Symantec Security Expressions Server manual Configuring Connection Monitors, Remove

Page 53

Audit-On-Connect

Specify and confirm a password. SecurityExpressions Audit & Compliance Server generates an encrypted password that you must add the to the configuration files for each of the Connection Monitors. Include the encrypted password in the [Options] section of the configuration file with the Password option.

Settings for DHCP Plug-In or DHCP Network Monitor Connection Monitors

When a connection event is detected by either of the DHCP connection monitors, the system may not yet be booted fully to a state that allows an audit to occur. In order to ensure that a system is audited properly when detected by a DHCP connection monitor, you can configure the system here to retry any failed connections. These settings control how many seconds will pass between retries and the number of times a connection will be retried before attempting to audit the system.

Configuring Connection Monitors

Most of the configuration work is in editing the configuration file (dmconfig.txt). The settings described here are only part of the process.

List the IP address or fully-qualified name of the computer hosting a Connection Monitor.

To add a Connection Monitor device to the list, type the IP address or fully-qualified device name and click Add New.

To remove a device from the list, select the IP address or fully-qualified device name and click

Remove.

Once you set the settings on this page, you must enable the connection monitor.

Enabling Connection Monitors

To fully enable a Connection Monitor, you must set complete computer and credential settings:

IP address or fully-qualified computer name - To enable a Connection Monitor you must add the IP address or fully-qualified computer name of the devices with installed Connection Monitors.

Password and encrypted password - When you create and verify a password, an encrypted password appears. You must add the encrypted password for each monitor to the configuration file named dmconfig.txt, which resides in the same directory as the Connection Monitor.

Settings for DHCP Plug-In or DHCP Network Connection Monitors - When a connection event is detected by either of the DHCP connection monitors, the system may not yet be booted fully to a state that allows an audit to occur. In order to ensure that a system is audited properly when detected by a DHCP connection monitor, you can configure the system here to retry any failed connections. These settings control how many seconds will pass between retries and the number of times a connection will be retried before attempting to audit the system.

Include the encrypted password in the Options section of the configuration file. For example,

[Options]

Port = 9009

45

Page 52 Page 54
Image 53
Page 52 Page 54
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents