St. Bernard Software, Inc. Protecting Your Network Investment
Modifying the SecurityEXPERT Policy
We now want to modify the policy for enforcement. Go to SecurityEXPERT > Create/Manage Policies, select your policy, and click “View/Edit Policy.”
Modify your security points, setting Status: to “Stopped” and checking the Enforcement
Options: “Enforce Startup Type” and “Enforce Status.” See the screen shot below.
When enforcement is performed, the FTP and Telnet services will be stopped and disabled on the target machine. Because neither one of these services prevents remote access by UpdateEXPERT/SecurityEXPERT you will still be able to patch the machine and work with settings.
Note that you could have set enforcement options on the initial policy creation, avoiding this step. However, it is useful to modify an existing policy for learning purposes.
Also note that many expert recommended security points include enforcement options pre selected. Recommended permissions for running a service or securing a file are often part of a security point, and are enforced when Enforce Permissions is checked.
Enforcing the SecurityEXPERT Policy
To enforce the policy, go to “SecurityEXPERT > Enforce Policies ...” and click Enforce. This will display the following dialogue box:
June 19th, 2006 | UpdateEXPERT Premium v7.01 Evaluation Guide | 33 |