Symantec Security Expressions Server manual About Policy Files, How System Scores are Calculated

Page 27

Configure Servers

To check for frequent policy file updates, you may choose to Check for policy file updates during a specific time period (days, minutes, hours). If updates exist, they will be downloaded for the SecurityExpressions Audit & Compliance Server to use.

Check Now updates the policy files immediately.

3.Click Update to store the policy file library configuration. The settings are stored but can be modified.

About Policy Files

Security policies lay a solid foundation for the development and implementation of secure practices within an organization. In SecurityExpressions, policy files contain the rules to which an organization must adhere for their system security configuration. Compliance with policies requires an understanding by staff of not only the individual policies but also of the circumstances in which such compliance is expected in their daily activities. Policy files have a

.SIF extension.

A high-level security policy may outline specific requirements or rules that must be met, such as the rules and regulations for appropriate use of the computing facilities. A technical standard or configuration guideline is typically a collection of system-specific or procedural-specific requirements that everyone must meet. For example, you might have a standard that describes how to harden a Windows workstation for placement on an external network (DMZ). Administrators must follow this standard exactly if they wish to install a Windows 2003 workstation on an external network segment.

The Security Policy File Library provides pre-defined and customizable system security policy files and security guidelines from well-known sources, such as Microsoft, SANS, NSA, NIST, CIS, as well as policy files including Microsoft Patches, user settings, and Solaris patch management. You can select a policy file to use or modify for your audits.

How System Scores are Calculated

The score a system gets from an audit is calculated using the properties of rules checked against the system during the audit. The properties used are:

Rule Result - Each rule returns a result of OK, Not OK, Error, or Info during an audit. Rules that return Info or Error are not included in the calculation.

Weight Values - Each rule is assigned a weight value from one of the three rule keys, in this order: Weight, Impact, or Priority. The Weight key is not a key that each rule automatically has; it must be created by a user.

If a Weight key exists for a rule and has a value, it always becomes the rule's weight value. If there is no Weight key, the rule gets its weight from the Impact key. If neither key has a value, then the rule gets its weight from the Priority key. If none of these keys have a value, the rule

gets a weight value of 1.0.

You can customize the values of rules in one of two places:

1.In the SecurityExpressions server interface by editing the policy file and then uploading it into a policy.

2.In the SecurityExpressions console application, if using it, by adjusting rule keys in the .SIF file.

The following is the formula the software uses to calculate system scores:

19

Page 26 Page 28
Image 27
Page 26 Page 28
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsSetup Viewing Audit ResultsDatabase Connection Windows 2000 Servers Secure ConnectionClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesSupported Functions Org Unit ScopesDetection Method Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsConfiguring Connection Monitors RemoveEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents