|
|
|
|
|
|
Extentrix EPA Scans Enterprise
Edition |
The Extentrix EPA Scans Enterprise Edition for Citrix Access Gateway (CAG) Enterprise provides an administrator with the means to ensure that client endpoints connecting to a network are doing so in a safe and secure manner. When the client attempts to connect it is scanned based on rules created by the administrator that are designed to enforce security requirements. Each rule is made up of one or more scans.
The product comes with an easy to use MMC-based management console that enables you to create scans and rules and upload them directly from the same console to your CAG appliance. It is not only allows you to create Extentrix scans but also native Citrix scans as well. This console also allows you to upload the client engine dll to applicable appliances.
The client component contains a powerful engine that provides numerous scans to verify that the endpoint client meets organizational security policies before allowing access.
The client engine can:
-
Scan for
the presence of more than
1034 Anti-Virus, Firewall,
Anti-Spyware and
Anti-Phishing.
-
Execute
10 scans that check for the
existence of an SSL
certificate, MAC address,
type of connection, type of
console and much more.
-
Unique
Windows Security Center (WSC)
Scan that complements
existing anti-virus,
anti-spyware and personal
firewall scans and ensures
that an endpoint device is
protected even if the scans
are not directly supported
by Extentrix
-
Domain
SID scan verifies that a
user is a member of a domain
using the domain SID. The engine has been verified with PCs running operating systems that are currently supported by Microsoft including XP 32 and 64 bit, Vista 32 and 64 bit as well as Windows® 7 32 and 64 bit.
Some Security Scan examples include:
|
|
1. |
CLIENT CERTIFICATE SCAN
|
| |
The Client Certificate Scan enables an administrator to scan an endpoint device to ensure that a specific certificate (or set of certificates) has been installed to the device prior to allowing access, thus ensuring that the device is connecting in a secure manner.
|
|
2. |
CLIENT REGISTRATION SCAN |
| |
This scan is used to grant access providing the user agrees to a nondisclosure agreement. Access to the corporate resources can be allowed for a certain number of days. This period of time can be renewed as the administrator determines. For example, the administrator may allow a user to UAT test an application for 5 days, after which access will be denied.
|
|
3. |
PROMPT USER SCAN |
| |
Scan empowers administrators with the ability to ask the user question and dependent upon the response access is allowed to the corporate resource. The administrator can determine the type of dialog/question: Yes/No or Ok/Cancel.
|
|
4. |
COMPUTER MAP CHECK SCAN |
| |
Scans the endpoint device, gets its name, and maps the computer name to one of the allowed groups –if any – where as the scan output reflects the mapping result. If the result shows that the computer map belongs to the group specified by the IT administrator, the user will be granted access to the corporate resource. Otherwise, access will be denied. This type of scan will protect critical data and resources on corporate servers from misuse by undesired users.
|
|
5. |
CONNECTION TYPE SCAN |
| |
Determines the connection type and speed of the endpoint device. Based on this information the administrator will determine the appropriate action to take. For example, and due to security reasons, the administrator may be required to grant clients who are connecting to the corporate resource using a wireless connection a restricted level of access.
|
|
6. |
SUBNET DETECTION SCAN |
| |
Based on subnet information, the administrator can determine if the client is connected to the corporate network or to a remote network, allowing the ability to grant or deny the access to the corporate resource. The administrators may want to make sure that the client accessing the system resources is using his/her own machine at work. Using this scan, the administrator can identify the IP address and the subnet masks of the machine.
|
|
7. |
MAC ADDRESS SCAN |
| |
Detects the media access control (MAC) address for each network interface card (NIC) or network adapter on the client device and compares the address against a data set containing the list of valid MAC addresses. This scan requires a data set listing valid MAC addresses.
|
|
8. |
CONSOLE DETECTION SCAN |
| |
Extentrix Console Detection Scan determines if the user is connecting remotely to the Endpoint Device. The Scan can indicate if the user is using the actual physical Endpoint PC or is using it by well known remote control software (RDP, ICA, and RealVNC).
|
|
9. |
SCREEN SAVER SCAN |
| |
IT administrators may require that the clients accessing their resources have screen savers configured on their machines for security purposes. This scan allows the administrator to scan the endpoint device and check for the presence of the Screen Saver and whether it is password protected or not.
|
|
10. |
WORKING HOURS SCAN |
| |
The Scan gives an administrator the ability to allow users access to company resources at predefined Working Hours, so Administrator can predefine working hour (12:15 – 23:55), if a user connects to the corporate resource during this time then the access will be accepted, but if he/she tries to connect in any invalid time, a warning message appears and access will be denied.
|
|
11. |
SMART DETECTORS SCAN |
| |
Check the client machine
for more than 1034
of
most used
antivirus,
Firewall,
Anti-spyware and Anti-phishing
if
they are
installed, up to date
and running.
To
see the list of
supported antivirus,
antispyware, firewall and Anti-phishing, please
Click Here.
|
|
|
|
