GFI Software/GFI EndPointSecurity
GFI EndPointSecurity enables you to allow or deny access to a specific device as well as to assign (where applicable) ‘full’ or ‘read only’ privileges over every supported device (e.g. CD/DVD drives, PDAs) on a user by user basis.
The aim of this book is to provide access to important information that can help users make the best use of GFI EndPointSecurity, Wikibookians are therefore encouraged to update this content and/or send feedback, ideas and comments on how this documentation can be further improved via the wiki discussion page, GFI Forums, or by sending an email to email@example.com.
All feedback is welcome! Please contribute your topics with the above principles in mind.
The key advantage of removable media devices (or portable devices) is easy access. In theory, this may be of great advantage for organizations, but still, it is a well-reported fact that access and security are at opposite ends of the security continuum. Developments in removable media technology are escalating. Newer versions of portable devices, such as flash memory, have increased in:
- Better storage capacity
- Improved performance
- Easier and faster to install
- Physically small enough to carry in a pocket.
As a result, internal users may deliberately or accidentally:
- Take away sensitive data
- Expose confidential information
- Introduce malicious code (e.g. viruses, Trojans) that can bring the entire corporate network down
- Transfer inappropriate or offensive material on to corporate hardware
- Make personal copies of company data and intellectual property
- Get distracted during work hours.
In an attempt to control these threats, organizations have started to prohibit the use of (personally-owned) portable devices at work. Best practice dictates that you must never rely on voluntary compliance and the best way to ensure complete control over portable devices is by putting technological barriers.
GFI EndPointSecurity is the security solution that helps you maintain data integrity by preventing unauthorized access and transfer of content to and from the following devices or connection ports:
- USB Ports (e.g. Flash and Memory card readers, pen drives)
- Firewire ports (e.g. digital cameras, Firewire card readers)
- Wireless data connections (e.g. Bluetooth and Infrared dongles)
- Floppy disk drives (internal and external)
- Optical drives (e.g. CD, DVD)
- Magneto Optical drives (internal and external)
- Removable USB hard-disk drives
- Other drives such as Zip drives and tape drives (internal and external).
Through its technology, GFI EndPointSecurity enables you to allow or deny access and to assign ‘full’ or ‘read only’ privileges to:
- Devices (e.g. CD/DVD drives, PDAs).
- Local or Active Directory users/user groups.
With GFI EndPointSecurity you can also record the activity of all devices or connection ports being used on your target computers (including the date/time of usage and by whom the devices were used).
How it works
Deployment and monitoring
The administrator specifies which protection policy is assigned to which computers, and the log-on credentials to be used by GFI EndPointSecurity to access the target computers and deploy the agents.
The administrator can customize a protection policy before or after deploying it. Customization options include the creation of power users, addition of blacklisted/whitelisted devices and device access permissions.
The administrator deploys the protection policy. Upon the first deployment of a protection policy, a GFI EndPointSecurity agent is automatically installed on the remote network target computer. Upon the next deployments of the same protection policy, the agent will be updated and not re-installed.
When agents have been deployed, the administrator can monitor all device access attempts via the GFI EndPointSecurity management console, receive alerts and generate reports through the GFI EndPointSecurity ReportPack.
The user attaches a device to a target computer protected by GFI EndPointSecurity.
The GFI EndPointSecurity agent installed on the target computer detects the attached device and goes through the protection policy rules applicable to the computer/user. This operation determines whether the device is allowed or blocked from being accessed.
The user either receives an error message indicating that device usage has been blocked, or else is allowed to access the device.
The user executes the GFI EndPointSecurity Temporary Access tool from the computer on which the device is to be accessed. The tool is used to generate a request code, which the user communicates with the administrator. The user also needs to inform the administrator on the device types or connection ports that need to be accessed, and for how long will devices/ports access be required.
The administrator uses the Temporary Access feature within the GFI EndPointSecurity management console to enter the request code, specify devices/ports and time restrictions. An unlock code is generated which the administrator then communicates with the user
Once the user receives the unlock code sent by the administrator, this code is entered in the GFI EndPointSecurity Temporary Access tool to activate the temporary access and to be able to use the required devices/ports.
GFI EndPointSecurity documentation
Getting Started Guide
This user manual is a comprehensive guide aimed at assisting you in installing, and testing GFI EndPointSecurity. It describes how to use and configure GFI EndPointSecurity to achieve the best possible corporate security. The following links enables you to browse GFI EndPointSecurity Getting Started Guide.
Chapter 1: Introduces this manual.
Administration and Configuration Manual for GFI EndPointSecurity
This user manual is a comprehensive guide aimed at assisting you in creating and deploying GFI EndPointSecurity protection policies. It describes how to use and configure GFI EndPointSecurity to achieve the best possible corporate security. The following links enables you to browse GFI EndPointSecurity Administration and Configuration manual.
Chapter 1: Introduces this manual.
This section explains how you should go about resolving issues that you might encounter while using GFI EndPointSecurity. The main sources of information available are:
- The manual - most issues can be solved by reading GFI EndPointSecurity manuals
- Download product manuals from www.gfi.com
- GFI Knowledge Base articles
- GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most up-to-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.
- Web forum
- User to user technical support is available via the web forum. The forum can be found at http://forums.gfi.com/.
- Contacting GFI Technical Support
- If you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone.
- NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at https://customers.gfi.com/login.aspx.
- GFI support will answer your query within 24 hours or less, depending on your time zone.