InfoExpress has new software to help keep in line remote access VPN users who are too smart for your own good.
CyberGatekeeper can force remote PCs to have their firewalls booted up and properly configured, have intrusion-detection software running and anti-virus software active. If the PCs don't comply, no access.
This can protect corporate networks from remote users who turn off security software because it saps their CPU performance. Their unprotected PCs connected to the corporate VPN expose the network to attacks over the Internet, especially when those PCs have dedicated links to the Internet through DSL or a cable modem.
CyberGatekeeper software combats this problem by denying remote PCs access to corporate resources unless they meet security policies.
The software runs on a Pentium-class PC and sits at corporate sites between the VPN gateway and the corporate network. A smaller piece of software called the configuration agent runs on the remote PC. When the remote user successfully logs on to a VPN, CyberGatekeeper sends down a request to the agent to gather data about what software is running on the machine.
The data is uploaded to CyberGatekeeper, which audits the data and determines whether the remote PC meets the security parameters set by the network administrator in CyberGatekeeper. If the PC meets the criteria, it is allowed access to the VPN. If not, the connection is broken.
This is a good approach for networks that allow remote workers to access corporate VPNs via their own home computers, says John Pescatore, an analyst with Gartner Group. Corporate IT staff could never keep up with maintaining security on each such PC, he says. "For employee-owned home computers it is almost impossible to make a personal firewall work, because the enterprise can't control the PC configuration," he says.
CyberGatekeeper can be configured by network administrators to define the profile that each PC must meet. CyberGatekeeper will be available in the first quarter of 2001. Pricing has not been set.