Endpoint Admission Defense Help >> User Guide

User Guide to Endpoint Admission Defense

The Endpoint Admission Defense Component (EAD) is the core of the end user admission solution. The User Access Manager (UAM) Component ensures that only authorized users get access to the network, while the EAD provides powerful security management. Working with the iNode client, INC can detect the security status of the PCs accessing the network, and isolate insecure PCs for automatic or manual remediation.

The EAD supports terminal security software control, application control, patch controls, registry entries, and share folders, as well as monitor asset registration status, data traffic and operating system login password. It integrates the management of above items into the security level and security policy management.

 1.Security Software Policy

• Purpose:
  Security Software Policy include anti-virus software, anti-spyware software, firewall software, anti-phishing software, and hard disk encryption software.
  Anti-virus software policy management: Manages anti-virus software policies. An anti-virus software policy instructs the INC and iNode client to check whether the required third-party anti-virus software is installed and running on a user PC, and whether the virus scan engine version and virus definition version meet the requirements, protecting PCs against virus attacks and keeping suspected virus-infected PCs out of the network.
  Anti-spyware software policy management: Manages anti-spyware software policies. An anti-spyware policy instructs the INC and iNode client to check whether the required third-party anti-spyware software is installed and running on a user PC, and whether the anti-spyware software data version and engine version meet the requirements, protecting PCs against attacks.
  Firewall software policy management: Manages firewall software policies. A firewall software policy instructs the INC and iNode client to check whether the required third-party firewall software is installed and running on a user PC, protecting PCs against attacks.
  Anti-phishing software policy management: Manages anti-phishing software policies. An anti-phishing software policy instructs the INC and iNode client to check whether the required third-party anti-phishing software is installed and applied on a user PC, protecting PCs against attacks.
  Hard disk encryption software policy management: Manages hard disk encryption software policies. A hard disk encryption software instructs the INC and iNode client to check whether the required third-party hard disk encryption software is installed on a user PC, protecting data security on the PCs.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Security Software Policy.
  
  
• Key parameters:
  Priority: A terminal security software policy specifies the supported types of software in a list, and the software in the first row has the highest priority. The iNode client checks whether any type of security software in the list is installed on the terminal in the order of priority. If yes, it stops the check and reports the security status of the software to server. Other types of security software in the list, if installed on the terminal, are ignored.

 2.Patch control management

• Purpose:
  Have Windows patches and patching software managed by INC. The PCs without necessary Windows patches or patching software are vulnerable to virus attacks. Windows patch management defines Windows versions and necessary patches for each version to be checked in authentication. A Windows version can contain multiple patches. For example, you can add new patches for Windows XP according to the latest Microsoft patch bulletin. In Linux and Mac OS, the INC EAD checks only the installation and operation status of the patching software, which will check the operating system patches. The INC EAD does not check Linux or Mac OS patches.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Patch Control.
  
  
• Key parameters:
  Patch Name: The name must be consistent with that available in Windows Control Panel > Add/Remove Programs.
  Patch Level: Upon adding a patch, you can set the level to Low, Moderate, Important or Critical. A mapping between patch level and security mode can be created, for example, Critical to Kick Out. Thus a user not having any critical patch installed on the PC will fail the security authentication, and be kicked out.
  

 3.Software control group

• Purpose:
  Have software control groups managed by INC. INC can work with the iNode client to check the software that should or should not be installed or installed only, the processes that should or should not be running, the services that should or should not be started up, the files that should or should not exist on the PCs for compliance. In case of policy-incompliance, one of the following modes is enforced for the user: Monitor, Inform, Isolate, or Kick Out. The installation, running or startup requirements for software/processes/services/files and measures to be taken on the policy-incompliant PCs are specified in the security policy.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Software Control Group.
  
  
• Key parameters:
  Software Name: The name must be consistent with that available in Control Panel > Add/Remove Programs of the Windows.
  Service Name: The service name must be consistent with that specified in the properties in Control Panel > Administrative Tools > Services.
  Process Name: The name must be consistent with process name in the Task Manager of the Windows.
  File Path and Name: The file path and name is the absolute path and name of the file.
  Default Security Mode: Specifies the default security mode to be enforced in case of policy-incompliant software control group. The value you set here is used as the default security mode in adding a security level.

 4.Traffic control management

• Purpose:
  Define traffic controls. The traffic control is to identify the PCs that initiate excessive IP/broadcast traffic, and to enforce the mode from Monitor, Inform, Isolation, Kick Out or Block and Kick Out.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Traffic Control.
  
  
• Key parameters:
  Sampling Interval: The iNode client samples traffic data, and sends statistical reports, on IP traffic and broadcast packets count in the sampling interval, to INC.
  Threshold for IP Traffic Error/Threshold for Severe IP Traffic Error: If the statistical value in a sampling interval exceeds any threshold, the iNode client sends an alarm to INC, which then takes measures accordingly.
  Threshold for Broadcast Traffic Error/Threshold for Severe Broadcast Traffic Error: If the statistical value in a sampling interval exceeds any threshold, the iNode client sends an alarm to INC, which then takes measures accordingly.

 5.Registry control management

• Purpose:
  The INC cooperates with the iNode client to check whether the registry of the user PC is policy-compliant. The system monitors, alerts, isolates, or kicks out the user with the registry being not compliant with the policy. The check requirements of the registry control are set in the security policy.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Registry Control.
  
  
• Key parameters:
  Registry Entry Location: Location of the entry that is to be monitored.
  Default Action for Check Failure: The default action for check failure for the registry control item in the security level.
  

• Precautions:
  The six security levels, Block and Kick Out, Guest, Kick Out, Isolate, Inform and Monitor, are in descending order in severity. If a PC fails several checks, the severest security level applies.

 6.Share control management

• Purpose:
  The INC cooperates with the iNode client to check whether the share folders of the user PC is policy-compliant. The system monitors, alerts, isolates, or kicks out the user with the share folders being not compliant with the policy. The check requirements of the share control are set in the security policy.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Share Control.
  
  
• Key parameters:
  Allow Share: Select this option to allow terminals to share folders.
  Forbid Simple Share: Select this option to forbid terminals to enable simple share. By default, simple share is enabled in an XP operating system. In simple share mode, a terminal allows other terminals to access its shared folders without entering the password. Security of this mode is very low.
  Forbid Default Share: Select this option to forbid terminals to enable default share. By default, a Windows operating system enables default share for all logical disks. For example, to manage disk C of the system, other terminals only need to access \\host name\C$ and provide the administrator username and password. Default share is used to manage an entire disk remotely and also lacks of security.
  

 7.Password control management

• Purpose:
  The INC cooperates with the iNode client to check whether the login password of the user PC is policy-compliant. The system monitors, alerts, isolates, or kicks out the user with the login password being policy-incompliant. The corresponding measures upon check failure are determined by the security level.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Password Control.
  
  
• Key parameters:
  Monitor: The user is allowed into the network, and a security log is generated without alerts for insecure items.
  VIP: The user is allowed into the network, and a security log is generated with alerts for insecure items and remediation methods.
  Isolate: The user is isolated, and a security log is generated with alerts for insecure items and remediation methods.
  Kick Out: The user is kicked out, and a security log is generated with alerts for insecure items and remediation methods.
  Guest: The user is informed and then kicked out, and a security log is generated with alerts for insecure items and remediation methods.
  Block and Kick Out: The system blocks and kicks out noncompliant users, generates security logs for violations, and informs the noncompliant users of the security vulnerability and remediation methods.
  

• Precautions:
  The six security levels, Block and Kick Out, Guest, Kick Out, Isolate, Inform and Monitor, are in descending order in severity. If a PC fails several checks, the severest security level applies.

 8.Security level management

• Purpose:
  Define security levels. A security level is a collection of security modes, deciding the measures to be taken on the incompliant users. In defining a security level, you need to define the security modes to be carried out in case of failures of the anti-virus control check, software use check and software patch check.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Security Level.
  
  
• Key parameters:
  Monitor: The user is allowed into the network, and a security log is generated without alerts for insecure items.
  VIP: The user is allowed into the network, and a security log is generated with alerts for insecure items and remediation methods.
  Isolate: The user is isolated, and a security log is generated with alerts for insecure items and remediation methods.
  Kick Out: The user is kicked out, and a security log is generated with alerts for insecure items and remediation methods.
  Guest: The user is informed and then kicked out, and a security log is generated with alerts for insecure items and remediation methods.
  Block and Kick Out: The system blocks and kicks out noncompliant users, generates security logs for violations, and informs the noncompliant users of the security vulnerability and remediation methods.
  

• Precautions:
  The six security levels, Block and Kick Out, Guest, Kick Out, Isolate, Inform and Monitor, are in descending order in severity. If a PC fails several checks, the severest security level applies.

 9.Security policy management

• Purpose:
  Define security policies. A security policy is a collection of security measures towards end users, including security check, security monitor, system remediation and client message. INC allows you to tailor security policies to different kinds of users.
  
  
• To start configuration:
  Select the User tab, and then in the User Security Policy navigation tree click Security Policy.
  
  
• Key parameters:
  Security Level: Defines the security mode to be enforced in case of each check failure.
  Security ACL/Isolation ACL: Security ACL defines the network resources accessible for users having passed the security authentication. Isolation ACL defines an area accessible for users that are waiting for or fail the security authentication (if the security mode is Isolate). Typically the isolation area only includes the anti-virus/anti-spyware/firewall/anti-phishing/hard disk encryption software servers and patch servers that are deployed for terminal security remediation.

Anti-Virus Software Control: Determines whether the security policy checks anti-virus software.
Anti-Spyware Software Control: Determines whether the security policy checks anti-spyware software.
Firewall Software Control: Determines whether the security policy checks firewall software.
Anti-Phishing Software Control: Determines whether the security policy checks anti-phishing software.
Hard Disk Encryption Software Control: Determines whether the security policy checks hard disk encryption software.
Software Control Group: Specifies which software control group groups are to be checked.
Patch Control: Specifies which patches are to be checked and the IP address of the server for updates.
Registry Control: Determines the registry entries to be checked.
Share Control: Specifies the terminal share policy according to which the security policy checks shared terminals.
Asset Registration Status Check: Specifies whether to check the registration status of assets. The option is available only if the DAM component is installed.
Periodic Check: Specifies which traffic control is to be used and whether to check the operating system passwords.

Related Topics

• Security Software Policy
• Patch Control
• Software Control Group
• Traffic Control Management
• Registry Control Management
• Share Control
• Password Control
• Security Level Management
• Security Policy Management