Endpoint Security

Open Mobile provides a policy and enforcement platform that allows IT managers to assist their users in secure computing practices and cost control. Open Mobile endpoint security is configured in the Open Mobile Portal.

Endpoint security and restrictions enables you to set policies for applications to run when connected by Open Mobile. These policies can either require an application to run, or prohibit one from running, when Open Mobile connects to the Internet. For example, you could set a requirement for users to be protected by a specified anti-virus application when connected. Another policy could prevent users from using a specific peer-to-peer file sharing application when Open Mobile is connected.

There are two important features of endpoint security:

• Pre-Connect: If the designated application is not running when the user attempts to connect to the Internet, Open Mobile will attempt to launch it, and will not connect to the Internet without the application running.
• Automatic Teardown: An Internet connection may only be maintained if the designated application is running. If the application is stopped for any reason while the user is connected to the Internet, the Internet connection is automatically torn down.

You can configure enforcement through a command-line executable if the designated applications are in violation of policy.

In addition, you can configure the user notifications that will be displayed if the designated applications are in violation.

You can configure two types of application policy:

• Required applications must be running when the user attempts to connect.
• Restricted applications may not be running when the user attempts to connect.

You can set the actions taken by Open Mobile when either one of these policies is violated.

For Required applications, you can configure:

• A qualified anti-virus, firewall, or other application. A qualified application is one that is listed in the user’s local Windows Security Center (in Windows 7, the Action Center) for anti-virus, firewall, or anti-spyware protection.
• A specific antivirus, firewall, or anti-spyware application certified from the OPSWAT library. (OPSWAT certification is a security software interoperability certification program for a variety of application types.)
• For firewalls, the Windows built-in Firewall.
• A custom security application that you can specify. You can also specify a remediation action for the application to repair the executable if it stops running. The remediation action can be a command or batch file.
• In addition, you can set a security level for each security category to control Open Mobile behavior and connection experience.

You can select a security level for anti-virus, firewall, spyware, and other security applications. The table below shows the behavior for each security level if the designated application is not running at the time of the user connection.

For example, a policy sets a Security Level 1 for the Windows Firewall. If the user attempts to connect when Windows Firewall is disabled, Open Mobile will prompt the user before attempting to connect.

Another policy sets a Security Level 4 for an anti-virus application listed in the user’s Windows Security Center. If the anti-virus is not running at connection time, the connection is blocked. In addition, if the user later disables the anti-virus application during the connection, Open Mobile will immediately disconnect any VPN connection. Further, it will block the reconnection until the anti-virus application is re-started.

You can designate any application as Restricted. Restricted applications may not be running when the user attempts to connect, or Open Mobile will take the action you specify depending on the restriction level.

Go to: Open Mobile for Windows Help