1.2 NDIS Layer Firewall Protection
In securing mobile devices, ESM is superior to typical personal firewall technologies that operate
only in the application layer or as a firewall-hook driver. ESM client security is integrated into the
Network Driver Interface Specification (NDIS) driver for each network interface card (NIC),
providing security protection from the moment traffic enters the computer. Differences between
ESM and application-layer firewalls and filter drivers are illustrated in
Figure 1-2, "Effectiveness of
an NDIS-Layer Firewall," on page
10.
Effectiveness of an NDIS-Layer Firewall
Figure 1-2
Security decisions and system performance are optimized when security implementations operate at
the lowest appropriate layer of the protocol stack. With the Endpoint Security Client 4.0 , unsolicited
traffic is dropped at the lowest levels of the NDIS driver stack by means of Adaptive Port Blocking
(stateful packet inspection) technology. This approach protects against protocol-based attacks,
including unauthorized port scans, SYN Flood attacks, and others.
It is recommended that you follow all operation and maintenance recommendations in this
document, in order to ensure that the endpoint security environment is protected.
10
ZENworks Endpoint Security Client 4.0 User Guide