Overview; About Rules - ADTRAN BlueSecure Controller Setup And Administration Manual

Appendix C: Endpoint Scanning

Overview

A "trusted end-point" refers to a client device that has been verified to be free of worm or
virus infection and confirmed to be running virus detection software or firewall software to
protect it against future attacks or infections. Increasingly, as a matter of policy, network
administrators will allow only trusted end-points onto their networks.
Version 6.4 (and later) of the Bluesocket BSC system software fully integrates BlueProtect.
BlueProtect requires no pre-installed software on endpoint computers, other than a
supported web browser. Network administrators can first use the BlueProtect functionality
to verify that a user attempting to access their network is doing so from a trusted end-point
and then use the standard Bluesocket BSC functionality to provide the proper network
access and policy management based on the user's credentials.
Once you have configured the BlueProtect settings as described in this chapter, a web-
based user login will proceed as follows:
The user logs in via the user login page as normal.
1.
The BSC authenticates the user into a role.
2.
Based on the settings configured for the user's role, the user may be redirected to the
3.
BlueProtect scan page and his or her device is scanned.
The user is redirected to the scan page until his or her device passes the scan.
4.

About Rules

BlueProtect supports the following types of rules, which are used to specify conditions,
action, and remediation resources:
Firewall rules Firewall rules specify the following:
• Which firewalls you require endpoint users to have (Integrity client or ZoneAlarm,
CA, BlackICE, Outpost, Norton, Kerio, WindowsXP, or McAfee).
• Which action BlueProtect will take if endpoint users don't have the firewall.
• What information and resources will be available to users to help them get the
firewall.
Anti-virus Rules Anti-virus rules specify which anti-virus applications endpoint computers must have to gain
access to your network. For your convenience, anti-virus enforcement rules are pre-
configured with supported anti-virus providers: Agnitum Ltd., AhnLab Inc., America
Online Inc., Anonymizer Inc., Authentium Inc., AVG Technologies, Bell, BellSouth,
BellSouth Internet Security Anti-Spyware, Sécurité Internet d'affaires Anti-espion, Check
Point Inc, Computer Associates International Inc., EarthLink Inc., F-Secure Corp.,
FaceTime Communications Inc., Grisoft Inc., iS3 Inc., Javacool Software LLC, Kingsoft
Corp., Lavasoft Inc., McAfee Inc., MicroSmarts LLC, Microsoft Corp., Omniquad, Panda
Software, PC Tools Software, Prevx Ltd., Radialpoint Inc., Safer Networking Ltd., Sereniti
Inc., SOFTWIN, Sunbelt Software, Symantec Corp., Trend Micro Inc., VCOM, Verizon,
Webroot Software Inc., Yahoo! Inc., Zone Labs LLC.
Anti-Spyware Anti-virus rules specify which anti-virus applications endpoint computers must have to gain
Rules access to your network. For your convenience, anti-virus enforcement rules are pre-
configured with supported anti-virus providers.
Registry BlueProtect can now scan the registry for keys. When entering the registry entry, you
Checking must include the entire path and the key (separated by a backslash). The system then
Support translates it. For example, if you enter the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Install Check\IE40
The system will look for the registry folder/path:
C-2