Secure Mobile Access 12.4 Administration Guide

About End Point Control

The SMA appliance includes support for End Point Control, which you can use to protect sensitive data and ensure that your network is not compromised when accessed from devices in untrusted environments. End Point Control works by:

  • Verifying that the user’s environment is secure

  • Removing user data from a personal computer after a session

  • Controlling access to sensitive resources

Traditional VPN solutions typically provide access only from the relative safety of a corporate laptop. In that environment, one of the biggest security concerns is unauthorized network access. An SSL VPN, on the other hand, enables access from any Web-enabled system, including devices in untrusted environments. A kiosk at an airport or hotel, or an employee-owned computer, increases the risk to your network resources.

End Point Control reduces your exposure from untrusted environments in three ways:

  • Verifying that the user’s environment is secure – Corporate IT departments configure computers under their control with antimalware software, firewalls, and other safeguards designed to protect them from malicious software (malware). In contrast, unmanaged computers can easily contain keystroke recorders, viruses, Trojan horses, and other hazards that can compromise your network.

    Secure Mobile Access lets you define zones of trust that provide different levels of access depending on the level of trust at the user’s end point. Connection requests are compared against device profiles you set up in AMC and then assigned to the appropriate zone.

  • Removing user data from a PC after a session – It’s easy to inadvertently leave sensitive data on an untrusted PC. For example, a user logged in to a public kiosk leaves a variety of data in the PC’s cache after logging out, including passwords, browser cookies, and bookmarked URLs. Users may also accidentally leave files or email attachments on the hard disk. Secure Mobile Access’s data protection agents automatically remove session data from the PC.
  • Controlling access to sensitive resources – You can reference End Point Control zones in access control rules. For example, a connection originating from a less trusted EPC zone can be denied access to sensitive resources.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.