cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
473
Views
0
Helpful
4
Replies

Poture Validation of anti-virus products

koeppend
Level 4
Level 4

Hi all

I have recently setup set up NAC framework to support dot1x for wireless and wired clients. My ACS appliance is successfully authentication users via eap-fast using personal and machine certs and it successfully posture checks that the users are using the correct CTA client, windows OS with correct patches.

But for the life of me I cannot work out how to set up my ACS NAP posture validation rules to check Symantec's Anti-virus version 10 and check the current dat file.

I have researched to the point where I think I have to upload NAC attributes to ACS appliance but not sure how. Setting up NAP posture rules to check against Cisco or Windows software is not that difficult and was well documented, but how to posture check a 3rd party software application is not well documented.

The url I have been looking at is

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00802335eb.html#wp366304

I'm just not 100% sure I'm on the right track here??

If anyone knows or has info how to setup NAP to posture check against 3rd party vendor software (like Symantec?s anti-virus) , I'd love to read up more about it.

One last question, if I am on the right track here, would I setup a posture validation rule for Symantec by just duplicating the rule I have for checking my CTA client ?

e.g rule

Cisco:PA:PA-NAME = Symantec Anti-Virus

and

Cisco:PA:PA-Version >= X.X.X

and

Cisco:PA:Machine-Posture-State >= 1

Brain bender 

Thanks all

Dale

1 Accepted Solution

Accepted Solutions

"-->Dump Attributes" hasn't worked for me for a while when using IE6\7. However firefox works great..! You might have to use firefox for that.

The ACS definitions that you need to import into ACS should also be on the symantec CD. However use the attached Text file, these are the Symantec definitions exported from my ACS Server. This should help you.

Thanks,

Naman

View solution in original post

4 Replies 4

mnlatif
Level 3
Level 3

Hi,

Have you installed the Symantec NAC Posture Plugin (Symantec Client Security Posture Plug-in

) ? You can find this MSI installer on the Symantec CD. This plugin provides an interface to CTA for checking the status of Symantec AV and its parameters as CTA has no way for directly getting this status from the Symantec Application.

In most cases the Symantec AV attributes are already pre-loaded on the ACS. You can verify this by making sure that you see the System Token named "Symantec:AV".

After completing the above steps then define a posture validation rule using

1. Symantec:AV:Protection-Enabled (Healthy for a value of "1" and Quarantine\etc else.)

2. Symantec:AV:Dat-Version (You will have to manually specify the minimum acceptable version (E.g. 2007.05.1... ) to declare a System Healthy).

You probably will have to keep updating the 2 above to keep the minimum version in line with the latest available. A workaround to this is to use another 3rd party AV which relies on an external AV server to get this version dynamically (E.g. Trend Micro). In this case ACS doesn't make the decision but forwards the credentials to the external AV. Symantec support for NAC is very limited and i don't see that improving considering they have their own NAC solution to market.

Thanks,

Naman

Naman

Thanks for the reply,

I checked to see if the token was present under my posture validation rule set and the only options I had were:

Cisco:PA

Cisco:Host

Cisco:HIP

So it would seem to me that I need to somehow update my ACS server with the correct values.

This was the 'gotch-ya' for me, I was not sure if I was seeing all the correct values and you have re-enforced my conclusions.

Only problem now is I cannot download an attributes dump file from the ACS appliance when I click

System configuration -> NAC Attributes Management -> Dump attributes -> submit

I may have a bug here,?

Dale

"-->Dump Attributes" hasn't worked for me for a while when using IE6\7. However firefox works great..! You might have to use firefox for that.

The ACS definitions that you need to import into ACS should also be on the symantec CD. However use the attached Text file, these are the Symantec definitions exported from my ACS Server. This should help you.

Thanks,

Naman

Interesting, thanks for the info on firefox.

and thank you for the dump file,...this should help.

Thanks again Naman

Dale

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: