Internet Security Systems 3.5, Desktop Protector How ICEcap Manager Handles Information

Chapter 2: Using RealSecure Desktop Protector with ICEcap Manager

How ICEcap Manager Handles Information

Introduction To help organize information, ICEcap Manager categorizes agents and the events they

report into accounts and groups . To report an event, a RealSecure agent must be assigned to

a group within an ICEcap account.

Accounts Accounts represent significant divisions or organizational elements within the company.

For example:

●A manufacturing company’s sales division might constitute one account while its

factory operations might constitute another.

●A European corporation might establish one account for its facilities in France and

another for its British operations.

●A financial services company might create one account for its trading floor and a

separate account for its back-office processing operations.

For more information about creating and using accounts, see the RealSecure ICEcap

Manager User Guide.

Groups Groups are logical collections of systems (also known as hosts) organized for modular

reporting and configuration. Each account consists of one or more groups. For example, a

single account might include a group for all the servers on a network and a group for all

the end-user workstations. Each group belongs to only one account. An agent can report

into only one group.

Assigning an agent

to a group

ICEcap Manager is solely responsible for assigning agents to groups. Although agents can

report a group name, ICEcap Manager must authorize th at name and make the

appropriate assignment.

The first time an agent reports an event, ICEcap Manager assigns the agent to a group by

IP address assignment or by group name assignment. For more information about this

authorization process, see the RealSecure ICEcap Manager User Guide.

Changing groups Agents cannot alter their group assignment.You can change the group name on the

ICEcap tab in the BlackICE Settings, but the change takes effect only if ICEcap Manager

authorizes the change. This prevents intruders from reassigning an agent to a group with

less restrictive settings. Consult the RealSecure ICEcap Manager User Guide for more

information about change agent group assignments.

Working wit h VPN

and dial-up users

VPN and dial-up users present unique challenges for managing remote agent software.

●Some VPN users cannot be reliably grouped by IP address because they have

dynamic IP addresses. Desktop Protector may report the remote user’s ISP- assigned

IP address and not the local network address.

●Mobile computers that are connected to the internal network while in the office, but

dial into the network while on the road, can have many different IP addresses.

To handle this situation, it is a good idea to create a group exclusively for dial-up or VPN

users in the appropriate account, using group name precedence. For information on how

to create a remote users’ group, see the RealSecure ICEcap Manager User Guide.