Sygate Security Portal neutralizes public PC threats

Full agent platforms: Windows XP/2000
Cache Cleaner only: Win32, Mac OS 9/X, Linux RH9

Bottom line: Significantly improves the safety of Web-based remote access from unprotected hosts at business centers, Internet cafes and teleworker homes.

In a nut shell: Mitigates public PC threats by checking integrity prior to Web portal/SSL VPN connection, encrypting data while connected and wiping hosts clean afterward.

Pros:

Cons:

Description:

Today, many companies are turning to Web-based remote access methods like webmail (e.g., Outlook Web Access), enterprise portals (e.g., mySAP) and SSL VPNs (e.g., Aventail). Unlike VPN clients, browsers can be found on any public host. This makes Web-based access possible at kiosks, business centers and Internet cafes. It also makes access feasible from unmanaged hosts owned by employees and business partners. Unfortunately, there's a real possibility that public, partner or home PCs have been compromised by viruses, spyware or other malware. Sygate's Security Portal (SSP) reduces this risk by making access safer before, during and after each Web session.

Sygate's Cache Cleaner, a "thin" version of SSP, runs on Mac, Linux or any Win32 host. If you've ever used a public PC, you've probably noticed saved passwords, URLs, forms values and even cached Web pages left behind by others. Cache Cleaner automatically wipes out these values when the browser session ends, when window closes or an inactivity timeout expires. Enforcing post-session clean-up is essential for any secure Web portal.

But that's not really enough. To improve security before and during each session, there's an expanded SSP version called the Sygate Virtual Security Agent (SVSA) that combines the Cache Cleaner with a Host Integrity Checker and Virtual Secure Desktop.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research Mobile Security Mobile security threats Two-factor authentication: Mobile security at your fingertips Securing your Windows Mobile devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Is malware coming to a smartphone near you? Protecting data on your BlackBerry Defining your mobile security policy Government regulations and mobile security policies Symbian: Protect your data, not just your device Mobile Authentication and Encryption Sybase offers enterprise-ready iPhone solution on the App Store Two-factor authentication: Mobile security at your fingertips RIM makes hostile takeover bid for encryption vendor Certicom In-the-cloud defenses for mobile malware Podcast: The truth about network security and mobile device access iPhone encryption is a must for the security-conscious enterprise Sybase iAnywhere launches productivity suite that tunnels critical business apps through email Mobile voice encryption gets cheaper, easier to do Avoiding data breaches through mobile encryption Mobile device security: Improving mobile authentication Mobile Authentication and Encryption Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) screaming cell phone  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

But what if you need to e-mail a document created offline? For this, you'll need local-secure desktop switching, a capability permitted at the administrator's discretion. What if you're a teleworker, using the same files repeatedly? You'll want a persistent VSD, where the encrypted folder is password-protected and retained for subsequent reuse. These and other parameters are determined by security policies, configured using Sygate's Security Portal Editor.

Because different environments warrant different security measures, you'll want to configure several policies. Policies are chosen at connect time based on location and device. SSP 1.0 can check for the presence of a certificate, registry value or compare the host's IP address to defined range(s). For example, a company certificate can be installed on teleworker PCs, checked by a policy that enables VSD reuse. A default policy could then be used to enforce tighter security on unknown PCs -- even restricting access to just the browser.

I took SSP for a short test drive, using the editor to configure home and unknown profiles with different parameters. I ran my policies locally, but typically policies would be copied onto your portal server or SSL VPN gateway. Whenever I opened the SSP "homepage," an ActiveX, Java, or executable was downloaded to my PC (in this order of preference). Download-on-demand is essential for unmanaged hosts where you can't install software in advance. Even Sygate's executable installs without administrator permission, increasing public PC compatibility.

I encountered no problems during my test drive, but note that results could vary by host type and Web/VPN server. It's a good idea to check with Sygate if your host or server/VPN environment is unusual. According to Sygate, SSP has been tested with common webmail systems, many enterprise application portals and SSL VPNs from Aventail, Neoteris (Netscreen), uRoam (F5), Netilla, Nokia and others.

If you're an individual worried about security when using public PCs, SSP won't help you. SSP is a centrally-administered, policy-based solution for companies who run their own Web portals or SSL VPNs. However, if your company is considering browser-based remote access, SSP can help you stop those Web sessions from letting infected PCs in, being abused by malware or leaving confidential data behind.

About the author: Lisa Phifer is vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.