Verifying computers on SecureClient VPN connection

[w@lle]

Hi,
Is there a way to verify the computers accessing the site through VPN and SecureClient? How do you prevent users - who already have an VPN account - from installing SecureClient on their Home-PC and then connect to the company site? The Home-PC might be full of evil code.
Is it possible through SCV - checking? MacAdress maybe? Didnt find a string matching Mac Adress in local.scv. Is it possible to append in the file?

[melipla]

Use the Integrity SecureClient:

http://www.checkpoint.com/products/i..._sc/index.html

It'll ensure that the end point is in compliance with company standards before it allows a connection.

[chillyjim]

You can check for arbitrary registry keys using SVC as well.

So you create a registry key for company laptops and perform an SCV check to make sure that key is set.

[Sergej]

You can use certificates with PKI to connect to the VPN. Configure notebooks and do certificate roll out by yourself. It is not so easy to export Certificate from work PC and import to home PC.

[arifkm786]

On what as already told,if your company computers are part of the domain,you can check for the registry setting for the DOMAIN SID.

this is the registry key for your domain\administrator account which would be on all the computers.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Group Policy\S-1-5-domainsid-500.

Cheers