Regarding the End Point Control on the SRA appliance for your customer, we do not support creating policies tied to MAC addresses, however we can make policies that are tied to the Hard Drive Serial number. I would argue, this is probably more secure, at least on the surface.
Below is a quick explanation of how to retrieve the Equipment ID from various Windows platforms.
The EID stands for the ‘Hard driver serial number’.
For Windows 7, you can type following command to get EID:
wmic diskdrive get serialnumber
For windows XP, you may use some third-part free tool to get the
EID. This is a link of a free tool.
More SMB SRA info:
Firmware 7.5 now has EPC
abilities. Customers can create profiles looking for Anti-Virus, Anti-Malware,
Personal Firewall programs, Running applications, Client certificates, registry
keys, files, directories, domain membership, Windows Version, and device ID. (No MAC address though)
I think it's possible to create multiple profiles and lock down a user account to a device profile, but that would be a unique profile per-user (could potentially be a lot of configuration work).
So we can make sure the device that's connecting in is the right device (so you can't use a home machine or some other non-corporate asset). However, locking a specific person to one device might be a large config. Part of customer's remote access (BYOD) policy conversation needs to address level of device identification, i.e. if it's a corporate device that connects in, or make sure User A is logging in from her device, and not User B's device.
I think it's possible to create multiple profiles and lock down a user account to a device profile, but that would be a unique profile per-user (could potentially be a lot of configuration work).
So we can make sure the device that's connecting in is the right device (so you can't use a home machine or some other non-corporate asset). However, locking a specific person to one device might be a large config. Part of customer's remote access (BYOD) policy conversation needs to address level of device identification, i.e. if it's a corporate device that connects in, or make sure User A is logging in from her device, and not User B's device.
Product documentation link: http://www.sonicwall.com/us/en/support/3893.html
No comments:
Post a Comment