Professional Documents
Culture Documents
User Guide
Release
3.0
January 2012 R2
Copyright 2011, Juniper Networks, Inc.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. Copyright 2011, Juniper Networks, Inc. All rights reserved.
M1/10/12
ii
Table of Contents
Downloading and Installing Junos Pulse ........................................................... 1 Available Junos Pulse Features...................................................................1 Adding a Secure Connection ............................................................................ 2 Connecting....................................................................................................... 4 Viewing Connection Status Icon ................................................................ 4 Viewing Connection Status Screen............................................................. 4 Using Security Features.................................................................................... 6 Registering Security ................................................................................... 6 AntiVirus ................................................................................................. 10 Malware, Prohibited Application, and Suspicious Application Detection .. 12 Monitor and Control ................................................................................ 17 Back Up Data........................................................................................... 18 Security Settings ...................................................................................... 19 Anti Theft Features......................................................................................... 20 Uninstalling or Clearing Data ......................................................................... 21 User Interface Modes ..................................................................................... 22 Device Feature Support.................................................................................. 23 Technical Support .......................................................................................... 24 Known Issues and Limitations ....................................................................... 24
iii
iv
Informational Note: The Junos Pulse client is available from the Android Market
application store. 1. 2. From your Android device, download the Junos Pulse software directly to the device. Once downloaded, Junos Pulse installs automatically. Once the application has been downloaded and installed, the Junos Pulse icon appears in the applications menu. See Figure 1 on page 1.
3.
The first time you start Junos Pulse, the End User License Agreement appears. You must Accept the license to begin using Junos Pulse.
Connections: Lets you add, edit, and remove corporate network connections. Intranet: Provides Web links configured by your administrator. Email: Launches your email application. Security: Provides access to security features. Status: Lets you view, delete, and email log files, which you might need to do in a troubleshooting operation. The log files show all security incidents, such as virus scan times and viruses discovered. If you have an established VPN connection, you can also view the status of that connection from this screen. About: Provides software version information.
4.
Connection name: A descriptive name. URL: The Web address provided by your administrator. Uses Certificate: Select this check box if your administrator has provided you with a digital certificate. If you do not use a certificate, you may have to provide a username and password when you connect. Certificate Path: This box is available if you selected the Uses Certificate check box. Select Pick to browse to the certificate file. Key Path: This box is available if you selected the Uses Certificate check box. Select Pick to browse to the network key provided by your administrator.
5.
Connecting
Once you have configured your connection, select the Connect button (see Figure 2 on page 2). If the Select Connection field does not default to the correct connection, you can select it from the pulldown menu. You may have to enter additional information required by your network when you are establishing a connection.
Active Connection
No Session
The active connection icon also appears in the status bar at the top of your device screen. When you close Junos Pulse, that icon remains visible as long as your VPN connection is active.
Connecting
From the Notification bar, the following notification also appears when you have an active VPN connection. See Figure 6 on page 6.
Connecting
Registering Security
Your administrator can configure security registration for your device as automatic URL registration or as a manual registration process.
Once you select Yes, your device is automatically registered for security features.
Manual Registration
In some cases, manual registration may also require you to select a URL provided by your administrator. Once you select the URL, you are prompted to verify that the URL has comes from a trusted source (see Figure 8 on page 8). When you click Yes in the registration prompt, the manual registration screen appears. The registration screen requires that you to enter information such as a license code provided to you by the administrator.
Informational Note: If you are using a WIFI-only device (i.e. such as a tablet with no
cellular service), the phone number field does not appear in the registration window. See Figure 9 on page 9. To manually register security, do the following: 1. 1. 2. 3. 4. Start Junos Pulse. Select the URL provided by your administrator via email, text message, or Web site. Verify the URL is trusted and click Yes when prompted. The registration screen appears (see Figure 8 on page 8). Optionally, enter an Email address and Password. (Email and password information is not used at this time.) Specify the License Code provided by your administrator.
5.
Your devices phone number appears in the Phone Number box. If the number does not appear, enter it manually including Country Code and Area Code without the international dialing prefixes: '00' or '+'. Do not use spaces, parentheses, or special characters. Valid phone numbers are between 11 and 15 digits (including country code). Select Register.
6.
Once youve successfully registered security features, the available features appear (see Figure 10 on page 10) and are now accessible from the Security button (see Figure 2 on page 2). Those features are as follows:
AntiVirus (and Malware Detection): Control antivirus activities and detect installed malware. Monitor and Control: View monitoring settings. Backup Data: Back up contacts and calendar information. Security Settings: Set scan intervals.
Informational Note: Your administrator can enable or disable security features. Figure 10: Security Features
AntiVirus
The AntiVirus feature protects your device by scanning all files and scanning secure digital (SD) cards to prevent device infections from malware that may have been stored on the card. To configure and run antivirus features: 1. 2. 3. Start Junos Pulse. Select Security. Select AntiVirus and configure the following (see Figure 11 on page 12):
Scan Memory Card on Insert: Scans the memory card for malware and viruses. Select the available button to Enable this feature. Scan application on install: Scans the files downloaded at /sdcard/download for malware. Select the available button to Enable this feature.
10
Virus Definitions updated on: Definitions are loaded when you register, and they are updated on a schedule set by the administrator. Select Update Now to update definitions manually. Last scanned for viruses: This field may display one of the following results: Never: This is the scan status when a complete scan was never initiated. Blank: This is the scan status when a complete scan was initiated and it was cancelled or it is in progress. Timestamp: The timestamp of the last scan appears here when a scan has been completed successfully.
Scan all Files and Folders for viruses: Select Start Now to start a complete scan of device data. Select a File or Folder to scan for viruses: You can scan a selected file, folder, or the installed SD card. Click Select to open the component section screen, and choose a scan target. Scan installed applications for malware: Select Start Now to scan applications for malware. View Scan Results: Select Open to view the results of the most recent virus and malware scans. This button takes you to the Scan Results screen described in Scan Results Screen on page 12. View Allowed Suspicious App: Select Open to view the list of applications labeled suspicious that you have allowed. From this screen, you can change your mind and choose to not allow the listed applications. For more information, see page 16.
11
From the AntiVirus screen (see Figure 11 on page 12): Click the View Scan Results Open button. From the notification icon: The notification icon is present at the top of the Junos Pulse screen when any viruses or malware are visible in the Scan Results screen. Select the notification when it is present to open the Scan Results screen. From a device scan: When a scan finishes, if any viruses or malware are found, the Scan Results screen displays at the end of the scan.
12
Prohibited: This tab (see Figure 12 on page 13) lists the applications installed on your device that have been prohibited by your administrator. To remove a prohibited application, select the radio button beside the application name and click the Uninstall button. If you do not uninstall applications that are prohibited, the notification icon continues to appear at the top of the Junos Pulse screen.
13
Malware: This tab (see Figure 13 on page 14) lists the applications installed on your device that are known to be malware. To remove malware, select the radio button beside the application name and click the Uninstall button. If you do not uninstall applications that are found to be malware, the notification icon continues to appear at the top of the Junos Pulse screen.
14
Suspicious: This tab (see Figure 14 on page 15) lists the applications installed on your device that appear to be suspicious. The suspicious label is applied to an application when a set of heuristics determine that the application may be malware. For suspicious applications, you are given the option of allowing the application or uninstalling it. To allow a suspicious application, select the radio button beside the application name and click the Allow button. You must also click Yes to confirm the Allow action. To uninstall a suspicious application, select the radio button beside the application and click the Uninstall button. If you do not uninstall or allow applications that are found to be suspicious, the notification icon continues to appear at the top of the Junos Pulse screen.
15
Allowed Suspicious applications: When you allow a suspicious application, you are provided with a separate screen from which to manage suspicious applications in case you change your mind and want to uninstall an allowed application at a later time (see Figure 15 on page 16). By selecting the check box beside the application name and clicking the Do not allow button, you can move the allowed application back to the Suspicious tab. The allowed applications screen is accessible from the AntiVirus screen View Allowed Suspicious App Open button. (see Figure 11 on page 12).
16
Viruses: This tab (see Figure 16 on page 17) lists the viruses found during the last scan. It is recommended that you delete viruses when they appear here.To delete the virus from your device, select the check box beside the virus name and click the Delete button. To delete multiple viruses at one time, select the Check All button and then the Delete button.
The Monitor and Control screen shows the following settings. Monitoring
SMS: Inbound and outbound SMS messages are logged, including the sender, receiver and contents of each message. MMS: Inbound and outbound MMS messages are logged, including the sender, receiver and contents of each message (not including multimedia). Voice: Call history events are logged, such as initiated outgoing calls and received incoming calls (call duration is not recorded, but the remote phone number is noted.)
17
Log images/pictures: If enabled from the server, the images downloaded or captured on the device are turned into thumbnail images and uploaded to the server. This occurs immediately and is not dependent on log limits.
Logs:
Event limit: When the total number of events (SMS, email, voice, MMS) crosses this threshold, the full suite of logs is uploaded to the server. File size limit: When the total combined file size of all logs (SMS, email, voice, MSS) crosses this threshold, the full suite of logs is uploaded to the server. Note that SMS messages are generally several hundred bytes in size. Emails are usually 2KB or larger (no attachments included). And voice messages are typically 200 hundred bytes.
Control:
Periodic GPS updates: This update period is configured on the server. This setting periodically queries the device position and uploads that information to the server for tracking purposes. Block calls: When enabled, blocks all outbound calls.
Back Up Data
Junos Pulse Mobile Security backs up contact and calendar appointment information to a central location. To restore data, you must contact your administrator. The administrator initiates a restore in the form of an SMS command that tells your device to contact the server to retrieve your backup. To back up device data: 1. 2. 3. Start Junos Pulse. Select Security. Select Backup Data (see Figure 10 on page 10). The backup begins (see Figure 17 on page 19).
18
Security Settings
Security settings are configured by your administrator, and changes are downloaded to your device. You may change security setting updates and scanning intervals by doing the following: 1. 2. 3. 4. Start Junos Pulse. Select Security. Select Security Settings (see Figure 10 on page 10). Optionally set the following (see Figure 18 on page 20):
Update security settings: You can specify how often your device contacts the Junos Pulse server for updated settings. To perform an immediate update, select Update Now. Automatically scan device: This setting is configured by the administrator and you cannot change it.
19
Anti-Theft Features
There are a number of measures that can be taken to protect your device if it is lost or stolen. To activate anti-theft features, contact your administrator. Those features include:
Lock Handset, Unlock Handset, Wipe Handset These features perform differently on different Android OS versions as follows: On Android OS 2.2 and higher
Lock and Unlock Handset If the Device Administrator function is activated, the only way to unlock the device is to send an unlock command from the server. If the Device Administrator function is not activated, the device can be unlocked when an unlock command is sent from the server or by entering the password configured during manual registration. Emergency Call ButtonWhen the device is locked, an Emergency Call button is available from the unlock screen. You can make an emergency call, to 911 for example, when you select this button and enter an emergency number.
SIM Change or RemovalIf the Device Administrator function is activated and Wipe is enabled, a wipe command sets the device back to factory settings. No lock is performed. If the Device Administrator function is not activated and the SIM card is removed or changed, the device switches on GPS Theft Mode, Monitor & Control logging, and the device is locked.
20
Wipe HandsetIf the Device Administrator function is activated, a wipe command sent from the server sets the device back to factory settings. If the Device Administrator function is not activated, a wipe command deletes scheduling, contact and task information, SMS messages, and the memory card.
On Android OS 2.1
Lock and Unlock Handset Locks the device until such time that an unlock command is sent from the server or by entering the password configured during manual registration. Emergency Call ButtonWhen the device is locked, an Emergency Call button is available from the unlock screen. You can make an emergency call, to 911 for example, when you select this button and enter an emergency number.
SIM Change or RemovalIf the SIM is removed, the device switches on GPS Theft Mode, Monitor & Control logging, and the device is locked. If the SIM is swapped for another, the device does all the preceding actions, plus checks if Wipe is enabled, and can wipe sensitive device information automatically. Wipe HandsetDeletes scheduling, contact and task information.
Send BackupIf this data is not stored on the server, this feature gathers the backup information from the device and emails it to the email address provided in the registration process. GPS LocationIf your device is equipped with GPS, your administrator can locate your device. Device location is displayed on the Junos Pulse server. Alarm On and OffBlares a maximum volume alarm sound to locate the device in a nearby location. GPS Theft On and OffSends GPS updates to the Junos Pulse server on a 2 to 5 minute period to fine-tune GPS location if the device is stolen.
If the Device Administrator function is activated, you can uninstall Junos Pulse by doing the following: 1. From the main menu, select Settings> Location & Security (or just Security on some devices).
21
2.
Select Device Administrator and uncheck the Junos Pulse check box. Now you can begin the regular uninstall process.
Full UI: The full UI includes all available Junos Pulse features as described in this manual. Minimal UI: The minimal UI includes the Junos Pulse splash screen, the EULA, and a Home screen that provides an About button. For supported devices only, detected viruses, malware, and suspicious applications are deleted automatically. If your device does not support automatic deletion, prompts are displayed periodically until you manually delete or uninstall the virus, malware, or suspicious application. Security UI: The security UI includes only the Junos Pulse security features and does not provide the ability to make VPN connections.
22
23
Feature
Wipe Device Wipe on SIM Change
Table 2: Android Device Personal Data Erased by Junos Pulse Handset Wipe Command
Personal Data
Appointments Calendar Memos Calendar ToDos Call History Contacts Email Boxes Memory Card Notes SMS and MMS Tasks
Wiped on Android
No No No Yes Yes No Yes No SMS only No
Technical Support
For technical issues, contact your administrator.
Android has limitations in its support for certificates. If you experience the "No cert" error, or if Junos Pulse closes unexpectedly when you try to connect, contact your administrator. At this time, you can only send log files to the administrator using email. No other methods are supported. Although Photo and Video Share appears as an option when you select Send Logs, it is not a valid method for sending logs. You should not select that option when sending log files to the administrator. When the device is locked by either the Handset Lock command or the Lock on SIM Change command, you may still be able to access the devices Home screen and the Notifications screen. If a device does not have cell service, it cannot receive commands. For example, if a device is connected only through WiFi, commands such as Lock and Wipe are not received by the device. If the Device Administrator is not activated, automatic removal of malware and prohibited applications, as well as the automatic application removal feature, are only available on certain Samsung devices. Please refer to the Junos Pulse Supported Platforms Guide for details.
24
Technical Support
Index
A F
feature support chart .
. . . . . . . . . . . . . . . . . . . . .11 . . . . . . . . . . . . . . . .16 anti-theft features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 alarm on and off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 emergency call button . . . . . . . . . . . . . . . . . . . . . . . . . .20 GPS location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 GPS theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 lock handset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 send backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 sim change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20, 21 unlock handset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 wipe handset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 definitions update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 last scanned for viruses . . . . . . . . . . . . . . . . . . . . . . . . . .11 scan file or folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 view allowed suspicious app . . . . . . . . . . . . . . . . . . . . . .11 view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 automatic application removal . . . . . . . . . . . . . . . . . . . . . .13 automatic URL registration . . . . . . . . . . . . . . . . . . . . . . . . . .6 available features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
allowed suspicious applications allowed suspicious applications screen
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
I
installation
.....................................1
L
license code
....................................7
N
notifications icon .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
P
prohibited applications
. . . . . . . . . . . . . . . . . . . . . . . . . . . 13
R
restore data
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
S
scan results
B
back up data
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
C
clear data connecting .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2, 4 add a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 status icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 status screen, full VPN . . . . . . . . . . . . . . . . . . . . . . . . . . .4 URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
D
download application .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
E
emergency call button EULA .
. . . . . . . . . . . . . . . . . . . . . . . . . . . .20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 prohibited applications. . . . . . . . . . . . . . . . . . . . . . . . . . 13 suspicious . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 scan results screen . . . . . . . . . . . . . . . . . . . . . . . . . . . 11, 12 secure connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 automatic URL registration . . . . . . . . . . . . . . . . . . . . . . . . 6 license code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 manual registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 register for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 security settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 suspicious applications . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 allowed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
prohibited .
malware .
U
uninstall .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Index 1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
V
viruses
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
W
WIFI only devices.
................................ 7
Index