The primary driving factor for wide adoption of SSL VPNs is ubiquitous secure access from any device without any pre-requisites. However this opens up a new challenge for organizations as unknown and unmanaged devices including potentially harmful devices can connect to the corporate network. Moreover compliance becomes a challenge as it becomes impossible to enforce corporate policies to end users. Next generation SSL VPNs like Propalms VPN bring strong device profiling features that measure and calibrate each endpoint connecting to VPN against the corporate policies. Propalms VPN provides a flexible policy framework for administrators to keep the corporate network safe from unclean devices by either keeping such devices out of network, restricting them to a part of network or remediate them to be able to access network services.
As part of device profiling, Propalms VPN can check for status of endpoint security software like antivirus, firewall and anti-spyware, OS and software updates and compliance to endpoint configurations. An intelligent cache wiper can clean the files and cache stored on the local hard disk by browsers or by users, whether residing in temporary folders or any of the drives.
Although SSL VPNs provide broader access capability which clearly enhances productivity, it also inherently widens network exposure to uncontrolled environments.
For Example: If a remote client machine is infected with virus/worms/Trojans/spy-wares, this un-wanted traffic is also sent to private network over secured connection. To effectively control these risks, it is no longer enough to manage access by user identity alone. The safety of the user's end point environment must also be ensured by enforcing access policies based upon solid end point protection.
Propalms VPN Administrators can create 3 types of product policies:
VPN access can be further secured by enforcing MAC address and IP address policies on the VPN gateway. The administrator can define a list of allowed or blocked addresses that are checked when the device scan occurs.