Novell ZENworks Endpoint Security Management 3.5 Manuale Utente
ZENworks® ESM 3.5
Administrator’s Manual
108
•
Show Location in Client Menu - this setting allows the location to display in the cli-
ent menu. If this is unchecked, the location will not display at any time.
ent menu. If this is unchecked, the location will not display at any time.
Client Location Assurance
Because the network environment information used to determine a location can be easily spoofed,
thereby potentially exposing the endpoint to intrusion, the option of cryptographic verification of
a location is available through the Client Location Assurance Service(CLAS). This service is only
reliable in network environments that are completely and exclusively under the control of the
Enterprise. Adding Client Location Assurance to a location, means that the firewall settings and
permissions for this location can be set as less restrictive, assuming the endpoint is now protected
behind the network firewall.
thereby potentially exposing the endpoint to intrusion, the option of cryptographic verification of
a location is available through the Client Location Assurance Service(CLAS). This service is only
reliable in network environments that are completely and exclusively under the control of the
Enterprise. Adding Client Location Assurance to a location, means that the firewall settings and
permissions for this location can be set as less restrictive, assuming the endpoint is now protected
behind the network firewall.
The ZENworks Security Client uses a fixed, enterprise-configurable port to send a challenge to
the Client Location Assurance Service. The Client Location Assurance Service decrypts the
packet and responds to the challenge, proving that it has the private key matching the public key.
The tray icon displayed will include a check-mark, indicating the user is in the correct location
(see Figure 80).
the Client Location Assurance Service. The Client Location Assurance Service decrypts the
packet and responds to the challenge, proving that it has the private key matching the public key.
The tray icon displayed will include a check-mark, indicating the user is in the correct location
(see Figure 80).
Figure 80 : CLAS location checked
The ZSC will NOT switch to the location unless it can detect the CLAS server. If the CLAS server
is not detected, even if all other network parameters match up, the ZSC will remain in the
Unknown location to secure the endpoint.
is not detected, even if all other network parameters match up, the ZSC will remain in the
Unknown location to secure the endpoint.
To activate CLAS for a location:
Check to activate the assurance requirement, then import the CLAS public key into the policy by
clicking Import and browsing to the file. The word Configured will display when the key is
successfully imported.
clicking Import and browsing to the file. The word Configured will display when the key is
successfully imported.
Note:
This option is not available for the Unknown location.
Use Location Message
This setting allows an optional Custom User Message to display when the ZSC switches to this
location. This message can provide instructions for the end-user, details about policy restrictions
under this location, or include a Hyperlink to more information.
location. This message can provide instructions for the end-user, details about policy restrictions
under this location, or include a Hyperlink to more information.