Symantec Security Expressions Server инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 97 страниц
- 0.28 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Software Licenses & extens
Symantec Ghost Solution Suite
13 страниц -
Antivirus software
Symantec Internet Security For Mac
20 страниц -
Computer Accessories
Symantec 11022527
584 страниц 3.61 mb -
Assistance programme
Symantec Norton Utilities
36 страниц -
Antivirus software
Symantec Norton 360 6.0
186 страниц -
Switch
Symantec ATCA-2210
14 страниц 0.87 mb -
Network Card
Symantec Critical System
122 страниц 1.3 mb -
Antivirus software
Symantec Norton AntiVirus 2011
42 страниц
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Symantec Security Expressions Server. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Symantec Security Expressions Server или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Symantec Security Expressions Server можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций Symantec Security Expressions Server, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции Symantec Security Expressions Server должна находится:
- информация относительно технических данных устройства Symantec Security Expressions Server
- название производителя и год производства оборудования Symantec Security Expressions Server
- правила обслуживания, настройки и ухода за оборудованием Symantec Security Expressions Server
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Symantec Security Expressions Server это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Symantec Security Expressions Server и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Symantec, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Symantec Security Expressions Server, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Symantec Security Expressions Server, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Symantec Security Expressions Server. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
SecurityExpressions Server User Guide[...]
-
Страница 2
[...]
-
Страница 3
iii Table Of Contents Contacti ng Us .................................................................................................................. .... 1 Technical Support .............................................................................................................. .. 3 Contacting Tec hnical Su pport ..........................[...]
-
Страница 4
SecurityExpressions Server User Guide iv Policy File Librar y ............................................................................................................ 18 Library Synchr onization ................................................................................................ 18 About Policy Files ................................[...]
-
Страница 5
Table Of Contents v Device Type Scopes ..................................................................................................... 39 IP Range Scopes ......................................................................................................... 39 Machine List Scop es.............................................................[...]
-
Страница 6
SecurityExpressions Server User Guide vi Adding Po licies ............................................................................................................ 57 Editing Po licies ............................................................................................................ 58 Deleting Po licies ...............................[...]
-
Страница 7
Table Of Contents vii Adding a New Audit Resu lts Report Profil e ..................................................................... 81 Editing Audit Report Results Pr ofile s .............................................................................. 83 Deleting Audit Report Results Pr ofile s ................................................[...]
-
Страница 8
[...]
-
Страница 9
1 Contacting Us Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA http://www.symantec.com Technical Support[...]
-
Страница 10
[...]
-
Страница 11
3 Technical Support Symantec Technical Support maintains support cent er s globally. Technical Support’s primary role is to respond to specific queries about product fe atures and functi onality. The Technical Support group also creates content for our onlin e Know ledge Base. The Te chnica l Support group works collaboratively with the other fun[...]
-
Страница 12
[...]
-
Страница 13
5 Other Products SecurityExpressions Console This product enables you to quickly and effective ly loc k down Windows system s using guidelines similar to ones established by Microsoft, NSA, SANS, and other s. Use it to verify the security settings on local and rem ote systems across your enterprise. See how well your systems are protected by comp a[...]
-
Страница 14
[...]
-
Страница 15
7 Overview About SecurityExpressions Audit & Compliance Server SecurityExpressions Audit & Complianc e Server is a Web-based application that runs on a server with Microsoft IIS and an ASP.NE T infrastructure installed. From a Web brow ser on any computer, you can securely perform most audi t and compliance functions, such as audit scheduli[...]
-
Страница 16
[...]
-
Страница 17
9 Self-Service Audit What is Self-Service Auditing? Self-service auditing lets anyone audit just th eir local Windows computer. Typically, a person performing self-service audits is not a Security Expressions user, but must have administrator privileges on the computer they're auditing. A design ated Web p age gives self-service auditors acces[...]
-
Страница 18
SecurityExpressions Server User Guide 10 check your system again st several policy files during one audit. If the administrator of this product created an Audit-on-Connect scope th at contains your system, you may u se this method to start an audit on your sy stem. Audit results are automatically record ed for review and reporting. If the administr[...]
-
Страница 19
11 Configure Servers About Server Configuration Before you can audit syste ms using the server a pplication, you must configure server settings. From fundamental settings such as database c onne ction and policy-file-library synchronizati on to specific settings that drive scheduled and Audit-on-C onnect, the Settings tab provides a central locatio[...]
-
Страница 20
SecurityExpressions Server User Guide 12 Viewing Audit Results SecurityExpressions genera tes audit results throug h th e following kinds of audits. To view results from each kind of audit, a user need s rights to view results from key configurable items (m achine lists, policies, and scopes) involved in the audit. The configurable items to which a[...]
-
Страница 21
Configure Servers 13 We recommend you don’t use SQL Server's master datab ase as the SecurityExpressions database. To establish a valid database connection: 1. In the Database Type drop-down list, select the manu facturer of the database software you use. 2. In the Database Server Name box, type the name of the computer containing the databa[...]
-
Страница 22
SecurityExpressions Server User Guide 14 If the system on which you installed the serv er software is not running Windows 2000 Server, skip this procedure. 1. On the Windows 2000 server, open Control Panel and double-click Administrative Tools and then Internet Information Services to open the IIS Administrative Panel. 2. In the Web Site folder, ri[...]
-
Страница 23
Configure Servers 15 Once you create a credential store, you can't modify i t. To create a credential stor e: 1. In the Application Setup page, click Add New . 2. In the New Credential Store User Name box, type a user name for logging in to this credential store. 3. Optional: In the New Credential Store User Fu ll Name box, type a descriptive [...]
-
Страница 24
SecurityExpressions Server User Guide 16 Session Duration Session duration is a time-out period that sets the m aximum number of minutes for a Web session. The session lasts until this time passes or a d ifferent Browser accesses the server. When t he sess ion exp ires, local s ession infor matio n, incl uding a uthen ticat ion, is lost. Many setti[...]
-
Страница 25
Configure Servers 17 Item Rights The Item Rights option s, found on the Page Access page, let you list which Windows User Groups are allowed to do the following: Edit Private Items Allow others to modify items that are norm ally exclusive to the user who created them, such as My Machine Lists and scheduled tasks. Miscellaneous Target Usually, the V[...]
-
Страница 26
SecurityExpressions Server User Guide 18 When you schedule an audit, you can specify which computer s to audit by selecting machine lists created on the My Machine Lists page and machine lists created in the console ap plication (global machine lists). You can grant or restrict access to My Machin e Lists and the results from audits using them with[...]
-
Страница 27
Configure Servers 19 To check for frequent policy file updates, you may ch oose to Check for policy file updates during a specific time period (days, minutes, hours). If updates exist, they will be downloaded for the SecurityExpressi ons Audit & Compliance Server to use. Check Now updates the policy files immediately. 3. Click Update to store t[...]
-
Страница 28
SecurityExpressions Server User Guide 20 (weighted total of OK results ÷ (weighted total of OK rules + weighted total of Not OK rules)) × 100 Example An audit contains four rules: • 1 High Priority • 1 Medium Priority • 1 Low Priority • 1 no priority or impact, and no Weight key exists The weight values are: • High:1.5 • Medium:1.0 ?[...]
-
Страница 29
Configure Servers 21 3. Agent - Uses the audit age nt to remotely execute scripts and progr ams. Before auditing, make sure to install the agent on the remote computer or check the Automatically install Agent if requir ed in order to execute scripts and programs remotely box. Automatically install Agent if required to execute scripts and programs r[...]
-
Страница 30
SecurityExpressions Server User Guide 22 Database Cleanup The database stores da ta about audits, as well as console and server events. You might decide that it is unnecessary to use database space to retain this data per m anently . The Database Cleanup settings allow you to automatically delete data from the database on a schedule. You can also u[...]
-
Страница 31
Configure Servers 23 target for every week, month, ye ar, or overall. If you select Yearly, for example, the databa se will retain the l ast audit performed on every policy file and on every target audited for every year you've audited using this database. Because cleanups occur nigh tly, th e last audit saved during the current year could pot[...]
-
Страница 32
SecurityExpressions Server User Guide 24 Clean Now Click this button to perform an unschedu led cleanup on audit data. Then click Delete to confirm the action or Cancel to cancel it. Self-Service Audit Agreement An organization may require the acceptance of corporate agr eement text before allowing an audit. Your organization can customize an agr e[...]
-
Страница 33
Configure Servers 25 Select this check box to enable SecurityExpressi ons' Web-services layer. To learn more abou t the Web-services layer, see SecurityExpressions Web Services API guide , included in your installation package. Allow Remediation Select this check box to allow Web-services re mediati on functions to apply fixes to computers aud[...]
-
Страница 34
[...]
-
Страница 35
27 Audit-On-Connect What is Audit-on-Connect? Audit-on-Connect is an opt i onal fe ature of Secu rityExpressions A udit & Compliance Server that is sold separately. It enables you to audit systems as they connect to the netw ork rather than on a fixed schedule. This allows you to audit system s that might not be regularly or predictably connect[...]
-
Страница 36
SecurityExpressions Server User Guide 28 scope or scheduled task . Description Optional statement about the policy. Policy File Name of the policy file (.sif), from the policy file library or a customized policy file. Last Updated Date and time the policy file was last saved to the database. Configure Some policy files, such as the NSA Guidelines f[...]
-
Страница 37
Audit-On-Connect 29 to control how often a system gets audi ted — as long as a posture result remains v ali d, the software won't attempt to audit a system if it connects t o the n etwork again. Instead, it returns a posture result of Pass. Cache Fail For (Audit-On-Connect Only) Specify how long posture results remain valid when the system f[...]
-
Страница 38
SecurityExpressions Server User Guide 30 policy. This establishes which users can access thi s policy and its audit results due to their rol e. If a Windows User Group isn't on the l ocal computer, you'll need to enter the group in domaingroupname format. • In the Use Policy field, enter the Windows groups who should be able to modify [...]
-
Страница 39
Audit-On-Connect 31 6. Check the Policy is kept up to date with Policy File Library box if you want to regularly update the SIF files in this policy using the policy file library avail able on line. This option is available onl y if the server can access a Policy File Library. 7. If you want the policy to be available to use in audits, check th e M[...]
-
Страница 40
SecurityExpressions Server User Guide 32 1. The name for the new rule must be .CONFIGURE. 2. The check type can be blank, or you can type CONFIGURE. 3. In the Parameters tab, the Config parameter is set to .CONFIGURE (Config=.CONFIGURE). When you set the Config key, the WizParams tab appears. On this tab you can type text using the Wiz Params synta[...]
-
Страница 41
Audit-On-Connect 33 and modify the .CONFIGURE rule. When you create a new Policy and select an associated polic y file, the server application determines if a .CON FIGURE rule exi sts and displays prompts for modifications. This rule may require synchronizat ion between the datab ase and the policy file. To synchronize the database and the new file[...]
-
Страница 42
SecurityExpressions Server User Guide 34 All scope types except Expr ession c an accept as many values as you wa nt to enter, listing one value per line. Scope t y pe Expre ssion only accepts one expre ssion. 6. Indicate if the network link speed of the syst ems in this sc ope are Unspecified, Slow or Fast. If all systems in the scope use a fast co[...]
-
Страница 43
Audit-On-Connect 35 Device Connect Notifications - Sends selected notific ati ons when a device is detected in this Scope, regardless of audit po sture. This value m ay be blank. Pass Notifications - Sends selected notifi cation s if the audit's group posture result is Pass. Fail Notifications - Sends selected notifications if the audit's[...]
-
Страница 44
SecurityExpressions Server User Guide 36 • notifications • Windows Group access Credential Precedence: If your organization uses the console application and someone delegated one or more database ma chine lists to the server application , and if one of the systems identified in this scop e is also listed in one of those database machine lists, [...]
-
Страница 45
Audit-On-Connect 37 blank. Pass Notifications Notificat ions to run when the Group Posture of an audit in this scope is PASS. This v alue may be blank. Fail Notifications Notificatio ns to run when the Group Posture of an audit in this Scope is FAIL. This value may be bl ank. Error Notifications Notificat ions to run when the Group Posture of an au[...]
-
Страница 46
SecurityExpressions Server User Guide 38 Supported Functions Function Argument Description iprange a valid IP range Returns TRUE if the target computer is a member of the IP range. domain a windows domain in Netbios or DNS format Returns TRUE if the target computer is a member of the windows domain. machinelist a database machine list created using[...]
-
Страница 47
Audit-On-Connect 39 Audits can detect systems on the ne twork usin g the following methods: DHCP, EVENTLOG, NAC, self-service (for self-service audits). A system matches this scope if the conn ection monitor used to connect to it matc hes th e value entered. Device Type Scopes Lets you indicate a kind of syst em to audi t. Choices are Windo ws, UNI[...]
-
Страница 48
SecurityExpressions Server User Guide 40 Creating New Command Notifications To create a new command notification: 1. Click Add New . 2. Provide a Notification Name , a customized name of the notification to appear in the table. 3. Select Command as the Type . 4. Type the Command to run, which may be a URL. Include the command Arguments. You can pas[...]
-
Страница 49
Audit-On-Connect 41 To edit a Notification, click the Edit hyperlink on the Notifications table to select the row to edit. Make the necessary modification s and cl ick Update . To Edit an email notification, ma ke the necessary m odifications to: • Notification Name • To – person receiving the notification . This address appears as the Value [...]
-
Страница 50
SecurityExpressions Server User Guide 42 To create a new command notification: 1. Click Add New in the Notifications page. 2. Provide a Notification Name, a customized na me of the notification to appear in the table. 3. Select Command as the Type. 4. Type the Command to run, which may be a URL. Include the command Arguments. You can pass variables[...]
-
Страница 51
Audit-On-Connect 43 A Subject or Message may contain text such as "L ate st SecurityExpressions audit locat ed at %RESULTLINK%." Exceptions Exceptions Exceptions prevent certain syst ems from ever getti ng audited, even if they fall wi thin a scope. When a system connect s to the network, the server soft ware checks all scopes to see if t[...]
-
Страница 52
SecurityExpressions Server User Guide 44 To edit Exceptions: 1. Click the Edit hyperlink on the Exceptions table to select the row to edit. 2. Modify the Exception parameters ( Type , Value , Expiration Date , Group Posture Result ) 3. Click Update . Deleting Exceptions To delete an Exception: 1. Click the Edit hyperlink on the Exceptions table to [...]
-
Страница 53
Audit-On-Connect 45 Specify and confirm a password. SecurityExpressi ons Audit & Compliance Server generates an encrypted password that you must add the to t he configuration files for each of the Connection Monitors. Include the encrypted password in the [Options] section of the configuration file wi th the Password option. Settings for DHCP P[...]
-
Страница 54
SecurityExpressions Server User Guide 46 Password = AES: cb789817f8d99c7e5a1e5beb8510bf71 Once you enable the connection monitor , it can be processed at any time. Connection Monitor Configuration File Connection Monitors use a text file named dmconfig.txt that resides in the same directory as the Connection Monitor (Program FilesAltirisSecuri t[...]
-
Страница 55
Audit-On-Connect 47 Comma-Separated List of Servers Includes the names of the audit servers . A comma separates each server n ame. Options The Options section of the configuration file contains any settings needed to control the Connection Monitors, such as en abling logging an d identifying the location and name of the log file. Port The port you [...]
-
Страница 56
SecurityExpressions Server User Guide 48 Active Directory (Active Directory Connection Monitor only) Set the Active Directory (event log) monitoring options. IncludeAllDomainControllers Retrieves names of all Domain Contr ollers on the Domain system where the m onitor resides and monitors the event logs of all Domain C ontrollers. One (1) is the de[...]
-
Страница 57
Audit-On-Connect 49 DistributionMethod=Round Robin Comment=Home office ip addresses [IP_RANGE_2] IPRange=10.0.2.0:254 AuditServers=server3,server1,server2 DistributionMethod=First Available Comment=California office ip's [Default] IPRange=Default AuditServers=server1,server2 DistributionMethod=Round Robin Comment=Catch anything not explicitly [...]
-
Страница 58
SecurityExpressions Server User Guide 50 Enabling slow link detection might extend processing time. Trace Route Information Trace route is a TCP/IP utility that allows the user to determine the route th at packets are taking to a particular host. Your notifications can includ e a tr ace route if you select thi s optional setting, Make trace route i[...]
-
Страница 59
Audit-On-Connect 51 A managed system is a system on the network that the server sof tware can connect to and audit using the appropriate credentials. It i s a target system or potential target system. Initial Token Sends the posture token you sel ect to ACS if a system receives a posture result of Fail. Both Managed and Unmanaged Network Access Dev[...]
-
Страница 60
SecurityExpressions Server User Guide 52 A read-only line that reminds you to configure ACS so that NAD red irects users who try to connect to the network from quarantined syst ems to the URL listed. Redirection Web Page Behavior Select the information and resources th e redirection Web page should provide to users on quarantined systems if URL red[...]
-
Страница 61
Audit-On-Connect 53 To trace Audit on Connect activity: 1. Determine when the suspect activity will start and how long it will take to finish. 2. When the suspect activity is about to b egin, type the hours and minutes you expect the activity to take in the Run AOC Trace for fields and cl ick Start Trace . If you type 0 hours and 0 minutes, the tra[...]
-
Страница 62
[...]
-
Страница 63
55 Audit-On-Schedule What is Audit-on-Schedule? Audit-on-Schedule is an auditing method that au dits a group of systems at scheduled interval s. You create a scheduled task that audits all system s in a machine list based on a policy. When the audit is finished, the task can send notification s indicating the audit is done and where to view audit r[...]
-
Страница 64
SecurityExpressions Server User Guide 56 Description Optional statement about the policy. Policy File Name of the policy file (.sif), from the policy file library or a customized policy file. Last Updated Date and time the policy file was last saved to the database. Configure Some policy files, such as the NSA Guidelines for Wind ows XP and Windows[...]
-
Страница 65
Audit-On-Schedule 57 posture result remains v ali d, the software won't attempt to audit a system if it connects t o the n etwork again. Instead, it returns a posture result of Pass. Cache Fail For (Audit-On-Connect Only) Specify how long posture results remain valid when the system fails an audit based on this policy . This is a way to contro[...]
-
Страница 66
SecurityExpressions Server User Guide 58 a Windows User Group isn't on the l ocal computer, you'll need to enter the group in domaingroupname format. • In the Use Policy field, enter the Windows groups who should be able to modify the policy. • In the Remediate field, enter the Windows group s who should be able to remediate audit re[...]
-
Страница 67
Audit-On-Schedule 59 This option is available onl y if the server can access a Policy File Library. 7. If you want the policy to be available to use in audits, check th e Make this policy active box. Clear the check box to make the policy unavailab le t o use in audits without deleting the policy. 8. If you want to policy to be available to use in [...]
-
Страница 68
SecurityExpressions Server User Guide 60 3. In the Parameters tab, the Config parameter is set to .CONFIGURE (Config=.CONFIGURE). When you set the Config key, the WizParams tab appears. On this tab you can type text using the Wiz Params syntax that control s the available text, input options, and parameters to modify in the Wizar d . 4. View the Wi[...]
-
Страница 69
Audit-On-Schedule 61 modifications. This rule may require synchronizat ion between the datab ase and the policy file. To synchronize the database and the new file, save the policy file in the datab ase with a new name with new parameters for the .CONFIGURE rule, if previously saved in the database. Notifications Notifications You can opt to receive[...]
-
Страница 70
SecurityExpressions Server User Guide 62 The group posture result i s %GROUPPOSTURER ESULT%. Click here for the report: %RESUL TLIN K% 5. Select Attach trace route information for Audit-on-Connect for the message body to include the trace route. The message body alwa y s includes a link to the report for the audit that caused this notification. 6. [...]
-
Страница 71
Audit-On-Schedule 63 folder. 5. Click Add New . Creating New Email Notifications To create a new email notification: 1. Click Add New . 2. Provide a Notification Name, a customized na me of the notification to appear in the table. 3. Select Email as the Type. 4. Complete the following email informatio n: To – person receiving the notification . T[...]
-
Страница 72
SecurityExpressions Server User Guide 64 The following three variables will only return a value i f statistics are available: %COUNTPROBLEMS% - number of error s encountered during the audit %COUNTRULES% - number of rules used to audit th e machine list %SCORE% - the overall score resulting from the audi t The following four variables will only ret[...]
-
Страница 73
Audit-On-Schedule 65 Windows Group Use A cce ss Windows User Groups who can use this machine list. Windows Group Resul ts Access Windows User Groups who can view results from audits using this machine list. Adding Machine Lists To create a machine list: 1. Click the Audit-On-Schedule tab and then the My Machine Lists link. 2. Click the Add button t[...]
-
Страница 74
SecurityExpressions Server User Guide 66 Make sure you type the system n ames or IP addresses correctly. If you did not type a system's name or address correctly or somehow entered an invalid syst em, the audit skips the system and moves on to the next system in th e list. 5. Set Windows Group Acces s . Enter Windows gr oups, separated by a co[...]
-
Страница 75
Audit-On-Schedule 67 The Scheduled Tasks table contains the following information: Column Description Run Now/Stop/Initializing Click this button to start or st op the task in this row. This column also displays "Initial izing" when a task is in the middle of a process. Edit Click this link to edit the task in this row. Delete Click this [...]
-
Страница 76
SecurityExpressions Server User Guide 68 Policies page. Only the policies to which you have Use acce ss rights appear for sel ection . Access rights for individual policies are set in the Windows Group Access options on the Policies page. If you can't find a policy you need t o use, ask the policy 's creator to add you to one of the Windo[...]
-
Страница 77
Audit-On-Schedule 69 Run Once – The scheduled task execu tes once on this day and does not repeat. In the calendar, choose the date on which you want to run the task. Run Weekly – The task executes once every week on the day(s) you select. C heck the days of the week on which you want to r un the task. Run Monthly – The task executes only dur[...]
-
Страница 78
SecurityExpressions Server User Guide 70 restart would take. B. If you want to set a time limit on how long the ta sk can attempt reaudits, type the number of hours you want to allot for reaudi ts in the Attempt re-audit for this many hours after initial audit box. A reaudit cycle could go on indefinitely if a system i s off or never connects. Sett[...]
-
Страница 79
Audit-On-Schedule 71 15. If you want to use specific credential s to access all systems whenever this audit task runs, type those credenti als in the Login box. If you do not want to specify credential s, skip to step 18. 16. In the Password box, type the password of the credential s you specified in the previous step. 17. If you want to make sure [...]
-
Страница 80
SecurityExpressions Server User Guide 72 Only the machine lists to which you have Use ac cess rights appear for selection . Access rights are set in the Windows Group Access opti ons on the My Machine Lists page and the ML Access page (global ma chine lists). If you can't find a machine you need t o use, ask the machine list's creat or or[...]
-
Страница 81
Audit-On-Schedule 73 If you selected Not Scheduled in the previous step , th ese options don't appear. Notifications 9. If you want to send notifications when this sch eduled task executes, selec t one or more notifications from the Notifications list or the Console Notifications list. The Notifications list con tains the notifications created[...]
-
Страница 82
SecurityExpressions Server User Guide 74 A reaudit cycle could go on indefinitely if a system i s off or never connects. Limiting the number of times the task can attempt t o re audit systems keeps the reaudit cycl e from continuing indefinitely. Both steps B and C provide end points to th e reaudit cycle. You may use on e method or the other, or b[...]
-
Страница 83
Audit-On-Schedule 75 In the Edit Task field, enter the Windows grou ps who should be able to modify the task. In the Run Task field, enter the Wind ows groups who should be able to use the t ask to perform audits. To grant all users access, type Everyone . To restrict all users, type None . 19. Click the Update button to create this scheduled task [...]
-
Страница 84
[...]
-
Страница 85
77 View Audit-On-Connect Activity Browse Audit-On-Connect Activity Audit-On-Connect activity reports show Audit-On-Connect conn ection events as they were logg ed over time. Use these reports to trouble shoot and optimize Audit-on-Connect conf igurations. SecurityExpressions Audit & Compliance Serv er dynamically gener ates reports based on pre[...]
-
Страница 86
SecurityExpressions Server User Guide 78 2. Select one or more Detection Methods . The detec tion method identifies the Connection Monitor types. 3. Define filters that cause only certain events th at meet your criteria to display in the report. Click the links and set the criteria. You may set as many kinds of filters as you like. The report'[...]
-
Страница 87
View Audit-On-Connect Activity 79 2. When you delete a report p rofile, you remove it from the database. A warning appears to remind you that you are about to this particular rep ort profile from the database. Cancel the action or delete the rec ord. Audit-On-Connect Error Log Report The Audit-On-Connect Error Log Report displays th e errors for ea[...]
-
Страница 88
[...]
-
Страница 89
81 View Audit Results Browse Audit Results This page shows audit results in the f or m of report s. It features results from al most all kinds of auditing methods, including: • Audit-on-Schedule • Audit-on-Connect • self-service audits based on multiple policy files and Audit-on-Conn ect sc opes • audits performed on any consoles connected [...]
-
Страница 90
SecurityExpressions Server User Guide 82 • Data Grid - Generates a highly interactive HTML report with lots of opportuni ties to drill down. Click the links and set the criteria. Y ou m ay set as many kinds of filters as you like. The report's contents are based on a combination of all filters you set. To learn more about the available filte[...]
-
Страница 91
View Audit Results 83 • Open or closed range beginning on a specific day - Includes in the report a r ange of connection activity starting on a sp ecific date. You may specify an end for the date range or let the report display all activity available after the starting date. • Relative range from the current date - Incl udes in th e report a ra[...]
-
Страница 92
[...]
-
Страница 93
85 Glossary # .CONFIGURE: Some policy files, such as the NSA Guidelines for Windows XP and Windows 2000, contains special rule named .CONFIGU RE. The .CONFIGURE r ule allows you to configure your policy files and set global parameters f or policy files at run time. A Active Directory Connection Monitor: Connection monitor for Active Directory domai[...]
-
Страница 94
SecurityExpressions Server User Guide 86 P policy: A Security Policy is a set of objectives, ru les of behaviour for users and administrators, and requirements for system configurati on and management th at collectively are designed to ensure Securit y of compute r systems in an organization. Priority: Importance of applying the rule. Priority may [...]
-
Страница 95
87 Index . .CONFIGURE............................... 31, 59, 66 .sif .................................................. 27, 55 A access and user ro les .................. 11, 16, 17 Active ................................................... 36 Active Directory Connection Monitor ........ 44 adding polic ies ................................. 29, 57 [...]
-
Страница 96
SecurityExpressions Server User Guide 88 H https ..................................................... 13 I IIS ........................................................ 13 IP addres s ............................ 33, 44, 45, 48 IP range ..................................... 36, 39, 48 L license key ............................................ 15 Li[...]
-
Страница 97
Index 89 rule weig hts........................................... 19 run-time policy variable .................... 31, 59 S scheduled audi ts ......................... 55, 66, 81 scheduled audi ts log ............................... 83 Scheduled tasks viewing .............................................. 71 Scheduled ta sks .................... 27[...]