Advertisement
Quick policy setup
How do
How are users
you define
authenticated?
trust level
for user?
Who is authenticating?
How do
What WorkPlace Site will
you define
the users access?
trust level
for device?
What zones are available
for each community?
How do you define
what resources
individual users
can access?
How do you
Define trust levels
define zones
Allow access —
and trust
Trusted: all access to all resources; could use device profiles 1 and 2.
levels?
Semi-trusted: allow limited access to resources; could use device profiles 3 and 4.
How do you
Device Profile Examples
define device
IT-issued laptop —
profiles?
Running McAfee® AntiVirus Corporate Edition with current updates and scanned
1
within the last 14 days, member of the company domain, encrypted text file
named "itlaptop.txt".
IT-issued mobile device —
Device watermarked with a company-issued user certificate, encrypted text file
2
named "itpocketpc.txt".
Authentication server
AD.example.com
Employee's Community
Group = "Marketing/Finance/Sales"
Employee Portal
Corporate layout, Corporate Style
Zones enabled for employee community
Devices that don't fall into the first three zones will
automatically be assigned to the quarantine zone.
Access Control Rule
Inventory Applications
Device trust:
User trust: Finance and Sales
Realm Company XYZ
Corporate layout, Partner Style
Zones enabled for partner community
Partner devices that don't match the first two zones will
automatically be assigned to the quarantine zone.
Access Control Rule
Outlook Web Access
Device trust:
User trust: Marketing, Finance and Sales
Deny access —
Not trusted: deny access to resources; could use device profile 5.
Quarantine —
Suspends access until user completes remediation steps needed to
match device profiles.
Home Macintosh® —
3
Running either McAfee or Kaspersky® anti-virus program.
Home PC —
Running a McAfee, Symantec, ® or Kaspersky anti-virus program, running
4
either McAfee or Kaspersky spyware program, and running Microsoft®
Windows® Firewall.
Running Google® Desktop Search — Deny access.
5
Dell Secure Mobile Access 6200/7200 Getting Started Guide
Partner's Community
Group = "Partners"
Partner Portal
Access Control Rule
Order Entry Application
Device trust:
User trust: Partners, Sales
A realm allows users to authenticate
using credentials stored on an
external authentication server.
Communities allow you to group realm
members based on different security
needs as well as what access agents the
user will use to interact with the network.
WorkPlace sites determine what
Web-based interface the user will
interact with.
Security zones are used to allow or
deny access to members of each
community.
Access control rules define which
resources can be accessed by which
users, when, and in which zones.
Lets you allow, quarantine, or deny
access based on matching device
profiles and optionally require
data protection.
Device profiles enable you to identify
and determine the integrity of access
devices based on device attributes—
such as registry keys, processes running,
or anti-virus state—and associate
devices to Allow and Deny Zones.
You can create as many device profiles
as necessary.
61
Advertisement
