Within this article we want to proceed in showcasing some basic EPA (End Point Analysis) policies that we can implement within our organization to enhance security. Please do note that we will not necessarily get into the details on setting up pre or post authentication EPA policies, but more concentrate on the EPA policies itself. For reference here the short list and their setup that we will be describing in this blog entry: EPA for Operating System Patches (not the patch management)EPA for Operating System versionEPA device certificate verificationEPA Antivirus Check (Windows Defender as sample)EPA Registry check and CWA (Citrix Workspace Agent) verificationEPA Registry check and CWA (Citrix Workspace Agent) verification with the use of NetScaler expressions To be able to use EPA with Advanced Expressions we will look it up in the search box and click the search result (fastest operational approach). EPA for Operating System version With the following policy we do want to verify the Operating System version. For this purpose we either could use the "Windows" element, as it includes one configuration option, or even the "Common" option within the EPA Editor (first option). Note that for the purpose of this blog entry we have chosen the Windows menu as first configuration item. Windows >> Windows OS >> Select Operating System and edit desired minimum version Corresponding string: sys.client_expr("sys_0_WIN-OS_NAME_anyof_WIN-11_BUILD-NUM_==_22621[COMMENT: Windows OS]") Important: Be careful when creating the logic = , || , && , <= , etc. as this is a source of common mistake during policy setup. EPA Antivirus Check (Windows Defender as sample) One commonly demanded check is the verification of a security element as could be an Anti Virus solution. In this case and for this specific example we have chosen Windows Defender, but a variety of other security solutions are supported and available. Note that for the purpose of this example we only have used the main version for detection. sys.client_expr("app_0_ANTIVIR_90_362_VERSION_>=_4.20[COMMENT: Windows Defender]") EPA Registry check and CWA (Citrix Workspace Agent) verification with the use of NetScaler expressions As we have seen in the last example when using Registry Key EPA expressions it can get somehow complex from an expression point of view, especially if we wanted to make a more complex rule like V1 || V2 || V3, meaning the verification of different CWA (Citrix Workspace Application) versions. To make it easier form an operational point of view we can make usage of the "Expressions" functionality within NetScaler. You have to navigate to: App Expert >> Expressions >> Advanced Expressions It is highly recommended to make use of the Advanced and not the Classic expressions as those will be deprecated in upcoming versions. We will proceed in creating our EPA Policy with the corresponding Expressions that we have created.
Within this article we want to proceed in showcasing some basic EPA (End Point Analysis) policies that we can implement within our organization to enhance security. Please do note that we will not necessarily get into the details on setting up pre or post authentication EPA policies, but more concentrate on the EPA policies itself. For reference here the short list and their setup that we will be describing in this blog entry: EPA for Operating System Patches (not the patch management)EPA for Operating System versionEPA device certificate verificationEPA Antivirus Check (Windows Defender as sample)EPA Registry check and CWA (Citrix Workspace Agent) verificationEPA Registry check and CWA (Citrix Workspace Agent) verification with the use of NetScaler expressions To be able to use EPA with Advanced Expressions we will look it up in the search box and click the search result (fastest operational approach). EPA for Operating System version With the following policy we do want to verify the Operating System version. For this purpose we either could use the "Windows" element, as it includes one configuration option, or even the "Common" option within the EPA Editor (first option). Note that for the purpose of this blog entry we have chosen the Windows menu as first configuration item. Windows >> Windows OS >> Select Operating System and edit desired minimum version Corresponding string: sys.client_expr("sys_0_WIN-OS_NAME_anyof_WIN-11_BUILD-NUM_==_22621[COMMENT: Windows OS]") Important: Be careful when creating the logic = , || , && , <= , etc. as this is a source of common mistake during policy setup. EPA Antivirus Check (Windows Defender as sample) One commonly demanded check is the verification of a security element as could be an Anti Virus solution. In this case and for this specific example we have chosen Windows Defender, but a variety of other security solutions are supported and available. Note that for the purpose of this example we only have used the main version for detection. sys.client_expr("app_0_ANTIVIR_90_362_VERSION_>=_4.20[COMMENT: Windows Defender]") EPA Registry check and CWA (Citrix Workspace Agent) verification with the use of NetScaler expressions As we have seen in the last example when using Registry Key EPA expressions it can get somehow complex from an expression point of view, especially if we wanted to make a more complex rule like V1 || V2 || V3, meaning the verification of different CWA (Citrix Workspace Application) versions. To make it easier form an operational point of view we can make usage of the "Expressions" functionality within NetScaler. You have to navigate to: App Expert >> Expressions >> Advanced Expressions It is highly recommended to make use of the Advanced and not the Classic expressions as those will be deprecated in upcoming versions. We will proceed in creating our EPA Policy with the corresponding Expressions that we have created.