Skip to content

Endpoint Protection

Overview

HySecure provides a way to sanitize the endpoint by ensuring that no connections with the endpoint other than the one with HySecure Gateway are available for any intruder to tap into the applications published through the HySecure Gateway. Some of the configurable options to ensure this include:

  1. Block access to the internet from the endpoint once the user logs in to the Gateway.

  2. Close all existing connections on the endpoint before the user logs in to the Gateway.

  3. Block all new connection attempts to any device other than the Gateway.

  4. Disallow login to HySecure through Internet proxies.

By configuring these options on the HySecure Gateway, the administrator can ensure that the endpoint is sanitized for any other connections before the user logs in to the HySecure Gateway.

Important

The Endpoint Protection is separate from the Endpoint Security-based Access Control, which primarily controls user access from HyLite portal and/or native client.

Also, the Endpoint Protection-based Access Control, unlike Endpoint Security based Access Control, does not need an EPS license, to be effective.

Configuration Workflow

This section describes the workflow for creating an "Endpoint Protection" type of Access Control.

  1. Make selections for the various options based on the level of sanitization expected, in terms of the external connections which are likely to affect security.

    The options include:

    1. Block Internet

    2. Close existing connections

    3. Continue to block all other external connections

    4. Do not allow login through Internet Proxies

  2. Set the validity and the state for this Access Control policy.

Endpoint Protection based Access Control Preferences

If multiple Endpoint Protection based Access Controls are configured, then they are matched in order of the configured priority of these policies.