Introduction to Host Check/Binding
Host Check
The host check function checks the security status of the hosts running SCVPN clients, and according to the checked result, the SCVPN server will determine the security level for each host and assign corresponding resource access right based on their security level. It a way to assure the security of SCVPN connection. The checked factors include the operating system, IE version, and the installation of some specific software.
The factors to be checked by the SCVPN server are displayed in the list below:
| Factor |
Description |
| Operating system |
- Operating system, e.g., Windows 2000, Windows 2003, Windows XP, Windows Vista, etc.
- Service pack version, e.g., Service Pack 1
- Windows patch, e.g., KB958215, etc.
|
- Whether the Windows Security Center and Automatic Updates are enabled
- Whether the installation of AV software is compulsory, and whether the real-time monitor and the auto update of signature database are enabled
- Whether the installation of anti-spyware is compulsory, and whether the real-time monitor and the online update of signature database are enabled
- Whether the personal firewall is installed, and whether the real-time protection is enabled
|
|
Whether the IE version and security level reach the specified requirements
|
| Other configurations |
Whether the specified processes are running
|
|
Whether the specified services are installed
|
|
Whether the specified services are running
|
|
Whether the specified registry key values exist
|
|
Whether the specified files exist in the system
|
The host check function also supports dynamic access permission control. On one side, when the client's security status changes, the server will send a new host check profile to the client to make him re-check; on the other side, the client can perform the security check periodically.
Host Binding
The host binding function verifies the hosts running SCVPN clients according to their host IDs and user information. The verification process is:
- When a SCVPN user logs in via the SCVPN client, the client collects the host information of main board serial number, hard disk serial number, CUP ID, and BIOS serial number.
- Based on the above information, the client performs the MD5 calculation to generate a 32-digit character, which is named host ID.
- The client sends the host ID and user/password to the SCVPN server.
- The SCVPN server verifies the host according to the entries in the host unbinding list and host binding list, and deal with the verified host according to the host binding configuration.
The host unbinding list and host binding list are describes as follows:
- Host unbinding list: The host unbinding list contains the user-host ID entries for the first-login users.
- Host binding list: The binding list contains the user-host ID entries for the users who can pass the verification. The entries in the host unbinding list can be moved to the host binding listmanually or automatically for the first login. When a user logs in, the SCVPN server will check whether the binding list contains the user-host ID entry of the login user. If there is the matched entry in the host binding list, the user will pass the verification and the sever will go on checking the user/password. If there is no matched entry for the login user, the connection will be disconnected.
