wrt "Network Endpoint Assessment"

Alexander Klimov alserkli at inbox.ru
Thu Jun 21 09:32:50 EDT 2007


Hi.

On Wed, 20 Jun 2007 Jeff.Hodges at KingsMountain.com wrote:
> Network Endpoint Assessment (NEA): Overview and Requirements
> <http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt>
> [...]
>     NEA technology may be used for several purposes.  One use is to
>     facilitate endpoint compliance checking against an
>     organization's security policy when an endpoint connects to the
>     network.  Organizations often require endpoints to run an IT-
>     specified OS configuration and have certain security
>     applications enabled, e.g. anti-virus software, host intrusion
>     detection/prevention systems, personal firewalls, and patch
>     management software.  An endpoint that is not compliant with IT
>     policy may be vulnerable to a number of known threats that might
>     exist on the network.

I wonder what stops a trojan to disable an antivirus, but screw
the reporting system up so that it pretends that the antivirus
is still active?

-- 
Regards,
ASK

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list