ConSentry Posture Check
Document Downloads:
ConSentry Posture Check - Endpoint Posture Validation via Dissolvable Agent
With ConSentry, IT can control who can get onto the LAN, monitor and restrict what users can do on the LAN, and prevent threats from disrupting network services or compromising data. Part of that control includes monitoring endpoints for compliance with an organization's security posture and using that information to help set policy for user access.
While critical, posture check is just one step in securing the LAN. As part of its holistic LAN security model, the ConSentry platform performs posture check as well as:
- authentication to provide complete NAC both passive and active authentication
- visibility incident- and exception-based information at Layer 7, including attributes such as file name, tied back to the user
- identity-based control role-based provisioning to control user activities on the LAN
- threat control detect and block propagation of worms and other malware to prevent network meltdown
After scan is complete, ConSentry can alert user to possible threats before allowing them to enter the LAN
How ConSentry Posture Check Works
If a customer chooses to have ConSentry enforce posture compliance, the ConSentry LANShield devices issue a dissolvable agent to designated end user machines as part of the admission process. Users who have not undergone a posture check may be given restricted access to the LAN until posture check is completed, depending on IT's policy. For example, IT may decide that users whose machines have not been checked can access only the Internet or remediation servers.
To gain full LAN privileges, a user launches a browser window to initiate the posture check. The ConSentry platform sends down the dissolvable agent as a Java applet or Active X, and the agent scans the end station for a range of software compliance metrics as well as security vulnerabilities and malicious code all within a matter of seconds. Furthermore, IT can create a policy to rescan users on a periodic basis throughout the day. It uses both signatures and heuristics to scan for:
- adware
- browser plug-in
- dialers
- hacker tools
- keystroke loggers
- remote administration tools
- screen loggers
- tracking cookies
- Trojans
- worms
These signatures are regularly enhanced and can be updated automatically on the ConSentry system.
Enforcement Actions and Reports
The ConSentry dissolvable agent can check for malicious code and software from several vendors. ConSentry can then take a range of actions following the endpoint scan:
- restrict ConSentry will not allow the user onto the LAN until the software is removed (alerts users and displays removal instructions)
- warn ConSentry alerts user to the software's presence (user chooses to remove or enter the LAN)
- observe ConSentry logs for IT but does not alert userallow ConSentry does not search for that software
Custom Rules
The ConSentry dissolvable agent supports customized scans for specific registry keys, applications, or other files. ConSentry can then allow or deny users LAN admission based on the presence or absence of these custom software or settings.
Reports
IT can pull any of the following reports to learn the results of endpoint scans:
- access statistics compliant, cautioned, and restricted users
- security scans the rules or spyware violations, per user
- spyware the types of spyware found
- rules the enforcement rules broken
- keyloggers the keyloggers found, per user
Multiple Operating System Support
The ConSentry Dissolvable Agent works on a wide variety of operating systems to ensure full coverage in heterogeneous environments.
- Windows: Vista, XP, 2000, NT4 (SP6), 98, ME
- Linux
- Macintosh OS X
Third-party software supported
Anti-virus software
The ConSentry dissolvable agent tracks these anti-virus products and enforces LAN admission based on whether the endpoint is running the appropriate version, as defined by IT policy:
- Symantec Symantec Antivirus Corporate Edition, Norton Antivirus
- Sophos Sophos Antivirus
- TrendMicro OfficeScan Corporate Edition, PC-cillin Internet Security
- CA Security Center 2007, eTrust, eTrust EZ, Vet
- McAfee Internet Security Suite 2007, Virus Scan
- BitDefender Internet Security v10
- Kaspersky Antivirus for Linux and Windows
- avast! Windows and Linux Home Edition for Linux
- F-Secure Antivirus for Windows
- Panda Anti-Virus for Windows
- SOFTWIN BitDefender Antivirus for Windows
- Zone Labs ZoneAlarm with Antivirus for Windows
- AVG Antivirus Free Edition for Windows and Linux
- NOD32 Antivirus for Windows
Additional anti-virus scanners can be added through the Registry and Custom File Rule capabilities.
Personal Firewalls
The ConSentry dissolvable agent can follow IT policy to allow or deny admission based on firewall settings for the following firewalls:
- Windows Vista built-in firewall
- Symantec Norton Personal Firewall (Symantec Norton Internet Security 2007)
- Check Point Integrity Linux Agent for Linux
- Redhat Linux built-in firewall for Linux
- Mac OSX/Tiger built-in firewall for Macintosh
- McAfee Personal Firewall for Windows
- Computer Associates EZ Firewall for Windows
- Windows XP Firewall for Windows
- BlackICE PC Protection (BlackICE Defender) for Windows
- Kerio Firewall for Windows
- Outpost Personal Firewall for Windows
- Norton Personal Firewall for Windows
Additional firewalls can be added through the Registry and Custom File Rule capabilities.
Post-Admission Control
Once users complete posture check and are allowed on the LAN, the ConSentry platform then applies post-admission policies to control where they can go on the LAN and what transactions they can complete. LANShield devices learn users' roles during authentication and apply the appropriate controls.
