Specifications
RoamAbout Mobility System Software Configuration Guide 20-1
20
Configuring SODA Endpoint Security
for a RoamAbout Switch
SygateOn‐Demand(SODA)isanendpointsecuritysolutionthatallowsenterprisestoenforce
securitypoliciesonclientdeviceswithouthavingtoinstallanyspecialsoftwareontheclient
machines.MSScanbeconfiguredtorunSODAsecuritychecksonusers’machinesasa
requirementforgainingaccesstothenetwork.
About SODA Endpoint Security
TheSODAendpointsecuritysolutionconsistsofsixmodulesthatprovideon‐demandsecurity:
• VirtualDesktop–Protectsconfidentialdatabyvirtualizingthedesktop,applications,file‐
system,registry,printing,removablemedia,andcopy/pastefunctions.Alldataisencrypted
on‐the‐flyandcanoptionallybeeraseduponsessiontermination.Thevirtual
desktopis
isolatedfromthenormaldesktop,protectingthesessionfrompreviousinfection.
• HostIntegrity–Teststhesecurityofthedesktoptodeterminehowmuchaccesstonetwork
resourcesthedeviceshouldbegranted.Hostintegritychecksinclude:
–Ensuringthatananti‐virusproductisrunningwithup‐to‐
datevirusdefinitions
–Ensuringthatapersonalfirewallisactive
–Checkingthatservicepacklevelsaremet
–Ensuringthatcriticalpatchesareinstalled.
Customcheckscanbeimplementedbasedontheexistenceofspecificregistrykeys/values,
applications,files,oroperatingsystemplatforms.Networkaccesscanalsobepreventedbased
ontheexistence
ofspecificprocesses.
• MaliciousCodeProtection–Detectsandblockskeystrokeloggersthatcaptureusernames
andpasswords,Trojansthatcreateback‐dooruseraccounts,andScreenScrapersthatspyon
useractivity.
TheMaliciousCodemoduleintegratesaVirtualKeyboardfunctionthatrequiresusersto
inputconfidentialinformationsuchaspasswords
usingtheVirtualKeyboardwhenaccessing
specificWebsites,toprotectagainsthardwarekeystrokeloggers.Thismoduleusesa
combinationofsignaturesforknownexploitsandbehavioraldetectiontoprotectagainst
unknownthreats.
For information about... Refer to page...
About SODA Endpoint Security 20-1
Configuring SODA Functionality 20-4