Talkback
E-mail
Printer Friendly
Reprints
The availability of both a gateway device and a LAN enforcement device provides many options for implementation, especially for guest access. The policy management interface is comprehensive, but the presence of the different Enforcers creates multiple policy definitions that interact in ways that may be unclear to administrators who don’t not use the system daily.
Trend Micro Network VirusWall Enforcer 2.0
Trend Micro Network VirusWall Enforcer (NVWE) 2.0 and Trend Micro Control Manager (TMCM) 3.5 couple a NAC gateway appliance with a browser-based configuration interface. NVWE is a “plug-and-protect” device designed to ensure that all devices -- local or remote, managed or unmanaged -- are determined compliant before they are allowed onto the network. NVWE also offers network worm prevention, as well as port, agentless, and agent-based scanning of devices.
 Click for larger view. |
The installation of the hardware is typical for a gateway, with one port connected to an edge device and the other connected to the core. All traffic passing through the Network VirusWall Enforcer must pass the configured policies, and the real-time dashboard provides insight into what the Enforcer has seen and what areas of concern may exist.
Policies are configured through the Web-based interface, as well. The system provides a concept of Network Zones. Through the use of IP addresses (individually or by subnets), administrators can define areas of the network that are controlled in consistent ways. So, for example, conference rooms may have different policies than office areas of an enterprise, and those policies would need to be defined only once, then applied to the appropriate Network Zones.
When creating policies, administrators specify the kind of agent for which the policy applies (agentless or persistent agent), the type of end point installation method, and what to do with non-Windows and unidentifiable operating systems. You also select how frequently to recheck both compliant and noncompliant end points.
Next, you set the Network Zones that will use this policy and specify whether it applies to authenticated users or unauthenticated users (the latter are considered guests by the Network VirusWall Enforcer). Next, you define the enforcement policies, including anti-virus program, version, and system threats. You can also specify system thread scanning, vulnerabilities, and registry key scans. If the vulnerability scan does not pass, you can set a redirect URL (such as Windows Update) for correction.
Next, you configure the Network Virus Policy, including what to do with end points that are transmitting viruses and the remedy you prefer. Last, you set URL exceptions for remediation servers. You repeat these steps for each policy that you define on the Enforcer.
The Network VirusWall Enforcer correctly handled all of the scenarios that it is designed to take on. Because it integrates with Active Directory and LDAP, it can differentiate between authenticated and unauthenticated guests and employees in those environments.
Steve Hultquist is a contributing editor of the InfoWorld Test Center.
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
