Netskope Client Hardening
Netskope Client provides various hardening options to ensure its smooth operation. This document provides insights into the hardening features of the Netskope Client installed on devices running Windows 10 or later. By using the Client hardening options, you can prevent users with elevated permissions from altering Client files and services and ensuring that the full functionality of security features offered by Netskope is available to you.
Netskope Client can be installed on end user devices as a non-intrusive application that facilitates a seamless user experience and steering configured end user traffic to Netskope Cloud. By design, the Netskope Client establishes a tunnel to Netskope Cloud by choosing the nearest POP (data center). This ensures the following:
Configured traffic from the client is steered via an optimal path to connect to Netskope POP.
The complete benefits of Netskope security services are available to the customers.
Depending on an organization's IT policy, end users may or may not have administrative rights on their respective system. An end user with administrative privileges has access and controls to alter the default configuration of the Client and its services installed on their devices. This can affect the normal functioning of the Netskope Client and may be detrimental to the organizations’ security policies.
Netskope Client Hardening Options
The following hardening options are available for ensuring smooth operation of Netskope Client on end user devices running Windows 10 or later.
Tamperproofing
Configuration Encryption
Protect Client configuration and resources
Tamperproofing Netskope Client
The following tamperproof options are available as part of the Client configuration. To learn more, see the Tamperproof section of the Client Configuration article.
Disabling or enabling Client
Password protection to prevent unauthorized uninstallation of the Client
Block all traffic if the Client tunnel is not established
Client Configuration Encryption
The Client configuration files generated in the admin configuration and downloaded by the client can be encrypted. To enable encryption, reach out to Netskope Support.
Protect Client Configuration And Resources
When this option is enabled, users with elevated permissions are prevented from altering any sub-part (files, folders, and process) of the Netskope Client installation. It prevents users from modifying, renaming, or deleting Netskope processes, folders, files, and registry keys.
Supported Platforms: Windows 10 or higher versions.