St. Bernard Software, Inc. ­ Protecting Your Network Investment

Modifying the SecurityEXPERT Policy

We now want to modify the policy for enforcement. Go to SecurityEXPERT > Create/Manage Policies, select your policy, and click “View/Edit Policy.”

Modify your security points, setting Status: to “Stopped” and checking the Enforcement

Options: Enforce Startup Type” and “Enforce Status.” See the screen shot below.

When enforcement is performed, the FTP and Telnet services will be stopped and disabled on the target machine. Because neither one of these services prevents remote access by UpdateEXPERT/SecurityEXPERT you will still be able to patch the machine and work with settings.

Note that you could have set enforcement options on the initial policy creation, avoiding this step. However, it is useful to modify an existing policy for learning purposes.

Also note that many expert recommended security points include enforcement options pre­ selected. Recommended permissions for running a service or securing a file are often part of a security point, and are enforced when Enforce Permissions is checked.

Enforcing the SecurityEXPERT Policy

To enforce the policy, go to “SecurityEXPERT > Enforce Policies ...” and click Enforce. This will display the following dialogue box:

June 19th, 2006

UpdateEXPERT Premium v7.01 Evaluation Guide

33

Page 34 Page 36
Page 35
Image 35
St. Bernard Software v7.01 manual Modifying the SecurityEXPERT Policy, Enforcing the SecurityEXPERT Policy
Page 34 Page 36
Top Page Image Contents