The following terms are frequently used in this documentation:
Locations: Locations are simple definitions that help users identify the network environment they are in, provide immediate security settings (defined by the administrator), and permit the user to save the network environment and change the applied firewall settings.
Each location is given unique security settings, denying access to certain network functionality and hardware in more hostile network environments, and permitting broader access within trusted environments. Locations define the following information:
How often the Endpoint Security Client checks for a policy update in this location
The location management permissions granted to a user
The firewall settings that are used at this location
The communication hardware that is permitted to connect
At what level the user is permitted to use removable storage devices (such as thumb drives and memory cards) and to use CD/DVD-RW drives
Any network environments that can help to define the location
Firewall Settings: Firewall settings control the connectivity of all networking ports (1-65535), network packets (ICMP, ARP, etc.), network addresses (IP or MAC), and which network applications (file sharing, instant messenger software, etc.) are permitted to get a network connection when the setting is applied. Three firewall settings are included as defaults for ESM, and can be implemented at a location. The ESM Administrator can also create specific firewall settings, which cannot be listed here.
All Adaptive: This firewall setting sets all networking ports as stateful (all unsolicited inbound network traffic is blocked; all outbound network traffic is allowed). ARP and 802.1x packets are permitted, and all network applications are permitted a network connection.
All Open: This firewall setting sets all networking ports as open (all network traffic is allowed). All packet types are permitted. All network applications are permitted a network connection.
All Closed: This firewall setting closes all networking ports, and restricts all packet types.
Adapters: Refers to three communication adapters normally found on an endpoint:
Wired Adapters (LAN connections)
Wi-Fi Adapters (PCMCIA Wi-Fi cards, and built-in Wi-Fi radios)
Also refers to other communication hardware that might be included on a computer, such as infrared, Bluetooth*, FireWire*, and serial and parallel ports.
Storage Devices: Refers to external storage devices that can pose a security threat when data is copied to, or introduced from, these devices on an endpoint. USB thumb drives, flash memory cards, and SCSI PCMCIA memory cards, along with traditional Zip*, floppy, and external CDR drives and the installed CD/DVD drives (including CD-ROM, CD-R/RW, DVD, DVD R/RW), can all be blocked, permitted, or rendered to Read-Only at a single location.
Network Environments: A network environment is the collection of network services and service addresses required to identify a network location.