Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NC Client Check

SOLVED
Go to solution
MichAda_
Occasional Contributor
‎10-21-2011 08:34:AM
‎10-21-2011 08:34:AM

NC Client Check

Quick question.

Exactly what does this setting do?

Users > Roles > "RoleName" > Network Connect > Options > Other Options > "NC Client Check"

Tried to search for info in the admin guide, kb, ect, but can find anything.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
AJA_
Frequent Contributor
‎10-25-2011 11:42:PM
‎10-25-2011 11:42:PM

Re: NC Client Check

Hello MichAda,

I appreciate your response and yes, your understanding is correct now. I am happy that I could help you, but I am trying to understand why wouldn't this solution get an approval from you. Smiley Tongue

Well, to add more value and with intention to help you understand this option better, I have included more detail on this - Could you please mark "accepted solution" if this did help you this time?

Scenario:

- The binary mentioned above can be tampered by hackerÕs using their own tools to inject their own code on the
.exe to function different other than the way intended by Juniper Networks.
- To avoid this tampering, we now sign the binary using code signing certificateÓ

- This means, we have the signature of the binary and we generate a hash valueÓ for the binary and store on the
binary.

- This way, anybody who wants to tamper our binary, needs the private key we generated as well.

Solution

- Now, when we enable NC Client Check, the service binary (dsNCService.exe) is verified by the Network
Connect GUI.

- This way, we know that the service is not tampered.

- If a service is already started and is on the system, then the client is expected to verify the serviceÓ which
means, verify the digital signature and later stop and restart the service.

- When in this case of stopping and restarting the service, we would need administrator privilege or JIS
installed on the client machine.

Thanks

View solution in original post

0 Kudos
6 REPLIES 6
ELKIM_
Occasional Contributor
‎10-22-2011 10:22:AM
‎10-22-2011 10:22:AM

Re: NC Client Check

Hi MichAda

NC Client Check is to check the integrity of Network Connect client components prior to starting a Network Connect tunnel.

if intergrity check fails you will be prompted with error 23787 - Cannot start the Network Connect service. Please re-install network Connect.Ó

Thanks

EL

0 Kudos
MichAda_
Occasional Contributor
‎10-24-2011 07:01:AM
‎10-24-2011 07:01:AM

Re: NC Client Check

Interesting.

I still don't get it though.

Is it just to make sure they get a failure notice before it fails?

I would think that a failure would also indicate a problem : )

We have a user that is having a script problem after an upgrade from 7.0 to 7.1 now, and they have been told to re-install.

I think I'll tick the "NC Client Check" box and see if it helps.

0 Kudos
AJA_
Frequent Contributor
‎10-25-2011 04:13:AM
‎10-25-2011 04:13:AM

Re: NC Client Check

Hello MichAda,

This is just like a client side security check.

When this option is enabled, NC UI will verify the digital signature of the service binary.

JIS must be installed if user doesnÕt have admin privilege as this process involves service restarting.

Hope the above helps

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

0 Kudos
MichAda_
Occasional Contributor
‎10-25-2011 06:37:AM
‎10-25-2011 06:37:AM

Re: NC Client Check

Yeah, it all helpful at this point.

I hate to be soo slow, but I'm just trying to fully understand the option.

So I guess you would elect to check this option if you want to avoid the possibility of a client connecting, and setting up a tunnel, with altered, or tampered, Network Connect files.

Really appreciate the post! Smiley Happy

0 Kudos
AJA_
Frequent Contributor
‎10-25-2011 11:42:PM
‎10-25-2011 11:42:PM

Re: NC Client Check

Hello MichAda,

I appreciate your response and yes, your understanding is correct now. I am happy that I could help you, but I am trying to understand why wouldn't this solution get an approval from you. Smiley Tongue

Well, to add more value and with intention to help you understand this option better, I have included more detail on this - Could you please mark "accepted solution" if this did help you this time?

Scenario:

- The binary mentioned above can be tampered by hackerÕs using their own tools to inject their own code on the
.exe to function different other than the way intended by Juniper Networks.
- To avoid this tampering, we now sign the binary using code signing certificateÓ

- This means, we have the signature of the binary and we generate a hash valueÓ for the binary and store on the
binary.

- This way, anybody who wants to tamper our binary, needs the private key we generated as well.

Solution

- Now, when we enable NC Client Check, the service binary (dsNCService.exe) is verified by the Network
Connect GUI.

- This way, we know that the service is not tampered.

- If a service is already started and is on the system, then the client is expected to verify the serviceÓ which
means, verify the digital signature and later stop and restart the service.

- When in this case of stopping and restarting the service, we would need administrator privilege or JIS
installed on the client machine.

Thanks

0 Kudos
MichAda_
Occasional Contributor
‎10-26-2011 06:07:AM
‎10-26-2011 06:07:AM

Re: NC Client Check

Now 'that' I accept as a solution!

While the other posts were helpful, I still didnÕt have the full picture.

I do now.

IÕm Slow, but thoroughÉThank you very much.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.