|52-Patch Check for Access Users-Patch Check for Access Users.rar||3.4 MB|
- Table of Contents
1 Patch Check for Access Users
To view this video, click the download link.
Software Version Used
This video was recorded based on the following versions:
l iMC: iMC PLAT 3.20-E2501, iMC UAM 3.60-E6101, iMC EAD 3.60-E6101
l iNode: iNode 3.60-E6101
Web interfaces of different versions may vary.
Installing updates timely for Windows operating system repairs system defects and effectively protects against various attacks. It becomes a great concern for administrators that how to ensure the latest updates are downloaded and installed in time for enterprise internal users.
Working with Microsoft WSUS, EAD provides the auto patching function. EAD authentication is performed after a user passes identification authentication. The system isolates a terminal PC without necessary updates and, the WSUS automatically patches the PC. After the updating completes, the user can successfully access the network. This function ensures all terminal PCs install the latest updates and eliminates manual updating operation.
Recommended Configuration Flow
To implement patching checking, WSUS configuration is required. For description on how to install and configure WSUS, refer to the related documentation.
This figure describes the recommended configuration flow for patch management.
Step1 Add Access Device
Add an access device that supports AAA to the iMC system, so that the access device acts as the AAA client to cooperate with the iMC system.
Step2 Add Security Level
Configure a security level, and define the actions to be taken when patch checking fails. The actions can be monitor, inform, isolate, or kick out, among which isolate is the most commonly selected.
Step3 Add Security Policy
This step shows how to add a security policy and configure the IP address of WSUS.
Step4 Add Service
A service is a set of policies for user authentication and authorization.
The service configured in this step includes the security policy configured at Step 3.
Step5 Add Account
Each user accessing the network must have an account configured in the iMC. It contains such information as account name and password.
This step shows how to add an account and apply for the service configured at Step 4.
Step6 Configure Policy Server Parameters
At this step, the patch checking interval is configured. Every time a user passes the patch checking, iMC will not perform such checking for the user during this interval. This reduces repeated patch checking and improves the efficiency of EAD authentication.
Step7 Configure Access Device
An access device controls access of users, including restricting users that fail the EAD authentication to access only the isolated area where WSUS server locates.
This step illustrates how to configure a RADIUS scheme, an ISP domain, the 802.1X feature, and security/isolation ACLs on the device.
Step8 Use iNode for Authentication, Patch Checking and Update(Verify Configuration)
This video will show how to verify the patch management function. Use iNode to initiate authentication on a PC where some critical patches are missing. The WSUS finds out what patches are missing and then automatically downloads and installs the necessary ones. At the same time, iMC takes the action configured at Step 2, isolate in this example, against the user. After updates are installed successfully, initiate authentication again. This time, the user passes the patch checking and can access the network.