As we have seen so far, UAG has several mechanisms to validate a user and the user's computer. We can check for a password, certain software products that are installed, and even the computer's domain membership—but is it SAFE? Well, real paranoids have no limits, and it's our job as information security specialists to be at least somewhat paranoid, right?
You probably know that a computer's domain membership can be faked rather easily, and a getting a user to cough out his password is also not very hard, mostly. However, unless you walk around with a tin-foil hat, you will probably agree that a digital certificate is one of the most solid ways to verify a computer's identity. For this, UAG supports Certified Endpoints, which means Endpoints that have a digital certificate. By issuing an individual digital certificate to every client by a corporate Certificate Authority server, we can be sure that an incoming client machine is really who it says it is. To be clear, this...