3Com Router 3000 Ethernet FamilyConfiguration Guide Chapter 4 EAD Configuration3Com Corporation4-1Chapter 4 EAD Configuration4.1 Introduction to EADOn an enterprise network that implements host-level attack defense, every user has toinstall antivirus software, kill virus, and update virus database themselves. This is bothinefficient and not good for integrated management. In addition, it may expose thenetwork to security hazards, for example, when a user fails to patch or upgradesoftware.Endpoint admission defense (EAD) is an attack defense solution developed based onHuawei comprehensive access management server (CAMS) system. Different fromtraditional defense ideas, it centralizes security policy deployment, and controlsendpoint admission by evaluating the security compliance of endpoints anddynamically controlling their access rights. This enhances the active defense ability ofendpoints, and prevents virus and worms from spreading on the network.EAD requires the cooperation between security client, antivirus client, securitycooperation device (such as a router), portal server, and third-party server (such aspatch server and antivirus server). It provides the following functions:z Check the security compliance and defense ability of endpoints, ensuring that theoperating system (OS) has been patched, antivirus software and virus databasehave been updated, and no virus is present. An endpoint can access the networkonly when it is compliant with the security policy of the enterprise. In conjunctionwith identity authentication techniques, EAD ensures that only those legitimateand trusted endpoints can access the network.z Isolate “dangerous” and “vulnerable” endpoints. EAD achieves this by grantingonly limited access rights to endpoints incompliant with the security policy of theenterprise. For example, you may allow infected endpoints and endpoints whosesystem patches and virus databases are not up to date to access only antivirusserver, patch server, and the like for system repair.z Forcibly repair system patches and upgrade antivirus software. After an endpointis isolated, EAD can automatically remind the user to update software patch/virusdatabase, or update software automatically in conjunction with the antivirus orpatch server so that the endpoint can meet the security policy.