338Chapter 7 TunnelGuard SRS Builder

Registry-based rules

TunnelGuard Agent supports checking of on-disk files, running processes, hash checking, and version numbers to verify installed software packages. Reading the registry settings on a client’s PC is another way of checking software packages and their installed state.

The following sections provide details on registry-based rules:

“Registry-only SRS entry” on page 338

“Creating a registry entry” on page 341

“Registry-based File/Module” on page 342

“Manually creating SRS entries” on page 343

Registry-only SRS entry

Both TunnelGuard Agent and TunnelGuard administrator applet support registry-checking functionality. The administrator tool applet is used to add registry key checks into SRS entries. You can check for the existence of certain registry keys and enforce their values on a desktop PC before allowing access to the network. One SRS entry holds any number of registry key checks, just as one SRS entry holds any number of file checks. Contrary to file and process checks, registry key checks do not have hash checking, date, and version number checking enabled. However, you can combine registry key checking entry with any other type of checking, such as process check or on-disk entry check.

Registry-based rules are most useful in instances where rules are created based on Registry Key Values. TunnelGuard supports simple regular expressions-based rules for Registry Key Values.

TunnelGuard Agent leverages the advantage of being a Java-based application and uses the pattern and regular expression support available in JRE. It provides all of the relevant pattern-matching facility based on regular expressions provided by JRE.

Registry Key Values of type string and integer are supported. Binary data type for Registry Key Values is not supported.

320818-A

Page 338
Image 338
Nortel Networks 4050 manual Registry-based rules, Registry-only SRS entry