Open as PDF
544 CHAPTER 24: CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH
Malicious Code Protection – Detects and blocks keystroke loggers
that capture usernames and passwords, Trojans that create back-door
user accounts, and Screen Scrapers that spy on user activity.
The Malicious Code module integrates a Virtual Keyboard function
that requires users to input confidential information such as
passwords using the Virtual Keyboard when accessing specific Web
sites, to protect against hardware keystroke loggers. This module uses
a combination of signatures for known exploits and behavioral
detection to protect against unknown threats.
Cache Cleaner – Ensures that Web browser information, such as
cookies, history, auto-completion data, stored passwords, and
temporary files are erased or removed upon termination of the user’s
session, inactivity timeout, or closing of the browser.
Connection Control – Controls network connections based on
Domain, IP address, Port, and Service. For example, Connection
Control can prevent a Trojan from sending out a confidential
document, downloaded legitimately through an SSL VPN tunnel, to a
malicious e-mail server (SMTP) using a second network tunnel.
Adaptive Policies – Sense the type and location of device and adjusts
access based on endpoint parameters such as IP range, registry keys,
and DNS settings
The SODA endpoint security modules are configured through Sygate
On-Demand Manager (SODA Manager), a Windows application.
SODA Manager is used to create a SODA agent, which is a Java applet
that is downloaded by client devices when they attempt to gain access
to the network. Once downloaded, the SODA agent runs a series of
security checks to enforce endpoint security on the client device.
Security Support on
WX switches support SODA endpoint security functionality in the
SODA agent applets can be uploaded to a WX switch, stored there,
and downloaded by clients attempting to connect to the network.
The WX switch can ensure that clients run the SODA agent security
checks successfully prior to allowing them access to the network.
Different sets of security checks can be downloaded and run, based
on the SSID being used by the client.