IntroductionOverview1-8OverviewNAC 800 protects the network by ensuring that endpoints are free from threatsand in compliance with the organization's IT security standards. NAC 800systematically tests endpoints—with or without the use of a client or agent—for compliance with organizational security policies, quarantining non-com-pliant machines before they damage the network.NAC 800 ensures that the applications and services running on endpoints(such as LAN, RAS, VPN, and WiFi endpoints) are up-to-date and free ofworms, viruses, trojans, P2P and other potentially damaging software. Itdramatically reduces the cost and effort of securing your network's weakestlinks—the endpoints your IT group might not adequately control.There are advantages and disadvantages inherent with each of the test methodtechnologies. Having a choice of testing solutions enables you to maximizethe advantages and minimize the disadvantages.TIP: Agentless testing uses an existing Windows service (RPC). ActiveX testinguses an ActiveX control. ProCurve agent testing installs an agent (ProCurveNAC EI Agent) and runs as a new Windows service.The trade-offs in the test methods are described in the following table:Test method Trade-offsPros ConsAgentless • Truly agentless, no install or download.• No extra memory load on the client machine.• Can begin testing, view test results, and givenetwork access without any end-userinteraction for endpoints on your Windowsdomains.• Easiest of the three test methods to deploy.• Saves administration time and is thereforeless expensive than agent-based solutions.• Requires RPC Service to be available to theNAC 800 server (ports 139 or 445).• Requires file and print sharing to be enabled.• Not supported by legacy Windows™operating systems and non-Windowsoperating systems.• If the endpoint is not on a domain, the usermust specify local credentials. A user oftendoes not know what credentials to enter.Table 1-1. Test Methods
