wrt "Network Endpoint Assessment"
Alexander Klimov
alserkli at inbox.ru
Thu Jun 21 09:32:50 EDT 2007
Hi.
On Wed, 20 Jun 2007 Jeff.Hodges at KingsMountain.com wrote:
> Network Endpoint Assessment (NEA): Overview and Requirements
> <http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt>
> [...]
> NEA technology may be used for several purposes. One use is to
> facilitate endpoint compliance checking against an
> organization's security policy when an endpoint connects to the
> network. Organizations often require endpoints to run an IT-
> specified OS configuration and have certain security
> applications enabled, e.g. anti-virus software, host intrusion
> detection/prevention systems, personal firewalls, and patch
> management software. An endpoint that is not compliant with IT
> policy may be vulnerable to a number of known threats that might
> exist on the network.
I wonder what stops a trojan to disable an antivirus, but screw
the reporting system up so that it pretends that the antivirus
is still active?
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list