wrt "Network Endpoint Assessment"

Alexander Klimov alserkli at inbox.ru
Thu Jun 21 09:32:50 EDT 2007


On Wed, 20 Jun 2007 Jeff.Hodges at KingsMountain.com wrote:
> Network Endpoint Assessment (NEA): Overview and Requirements
> <http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt>
> [...]
>     NEA technology may be used for several purposes.  One use is to
>     facilitate endpoint compliance checking against an
>     organization's security policy when an endpoint connects to the
>     network.  Organizations often require endpoints to run an IT-
>     specified OS configuration and have certain security
>     applications enabled, e.g. anti-virus software, host intrusion
>     detection/prevention systems, personal firewalls, and patch
>     management software.  An endpoint that is not compliant with IT
>     policy may be vulnerable to a number of known threats that might
>     exist on the network.

I wonder what stops a trojan to disable an antivirus, but screw
the reporting system up so that it pretends that the antivirus
is still active?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list