HP t5710 HP Sygate Security Agent and Symantec Embedded Security:Frequently As - Page 5

The following table compares the advantages of the whitelist and blacklist policies: Policy Advantages Disadvantages Blacklist Firewall Policy Whitelist Firewall Policy • Building and managing a firewall policy can be a time-consuming and frustrating process for both the administrators and the users. A firewall with a default blacklist can be installed without first defining a security policy for access through the firewall. • With a default blacklist policy, it is possible to quickly install a firewall without a significant amount of up-front security competency required by the installers. • It is more prone to allow undesired behavior and security policy violations, such as reverse-tunnels, trojans, worms, and similar attacks. • It is difficult to switch from a default blacklist to a whitelist model. • Greater security because only known services and network activities are allowed by default. This minimizes the effectiveness of trojans, viruses, and worms that use unknown, unlisted programs. • It is easy to switch a default whitelist firewall to a blacklist firewall. • Installing a whitelist firewall takes more up-front time, because you must determine the list of what to allow through the firewall before it is installed and functional. • Managing a whitelist firewall policy is more time consuming in a network with actively changing needs and demands. • It can be a frustrating to users because they have to request access to services, rather than having access by default. Q: What viruses, worms, or vulnerabilities will HP Sygate Security Agent block? A: Both Microsoft Windows Firewall and HP Sygate Security Agent prevent worm attacks such as Blaster and Sasser; however, only HP Sygate Security Agent has the ability to help stop propagation to other systems due to the whitelist approach which allows only known, listed programs to access the network. Assessing your vulnerability to an attack is one of the most important steps that you can take to ensure that your system is protected from possible intruders. The information from this assessment can help you set the various options on your Agent to protect your system from attack. The Sygate Online Services (SOS) scanner scans your computer and attempts to determine your IP address, operating system, Web browser, and other information about your system. You can then choose one of the following more focused scans: • Quick Scan: Encompasses several scanning processes to perform a brief, general scan. It usually takes 20 seconds or less to accurately scan your devices ports, protocols, services, and possible Trojans. It records the results in the Agent Security Log. • Stealth Scan: Uses specialized stealthing techniques that mimic portions of legitimate computer communication to detect the presence of a computer. The Stealth scan takes about 20 seconds to complete and is most likely not recorded in the Security Log. 5