While we are on the subject of endpoint security, we felt that it would be valuable to mention a relatively new feature of the IVE which can help to provide your clients and your network with some exceptional security. One issue that security administrators grapple with when providing remote access, is how to let "clean" traffic into the network while protecting against malicious traffic. Even if you know every one of your users by name, you can't be certain that they are not bringing things that aren't business-related into your network. Quite often an unsuspecting user might become infected with spyware or some other worm which will propagate itself without the user knowing it. Although Host Checker and Advanced Endpoint Defense can help you extend your security beyond your IVE and firewall, they cannot block attacks that are generated by hosts which are legitimately connected to the IVE and transmitting on allowed ports. Say, for instance, you allow users who pass Host Checker to gain Network Connect access. If they were infected by a worm, the worm may try to propagate itself into your internal network. In the past, many administrators have implemented firewalls or an IDS/IPS to help protect their networks from such attacks. The problem with this solution is that a firewall can only allow/deny traffic based on ports, and so a worm propagating across an allowed port is not prevented from spreading. Alternatively, a good IPS system may be able to stop an attack, but...