T L Anews.com

Information for Security Concerned People
 
TLA
About Us
Home
FLApro
Jobjects
Jclntauth
Consulting
Learning Center
FW-1 FAQ
Agenda
TLAnews
Search
 
 

TLAflash Registration
 
Tech Doc
Archive
Advertising
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VPN Quarantine with RQS.EXE

18.01.2007

The VPN quarantine service has a simple mission: place each VPN client on a restricted virtual network, check it for required security patches, antivirus definitions, and any other prerequisites set forth by your security policy, and then allow the client access to the network if it passes the administrator's checks. Administrators may choose to put one or more software update servers on the quarantine network (as defined by ISA) to allow clients that don't pass the checks to download the necessary patches and re-attempt to clear quarantine.

The VPN quarantine service consists of two components. The first component, RQS.exe, is a listener that runs on the ISA VPN server. It's the service that allows ISA to transparently move healthy clients out of quarantine and onto the network. During the installation of RQS.exe, an administrator specifies a text string that represents a healthy status. The second component, RQC.exe, is used by clients to alert the quarantine service that the health checks have passed. Clients automatically run RQC.exe after the client-side scans have completed successfully, passing the required text string to the RQS.exe listener on the server. When the RQS.exe service receives the appropriate text string, the client is released from quarantine.

Many network administrators are surprised to learn that none of the actual scanning for security patches and antivirus definitions is performed by the Microsoft quarantine client, RQC.exe. Instead, you choose how you'd like to scan your clients—batch files, Windows Scripting Host, .NET Framework-based applications, or whatever you like. This flexibility allows customers to design their health check based on their specific requirements and lets them leverage the development skill they're most comfortable with. There's only one requirement: your client-scanning routine must call the RQC.exe client-side executable at the completion of a successful scan, passing the appropriate text string. That's how RQS.exe knows it's allowed to remove the client from quarantine and allow it access to the network.

The last obstacle we need to tackle is how to get our scanning scripts and the RQC.exe client-side component of the quarantine service delivered to our VPN clients. For that, we'll use the Connection Manager Administrator Kit (CMAK), yet another feature built into Windows Server 2003.

 

 

 

 

Related information


Back to Latest News

 

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: janvier 18, 2007 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.

 Network Security
  
 Christian ALT  
      
As a founding member of Telecom and Logistics Associates, Christian is an expert in network security. Has performed installations over three continents and has taught more than 100 seminars on networking and security.

 He is also ISO 27001 Lead Auditor for Management of  Information System Security. 

 
Translate this page from: