Security

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!

Those are more administrative requirements/settings than something that the posture validation would be looking at.  What purpose is there for checking on these items in posture evaluation prove?

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!

Thank you for your response @chulcher

If looking from security value for a bank environment

• misconfigured DNS can redirect traffic to phishing/malware sites
• NTP is critical for event correlation
• Secure Boot/TPM check to ensure endpoints are installed with golden image

For this we are trying to add new checks along with exiting checks (AV, Windows Hotfixes)

Those are more administrative requirements/settings than something that the posture validation would be looking at.  What purpose is there for checking on these items in posture evaluation prove?

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!

Thank you for your response @chulcher

If looking from security value for a bank environment

• misconfigured DNS can redirect traffic to phishing/malware sites
• NTP is critical for event correlation
• Secure Boot/TPM check to ensure endpoints are installed with golden image

For this we are trying to add new checks along with exiting checks (AV, Windows Hotfixes)

Those are more administrative requirements/settings than something that the posture validation would be looking at.  What purpose is there for checking on these items in posture evaluation prove?

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!

You could have a look at Custom scripts for Onguard, which allow you to run basically any check you can think of as long as you know how to check in a script.

Thank you for your response @chulcher

If looking from security value for a bank environment

• misconfigured DNS can redirect traffic to phishing/malware sites
• NTP is critical for event correlation
• Secure Boot/TPM check to ensure endpoints are installed with golden image

For this we are trying to add new checks along with exiting checks (AV, Windows Hotfixes)

Those are more administrative requirements/settings than something that the posture validation would be looking at.  What purpose is there for checking on these items in posture evaluation prove?

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!

@Herman Robers

Thank you for your insight. One doubt, I would like to ask if adding more checks will degrade ClearPass Performance for an environment like financial institution.

You could have a look at Custom scripts for Onguard, which allow you to run basically any check you can think of as long as you know how to check in a script.

Thank you for your response @chulcher

If looking from security value for a bank environment

• misconfigured DNS can redirect traffic to phishing/malware sites
• NTP is critical for event correlation
• Secure Boot/TPM check to ensure endpoints are installed with golden image

For this we are trying to add new checks along with exiting checks (AV, Windows Hotfixes)

Those are more administrative requirements/settings than something that the posture validation would be looking at.  What purpose is there for checking on these items in posture evaluation prove?

Hello All

We are planning to add more posture checks in our existing ClearPass Universal SHV plugin for Windows 10 & Windows 11 desktops.

Few checks that are in consideration to be added:

1. NTP/DNS: Clock drift < 2 min
2. Local admin disabled, no extra admin accounts
3. UEFI secure boot enabled; TPM 2.0 owned

Need guidance on how could we configure this in OnGuard Posture plugin from the list of available health checks

Thank you..!