EAP-TNC SoH Health Attributes

Francois Gaudreault fgaudreault at inverse.ca
Wed Dec 7 10:31:06 EST 2011


>> What kind of use case do you have in mind for SoH? It looks pretty
>> Microsoft specific to me and it is somewhat difficult to see good
>> justification for extending the minimal SoH implementation when rest of
>> TNC have much less OS dependent and restricted design..
On educational environments, we are seeing growing demands for SoH.  
Endpoints that are not compliant with the "policy" are not allowed in.  
It's working OK with Microsoft, but what you do for those having Linux 
workstations?  This situation might be rare for large business, but in 
universities or college, a lot of people prefer MacOSX/Linux over 
Microsoft.  And you want to enforce the policy on Linux/MacOS as well.

I know it is a Microsoft thing, but I believe Linux too has a firewall 
(iptables), can have anti-spyware/anti-virus installed (clamav), etc.  I 
believe we could in some way be able to write code to grab the state of 
those software, and populate the proper attributes just the way 
Microsoft do it with its dll.

-- 
Francois Gaudreault, ing. jr
fgaudreault at inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)



More information about the HostAP mailing list