Cisco Cisco Clean Access 3.5
10-11
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 10 Network Scanning
Configure Vulnerability Handling
Vulnerable if: These
dropdown
controls configure how the Clean Access Manager interprets the scan
result for the plugin. If the client is scanned and the result returned for a plugin matches the
vulnerability configuration, the client will be put in the quarantine role (or blocked). You can
increase or decrease the level of result that triggers a vulnerability and assigns users to the
quarantine role.
vulnerability configuration, the client will be put in the quarantine role (or blocked). You can
increase or decrease the level of result that triggers a vulnerability and assigns users to the
quarantine role.
1.
NEVER = Ignore the report for the plugin. Even if a HOLE, WARN, or INFO result appears on
the report, this plugin is never treated as vulnerability and will never cause the user to be put in
the quarantine role.
the report, this plugin is never treated as vulnerability and will never cause the user to be put in
the quarantine role.
2.
HOLE = If HOLE is the result for this plugin, the client has this vulnerability and will be put
in the quarantine role. A result of WARN or INFO on the report is not considered a vulnerability
for this plugin. In most cases, administrators should select “HOLE” to configure vulnerabilities.
“HOLE” will ignore the other types of information (if any) reported by plugins.
in the quarantine role. A result of WARN or INFO on the report is not considered a vulnerability
for this plugin. In most cases, administrators should select “HOLE” to configure vulnerabilities.
“HOLE” will ignore the other types of information (if any) reported by plugins.
3.
HOLE, WARN (Timeout) = This setting means the following:
A HOLE result for this plugin is considered a vulnerability and the client will be put in the
quarantine role.
quarantine role.
A WARN result for this plugin is considered a vulnerability and the client will be put in the
quarantine role. A WARN result means the plugin scan timed out (due to personal firewalls or
other software) and could not be performed on the machine. Choosing WARN as a vulnerability
will quarantine any client that has a firewall enabled. However, it can also be used as a
precautionary measure to quarantine clients when the results of the scan are not known.
quarantine role. A WARN result means the plugin scan timed out (due to personal firewalls or
other software) and could not be performed on the machine. Choosing WARN as a vulnerability
will quarantine any client that has a firewall enabled. However, it can also be used as a
precautionary measure to quarantine clients when the results of the scan are not known.
An INFO result on the report is not considered a vulnerability for this plugin.
4.
HOLE, WARN, INFO = This setting means the following:
A HOLE result for this plugin means the client has this vulnerability and will be put in the
quarantine role.
quarantine role.
A WARN result for this plugin is considered a vulnerability and the client will be put in the
quarantine role. An WARN result usually indicates a client that has a firewall enabled.
quarantine role. An WARN result usually indicates a client that has a firewall enabled.
An INFO result on the report is considered a vulnerability and the client will be put in the
quarantine role. An INFO result indicates status information such as what services (e.g.
Windows) may running on a port, or NetBIOS information for the machine. Choosing this level
of vulnerability will quarantine any client that returns status information.
quarantine role. An INFO result indicates status information such as what services (e.g.
Windows) may running on a port, or NetBIOS information for the machine. Choosing this level
of vulnerability will quarantine any client that returns status information.
Note
If the plugin does not return INFO results (and there are no HOLE or WARN results), the
client will not be quarantined.
client will not be quarantined.
5.
To edit a plugin, click the Edit button next to the plugin that you want to configure.
6.
The Edit Vulnerabilities form appears.