1.2 NDIS Layer Firewall Protection

In securing mobile devices, ESM is superior to typical personal firewall technologies that operate only in the application layer or as a firewall-hook driver. ESM client security is integrated into the Network Driver Interface Specification (NDIS) driver for each network interface card (NIC), providing security protection from the moment traffic enters the computer. Differences between ESM and application-layer firewalls and filter drivers are illustrated in Figure 1-2, Effectiveness of an NDIS-Layer Firewall.

Figure 1-2 Effectiveness of an NDIS-Layer Firewall

Security decisions and system performance are optimized when security implementations operate at the lowest appropriate layer of the protocol stack. With the Endpoint Security Client 3.5, unsolicited traffic is dropped at the lowest levels of the NDIS driver stack by means of Adaptive Port Blocking (stateful packet inspection) technology. This approach protects against protocol-based attacks, including unauthorized port scans, SYN Flood attacks, and others.

It is recommended that you follow all operation and maintenance recommendations in this document, in order to ensure that the endpoint security environment is protected.