LOCATION AWARENESS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce security policy settings by location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow manual location change |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow saving of network environment to associate network environment with current location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow manual change of firewall settings (if multiple firewall settings exist) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CLIENT SELF DEFENSE |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Require an uninstall Password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block the termination of client processes via Task Manager |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block the stopping/pausing of the client via Service Manager |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Protect client files and registry entries |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Automatically rebind of the NDIS filter driver |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
STORAGE DEVICE CONTROL |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control optical writer (CD/DVD) access (R, R/W, no access) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control floppy drive access (R, R/W, no access) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control AutoPlay/AutoRun access |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control removable storage device access (R, R/W, no access) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Create removable storage device approval lists |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
WIRELESS CONTROL |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce wireless card (adapter) approval lists |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable wireless transmissions by disabling all wireless cards (adapters) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block wireless connections but keep Wi-Fi radio active |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable wireless transmissions when wired |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable ad hoc wireless connections |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disable adapter bridging |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Automate WEP pre-shared key distribution for access points |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Filter and prohibit access points |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce connection preference based on access point security levels or signal strengths |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DATA ENCRYPTION |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Provide a “safe harbor” encrypted folder on fixed disks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Encrypt the “My Documents” folder |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enable user-defined encrypted folders on fixed disks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Encrypt removable storage devices |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Share password-protected encrypted files by using administrator-distributed decryption utility |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FIREWALL PROTECTION |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Set default behavior to open, closed, or stateful |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce TCP/UDP ports and protocols access rules |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce access control lists (ACLs) for IP and MAC addresses. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow multiple firewall settings within a location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow manual change of firewall setting within a location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VPN ENFORCEMENT |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Require and automate launch of a VPN client based on location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce VPN authentication timeouts |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control wired, wireless, and dial-up adapter access |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
APPLICATION CONTROL |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block application execution |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block application access to Internet |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
COMMUNICATION HARDWARE CONTROL |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control access to 1394 (FireWire), irDA (infrared), Bluetooth, and Serial/Parallel communication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control wired communication, including enforcement of wired adapter approval list |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control dialup (modem) communication, including enforcement of dialup adapter approval list |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce wireless adapter approval list |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
USB CONNECTIVITY |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control access based on USB device groups (mass storage, printers, etc.) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Control access to individual devices |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CLIENT UPDATE |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce Security Client update policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
INTEGRITY AND REMEDIATION |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Verify that required antivirus and spyware software is running and up to date. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enforce remediation proceduresif software fails verification |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Support advanced scripting for softwre integrity checks and remediation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
COMPLIANCE REPORTING AND ALERTS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supply data to Management Console for reporting on security policy compliance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Supply data to Management Console for monitoring of security threats |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|