|
1. |
CLIENT CERTIFICATE SCAN
|
| |
The Client Certificate Scan enables an administrator to scan an endpoint device to ensure that a specific certificate (or set of certificates) has been installed to the device prior to allowing access, thus ensuring that the device is connecting in a secure manner.
|
|
2. |
CLIENT REGISTRATION SCAN |
| |
This scan is used to grant access providing the user agrees to a nondisclosure agreement. Access to the corporate resources can be allowed for a certain number of days. This period of time can be renewed as the administrator determines. For example, the administrator may allow a user to UAT test an application for 5 days, after which access will be denied.
|
|
3. |
PROMPT USER SCAN |
| |
Scan empowers administrators with the ability to ask the user question and dependent upon the response access is allowed to the corporate resource. The administrator can determine the type of dialog/question: Yes/No or Ok/Cancel.
|
|
4. |
COMPUTER MAP CHECK SCAN |
| |
Scans the endpoint device, gets its name, and maps the computer name to one of the allowed groups –if any – where as the scan output reflects the mapping result. If the result shows that the computer map belongs to the group specified by the IT administrator, the user will be granted access to the corporate resource. Otherwise, access will be denied. This type of scan will protect critical data and resources on corporate servers from misuse by undesired users.
|
|
5. |
CONNECTION TYPE SCAN |
| |
Determines the connection type and speed of the endpoint device. Based on this information the administrator will determine the appropriate action to take. For example, and due to security reasons, the administrator may be required to grant clients who are connecting to the corporate resource using a wireless connection a restricted level of access.
|
|
6. |
CITRIX SECURE ACCESS CLIENT SCAN (CSAC) |
| |
The function of this scan is to check for the installation of the Citrix Access Gateway Enterprise Client and/or the Citrix Secure Access Client on the endpoint device. When one of these clients is installed on the endpoint device, access to the corporate resource will be granted.
|
|
7. |
SUBNET DETECTION SCAN |
| |
Based on subnet information, the administrator can determine if the client is connected to the corporate network or to a remote network, allowing the ability to grant or deny the access to the corporate resource. The administrators may want to make sure that the client accessing the system resources is using his/her own machine at work. Using this scan, the administrator can identify the IP address and the subnet masks of the machine.
|
|
8. |
ZONE ALARM CHECKER SCAN |
| |
This Scan will determine whether or not the Zone Alarm Firewall is running on the endpoint device. If it is not running the user will not be granted access to the corporate resource.
|
|
9. |
MAC ADDRESS SCAN |
| |
Detects the media access control (MAC) address for each network interface card (NIC) or network adapter on the client device and compares the address against a data set containing the list of valid MAC addresses. This scan requires a data set listing valid MAC addresses.
|
|
10. |
IP ADDRESS SCAN
|
| |
Detects the IP address of the endpoint device and compares it against a data set containing a list of valid (IP or range of IP) addresses. This scan requires a data set listing valid IP addresses/valid range of IP address.
|
|
11. |
CONSOLE DETECTION SCAN |
| |
Extentrix Console Detection Scan determines if the user is connecting remotely to the Endpoint Device. The Scan can indicate if the user is using the actual physical Endpoint PC or is using it by well known remote control software (RDP, ICA, and RealVNC).
|
|
12. |
REGISTRY KEY SCAN |
| |
Scans the endpoint device and verifies whether or not a specified registry key/value is registered
|
|
13. |
PROCESS NAME CHECK SCAN |
| |
Scans the endpoint device and ensures that a specified list of processes is running/not running: An IT administrator may specify that the process ssonsvr.exe (Citrix Pass through Authentication) must be installed and running on the client’s machine before granting connection to the corporate resource. The connection will be established if the scan result indicates that the defined process exists and is running.
|
|
14. |
SCREEN SAVER SCAN |
| |
IT administrators may require that the clients accessing their resources have screen savers configured on their machines for security purposes. This scan allows the administrator to scan the endpoint device and check for the presence of the Screen Saver and whether it is password protected or not.
|
|
15. |
SERVICES CHECKER SCAN |
| |
Scans the endpoint device and verifies that the windows services specified by the administrator exist and (all running, all not running, any running) on the client’s machine: The administrator wants the windows service W32Time (Windows Time Service) to be running on the endpoint device. The user will be denied access to the corporate resource if the scan result indicates that W32Time is not running.
|
|
16. |
FILES’ DATE SCAN |
| |
Designed to scan the endpoint device for a map (List) of files, check if they exist and match the date specified by the administrator before allowing access to the corporate resources
|
|
17. |
FILES' SIZES SCAN |
| |
Scans the endpoint device for a map (List) of files, checks the files exist, and match the size determined by the administrator prior to allowing the endpoint device to connect to the corporate resource.
|
|
18. |
FILE SCAN |
| |
Scans the client’s machine for a certain file name, size, and creation date. An administrator may want to make sure that the endpoint device accessing the corporate resource has a file existing in the path C:\Documents and Settings\Administrator\Desktop\Example.doc, with the size of 6450 bytes, created on 10/20/2007. This scan checks for all these conditions, access can be allowed or denied dependent upon the result.
|
|
19. |
EXTENDED REGISTRY KEY SCAN
|
| |
It allows IT administrators to create a list of data for the key registry value and check if any of the client’s machines have one of these values. For example, IT administrators can create scan to verify whether the client's machine name (stored in the registry) match any of its allowed list machine names. This will reduce the need to create a scan for each machine name.
|
|
20. |
WORKING HOURS SCAN |
| |
The Scan gives an administrator the ability to allow users access to company resources at predefined Working Hours, so Administrator can predefine working hour (12:15 – 23:55), if a user connects to the corporate resource during this time then the access will be accepted, but if he/she tries to connect in any invalid time, a warning message appears and access will be denied.
|
|
21. |
SERVICES CHECKER SCAN |
| |
Scans the endpoint device and verifies that the windows services specified by the administrator exist and (all running, all not running, any running) on the client’s machine: The administrator wants the windows service W32Time (Windows Time Service) to be running on the endpoint device. The user will be denied access to the corporate resource if the scan result indicates that W32Time is not running.
|
|
22. |
SAFETY SCAN |
| |
The Extentrix Safety Scan is provided to allow an administrator to ensure a highly secure access environment to corporate resources. It is an end-to-end security Scan that includes safeguards for users accessing system resources from internet cafes and kiosks. It has control over the Internet Explorer cache, history, and cookies; it deletes any important data that would ordinarily be left behind once the user has disconnected from the corporate resource, the scan performs at its best when deployed alongside the Extentrix Safety ActiveX Product.
http://extentrix.com/weboptimizer
|
|
23. |
SMART BROWSER SCAN- FOR IE |
| |
Scans for IE version, security options settings, ensuring that they meet conditions specified by the administrator prior to allowing an endpoint device to access the corporate network.
-
Automatic prompting
for ActiveX
controls.
-
Binary and script
behaviors.
-
Logon.
-
Download signed
ActiveX controls.
-
Initialize and
script ActiveX
controls not marked
as safe.
-
Run ActiveX controls
and plug-ins.
-
Script ActiveX
controls marked safe
for scripting.
-
Automatic prompting
for file downloads.
-
File download.
-
Fonts download.
-
Access data sources
across domains.
-
Allow scripting for
Internet Explorer
Web
browser
control.
-
Allow
script-initiated
windows without size
or position
constraints.
-
Display mixed
content.
-
Don’t prompt for
client certificate
selection when no
certificates or only
one certificate
exists.
-
Drag and drop or
copy and paste
files.
-
Launching programs
and files in an
IFRAME.
-
Navigate sub-frames
across different
domains.
-
Open files based on
contents, not file
extension.
-
Software channel
permissions.
-
Submit nonencrypted
form data.
-
Userdata
persistence.
-
Active scripting.
-
Allow past
operations via
script.
-
Scripting of JAVA
applets.
-
Allow META REFRESH.
For example, the user is not allowed to have ActiveX controls run on his machine, the administrator through this scan can determine by reading the option value "Run ActiveX controls and plug-ins" if it is true then the user will be denied the access.
|
|
24. |
SMART DETECTORS SCAN |
| |
Check the client machine
for more than 320
of
most used
antivirus,
Firewall and
Anti-spyware
if
they are
installed, up to date
and running.
To
see the list of
supported antivirus,
antispyware and
firewall, please
Click Here.
|
