Read an interesting article on InfoWorld earlier this week about the iPhone falsely reporting VPN policies and encryption support. While the iPhone has been updated and fixed, miscommunication with Exchange VPN servers brings up a larger question—should the server do more than just query the device client and should the enterprise VPN take on a NAC function through a device ‘pat down’?
Allowing for a full ‘pat-down’ before allowing a VPN connection, the NCP Secure Enterprise Management System looks at the actual individual device rather than a standard set of queries. NCPs ‘pat down’ checks and makes certain that security software is up-to-date, the right form of encryption is being used, firewall settings are enabled, and the machine is compliant to pre-set network policy enforcement parameters. By running this pat-down, the administrator will be reassured its employees’ devices are compliant, and those who aren’t are alerted to take the necessary steps to reach compliance. Without an endpoint device ‘pat-down’ enterprise remote access can be compromised, just as the InfoWorld article illustrates.