Managing 802.1X NAC compliance security

Once you've set up LANDesk 802.1X NAC support and defined your compliance security policy, you can use the subsequent ongoing compliance security management tasks described in this section.

Read this section to learn about:

Making sure LANDesk 802.1X NAC support is enabled on your network

LANDesk 802.1X NAC support is enabled when all of the following conditions exist:

Defining your own desired level of compliance security

If all of the conditions listed above are met, LANDesk 802.1X NAC support is running on your network.

NOTE: Remember that the LANDesk 802.1X NAC tool is designed to support and extend the security of an existing 802.1X Radius server implementation on your network. LANDesk 802.1X NAC support adds authentication and compliance capabilities to basic 802.1X access control functionality.

Of course, there is flexibility built in to the service and you can customize how NAC handles devices with options such as the Exclusion List and Allow Everyone On. You can also control the level of security by how many and exactly which security content definitions you place in the Compliance group, as well as the number of hours you specify before a compliance security scan runs automatically on connected devices.

By adjusting these options and policy criteria, you can define very strict, complex security policies or simple, lenient security policies, or any level in between. In other words, you have the ability to customize the degree of difficulty, or ease, with which a connecting device can comply with the security criteria you specify.

Most importantly, you can change the nature of your compliance security policy at any time in order to meet constantly changing circumstances and requirements. Just remember that any time you change your compliance security criteria (for example, the contents of the Compliance group in Patch and Compliance), you need to republish NAC settings to your posture validation servers and remediation servers. For information, see Publishing NAC settings.

Modifying and updating compliance security policies

You can modify and update your compliance security policy at any time.

You do this by changing the content of the Compliance group in the Patch and Compliance tool.

You then must republish the NAC content to posture validation servers and remediation servers. Remember that publishing NAC content sends NAC settings and compliance rules to posture validation servers and any associated patches to remediation servers, while publishing Infrastructure files sends setup and support files (including the security client scanner, trust agent installs, and HTML template pages to remediation servers). (NOTE: Typically, the Infrastructure files only need to be published once to remediation servers. Unlike the NAC content, you don't need to republish these files every time you change the compliance security policy.)

For information, see Defining compliance security criteria in the Patch and Compliance tool.

Viewing non-compliant devices

You can see which devices have been postured and are found to be unhealthy or non-compliant.

To view non-compliant devices
  1. In the Patch and Compliance tool, click the Computers out of compliance toolbar button. Or, right-click the Compliance group, and then click Affected computers.
  2. A dialog appears that lists non-compliant devices.
  3. Select a device in the list to view the security definitions with which the device is vulnerable or out of compliance.