Check Point NG/AI: Next Generation with Application Intelligence Security Administration

Chapter 11: Securing Remote Clients

Introduction

If your organization wants to use a virtual private network (VPN) client, but you are concerned about allowing clients personal computers into your network, do not worry. Check Point solves this problem by giving you control of the remote users desktop security. You can configure specific properties for your mobile users desktops, including prohibiting connections to their PC s when they have remote software running. That way, if they are running a Web server on their PC, you do not have to worry about their server being compromised while they have a connection into your private network.

SecureClient software is simply the SecuRemote software package discussed in the previous chapter with additional features. These features include a personal firewall on your mobile users PCs that you control via SmartDashboard, as well as Secure Configuration Verification (SCV), which allows an administrator to define the attributes of a system secure enough to access the VPN. Within SmartDashboard, you can define detailed policies that SecureClient downloads when a user logs in to your firewall s policy server.

This chapter shows you how to install and configure a policy server, and how to configure different desktop policies for your users. A policy server can reside on one of your firewall modules, or it can be set up as a separate server to strictly enforce clients security policies.

After describing the policy server in full detail, this chapter shows you how to install the SecureClient software, and how to use the SecureClient Packaging Tool on the...