Answer
GFI EndPointSecurity 2013 allows for a Risk Assessment scan of machines on your network. This does not require an agent to be installed. However, the results returned (score) are dependent on this and other factors.A single machine's risk assessment is calculated based on the devices discovered during the scan, the device category assigned to the device (by Windows), and whether or not the devices are controlled by the policy. Also taken into consideration are other factors such as whether the agent is installed, if it is up-to-date, and if other policy elements are enforced. Each factor is given a weighted number which are added together, and divided by the maximum to give a percentage which is converted to a value between 0 and 9.
- The risk assessment result is made at the time of a risk assessment scan and the result does not change until a new risk assessment scan is performed
- The risk assessment scan will find some devices as connected and some as not connected, however the risk assessment rating does not take into account whether the device is currently connected
The risk assessment assigns a rick category to each device category according to the table below:
| Risk Category | Device Categories |
|---|---|
| High risk | Floppy disks |
| High risk | CD/DVD-ROM |
| High risk | Storage Devices |
| Medium risk | PDA devices |
| Medium risk | Network adapters |
| Medium risk | Modems |
| Low risk | Imaging devices |
| Low risk | Human Interface devices |
| Low risk | Other devices |
- The risk assessment starts with a scan of a computer or computers to determine the devices that have been used with the computer
- Based on the scan, GFI EndPointSecurity evaluates the devices and calculates the risk based on the following:
| Risk Factor | Description | Value |
|---|---|---|
| Agent installed? | If the agent is not installed | 5 |
| Latest version of agent? | If the agent is not at the latest version | 5 |
| High risk devices? | If high risk devices are found and they are not controlled by policy (note 1) | 10 |
| Medium risk devices? | If medium risk devices are found and they are not controlled by policy (note 1) | 6 |
| Low risk devices? | If low risk devices are found and they are not controlled (note 1) | 3 |
| Not encrypted | If encryption is not enforced by the policy | 7 |
| No file type checking | If file type checking is not enforced by the policy | 4 |
| No content checking | If content checking is not enforced by the policy | 6 |
| No printing/faxing control | Printing and faxing is not enforced by policy (note 2) | 7 |
| No network control | Network access control is not enforced by policy (note 2) | 7 |
Notes:
- It only matters that the device is controlled (port and device category). It does not matter what permissions are assigned the logged in user. (ex. If storage devices are controlled by the policy assigned to the machine and the user has 'Full Access' permissions, the resulting value added is 0).
- No Printing Control and No Network Control are not currently evaluated and will be added to a future release. Therefore the maximum risk level for a single machine is 8.
- The risk factor values are summed and the result divided by the maximum possible result (60) which gives a value between 0-1
- This value is then multiplied by 9 and rounded to the nearest value and gives an integer value between 0-9 (Note 2) and this is the risk level of the computer
Priyanka Bhotika
Comments