Chapter 4 Ead Configuration; Introduction To Ead - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

Chapter 4 EAD Configuration

4.1 Introduction to EAD

On an enterprise network that implements host-level attack defense, every user has to
install antivirus software, kill virus, and update virus database themselves. This is both
inefficient and not good for integrated management. In addition, it may expose the
network to security hazards, for example, when a user fails to patch or upgrade
software.
Endpoint admission defense (EAD) is an attack defense solution developed based on
Huawei comprehensive access management server (CAMS) system. Different from
traditional defense ideas, it centralizes security policy deployment, and controls
endpoint admission by evaluating the security compliance of endpoints and
dynamically controlling their access rights. This enhances the active defense ability of
endpoints, and prevents virus and worms from spreading on the network.
EAD requires the cooperation between security client, antivirus client, security
cooperation device (such as a router), portal server, and third-party server (such as
patch server and antivirus server). It provides the following functions:
Check the security compliance and defense ability of endpoints, ensuring that the
operating system (OS) has been patched, antivirus software and virus database
have been updated, and no virus is present. An endpoint can access the network
only when it is compliant with the security policy of the enterprise. In conjunction
with identity authentication techniques, EAD ensures that only those legitimate
and trusted endpoints can access the network.
Isolate "dangerous" and "vulnerable" endpoints. EAD achieves this by granting
only limited access rights to endpoints incompliant with the security policy of the
enterprise. For example, you may allow infected endpoints and endpoints whose
system patches and virus databases are not up to date to access only antivirus
server, patch server, and the like for system repair.
Forcibly repair system patches and upgrade antivirus software. After an endpoint
is isolated, EAD can automatically remind the user to update software patch/virus
database, or update software automatically in conjunction with the antivirus or
patch server so that the endpoint can meet the security policy.
3Com Corporation
4-1
Chapter 4 EAD Configuration