This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
Defining policy by user, groups and devices was much easier. The Web-based policy editor's tabbed environment is broken down by mobile device platforms, and Gatekeeper offers pages of comprehensive options, including login attempt thresholds, number of characters required in passwords, etc.
Our policies worked flawlessly on endpoints, regardless of their network connection status. For example, when we attempted to replace the SD card in our smartphone with an unauthorized card, we were no longer able to access network resources. Equally impressive was the granular control over connection types, including infrared, Bluetooth and Wi-Fi. Whitelist/blacklist functionality let us control applications policies.
By far the strongest feature of CMG is encryption--your choice of AES 128 or 256, Blowfish and Triple DES. We designated automatic encryption data in a variety of mobile device and workstation scenarios, all transparent
| to the end user.
In case of lost or stolen laptop, we could issue a command that would instantly destroy the data and/or encryption key on the device as soon as it is connected to the Internet and automatically polls the Gatekeeper for updates. You can also designate similar actions upon a predetermined number of failed logins. One feature in particular caught our eye--the In Case of Emergency button that could be installed on the login screen. This offered non-authenticated access to the device user's contact information in the event of an emergency or if a good Samaritan wanted to return a lost device.
Intelligent Encryption allows administrators to designate different layers of encryption based upon user data, application data, system files and external media.
CMG's logging and reporting offers robust insight into what's happening on devices throughout the network.
Through the Web interface, we could check on the status of the Enterprise Server, Gatekeepers, Policy Proxies, Shields, encryption and users, along with a full accounting of devices discovered by the Gatekeeper.
We particularly like the fully searchable log files, allowing us to quickly pin down a specific event.
CMG is a robust endpoint security solution that can meet the demands of large and small enterprises.
Testing methodology: We deployed Mobile Guardian on Microsoft Windows Server 2003 with Active Directory and managed a variety of devices, including workstations, mobile phones/PDAs with wireless network connectivity, and portable media such as flash drives and SD cards.
This was first published in June 2008