.
Perhaps your operating-system vendor just rolled out a very high severity patch that corrects a gaping security hole. Your NAC system should allow you to roll out a policy that scans for that patch after IT pushes it to all the managed systems so that you can ensure everyone has accepted and installed the patch.
You can choose from two primary types of monitoring:
Time-based: Scans the system at an administrator-defined interval and makes adjustments when it finds changes
Event-driven: Actively watches the system and reacts immediately to any changes
|
Through one mechanism or another, watch the important policies that you roll out so that you can ensure that your end users and machines stay in compliance throughout their sessions.
When or if the part of your NAC system that does the monitoring detects a change in status, this information should feed directly back into a change in access control or possibly remediation for the endpoint device. At this point, the NAC lifecycle essentially starts over and runs through the first four steps of the lifecycle, ensuring that this process happens not only at the beginning of the session, but also on a continual basis throughout every user's and machine's session on the network.