Agents on lookout for security

Security plans only work if they are enforced, hence the use of software agents that make sure remote computers have the appropriate security policies in place before they are allowed to connect to company networks.

Some Secure Sockets Layer remote access and IPSec VPN remote access vendors have developed this endpoint security software themselves and some partner with other companies to provide it. It is widely considered a good idea because that remote machine is connected to the Internet where it is subject to potential infections that could use the remote machine to spread inside the corporate network.

There is a new name in this area – Endforce – even if it is not a new company. Formerly called SmartPipes the company changed its name to emphasize its new products that will be announced next month. These consist of a software agent that runs on remote computers and a server that sits behind corporate firewalls.

The server intercepts RADIUS authentication information being supplied to remote access gateways and checks whether the machine the credentials are coming from meets corporate security policies. These consist of whether the remote computer has the right version of anti-virus software installed and running, whether it has a personal firewall installed, running and properly configured and whether it has the appropriate operating system with prescribed updates.

Computers that fail are denied access. Either a warning describing its shortcomings or diversion to a site where they can be remedied can be sent by the Endforce server.

These are rudimentary but important checks. When it is released, the Endforce gear will support a limited number of anti-virus applications, firewalls and operating systems, but the company promises to rapidly provide support for more.

Customers using remote access options without checking whether the remote computers meet security standards might want to check out this and competing gear as a supplement to their current remote access deployments.