Symantec Security Expressions Server User Manual

SecurityExpressions Server User Guide

50

Enabling slow link detection might extend processing time.

Trace Route Information

Trace route is a TCP/IP utility that allows the user to determine the route that packets are taking

to a particular host. Your notifications can include a trace route if you select this optional setting,

Make trace route information available to notifications. Determining trace route
information may be slow.

Network Admissions Control

The Network Admissions Control section of the Network page enables Cisco Network Admissions

Control (NAC) to work with the server software. NAC allows network access only to trusted end-

point devices that can verify their compliance to network security policies. It can permit, deny or

restrict network access to any device as well as quarantine and remediate non-compliant devices.

The server software communicates with NAC through Cisco Secure Access Control Server (ACS).

ACS uses the server software as its External Posture Validation Audit Server. External Posture
Validation Audit Server sends

posture

tokens

to ACS that indicate the audit status of systems.

Using that information, NAC can determine whether or not these systems are in compliance.

The server software frequently checks target systems to keep the posture tokens updated. The

possible posture tokens are:

• Healthy - The system had a posture result of Pass when checked.

• Quarantined - The system had a posture result of Fail when checked.

• Transition - The system was in the middle of an audit when checked.

• Unknown - The server software does not recognize the system, cannot connect to the

system or lost connectivity during the last audit.

To configure the server software to work with NAC, select settings in the following categories.

Unmanaged Systems

An unmanaged system is a system on the network that the server software does not recognize or
cannot connect to.

Initial Token

Sends the posture token you select to ACS if the server cannot connect to a system.

Token After Self Audit

Sends the posture token you select to ACS if a quarantined system fails a self-service audit.

Cache Validity Duration

Select how long a posture token of Healthy should remain valid. This is a way to control how

often the server software verifies that an unmanaged system is still in compliance with

network security policies after it receives a Healthy posture token. If you select Forever, the

system's Healthy token will never expire.

Managed Systems