Skip to content

Endpoint Protection

Overview

HySecure provides a way to sanitize the endpoint by ensuring that no connections with the endpoint other than the one with HySecure Gateway, are available for any intruder to tap on the applications published through the HySecure Gateway. Some of the configurable options to ensure this includes

  1. Blocking access to internet from the endpoint once the user logs in to the Gateway

  2. Close all existing connections on the endpoint before the user logs in to the Gateway

  3. Block all new connection attempts to any device other than the Gateway

  4. Disallow login to HySecure through Internet proxies

By configuring these options on the HySecure Gateway, the adinistrator can ensure that the endpoint is sanitized for any other connections before the user logs in to the HySecure Gateway.

Important

The Endpoint Protection is separate from the Endpoint Security based Access Control, which primarily controls user access from HyLite portal and/or native client.

Also, the Endpoint Protection based Access Control, unlike Endpoint Security based Access Control, does not need an EPS license, to be effective.

Configuration Workflow

This section defines the workflow for creating an "Endpoint Protection" type of Access Control.

  1. Identify the User / User group for whom the Access Control needs to be made effective. The set of users will either be

    1. part of an Authorization Server associated with an Authentication Domain which is attached to a HySecure Domain OR

    2. part of a High / Low Security native User Group OR

    3. a High / Low Security native User

  2. Select various options based on the level of sanitization which is expected in terms of the external connections likely to affect security.

    The various available options for configurations include the following:

    1. Block Internet

    2. Close existing connections

    3. Continue to block all other external connections

    4. Do nbot allow login through Internet Proxies

  3. Set the validity and the state of this Access Control policy

Endpoint Protection based Access Control Preference

  1. If there are multiple Endpoint Protection based Access Controls, then they are matched in the order of configured priority of these policies.