Alexander Klimov
Thu, 21 Jun 2007 09:31:21 -0700
Hi. On Wed, 20 Jun 2007 [EMAIL PROTECTED] wrote: > Network Endpoint Assessment (NEA): Overview and Requirements > <http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt> > [...] > NEA technology may be used for several purposes. One use is to > facilitate endpoint compliance checking against an > organization's security policy when an endpoint connects to the > network. Organizations often require endpoints to run an IT- > specified OS configuration and have certain security > applications enabled, e.g. anti-virus software, host intrusion > detection/prevention systems, personal firewalls, and patch > management software. An endpoint that is not compliant with IT > policy may be vulnerable to a number of known threats that might > exist on the network. I wonder what stops a trojan to disable an antivirus, but screw the reporting system up so that it pretends that the antivirus is still active? -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]