Manuals / Symantec / Computer Equipment / Server

Symantec Security Expressions Server manual About Policy Files, How System Scores are Calculated

Models: Security Expressions Server

1 97
Download 97 pages 26.04 Kb
Page 27
Image 27

Configure Servers

To check for frequent policy file updates, you may choose to Check for policy file updates during a specific time period (days, minutes, hours). If updates exist, they will be downloaded for the SecurityExpressions Audit & Compliance Server to use.

Check Now updates the policy files immediately.

3.Click Update to store the policy file library configuration. The settings are stored but can be modified.

About Policy Files

Security policies lay a solid foundation for the development and implementation of secure practices within an organization. In SecurityExpressions, policy files contain the rules to which an organization must adhere for their system security configuration. Compliance with policies requires an understanding by staff of not only the individual policies but also of the circumstances in which such compliance is expected in their daily activities. Policy files have a

.SIF extension.

A high-level security policy may outline specific requirements or rules that must be met, such as the rules and regulations for appropriate use of the computing facilities. A technical standard or configuration guideline is typically a collection of system-specific or procedural-specific requirements that everyone must meet. For example, you might have a standard that describes how to harden a Windows workstation for placement on an external network (DMZ). Administrators must follow this standard exactly if they wish to install a Windows 2003 workstation on an external network segment.

The Security Policy File Library provides pre-defined and customizable system security policy files and security guidelines from well-known sources, such as Microsoft, SANS, NSA, NIST, CIS, as well as policy files including Microsoft Patches, user settings, and Solaris patch management. You can select a policy file to use or modify for your audits.

How System Scores are Calculated

The score a system gets from an audit is calculated using the properties of rules checked against the system during the audit. The properties used are:

Rule Result - Each rule returns a result of OK, Not OK, Error, or Info during an audit. Rules that return Info or Error are not included in the calculation.

Weight Values - Each rule is assigned a weight value from one of the three rule keys, in this order: Weight, Impact, or Priority. The Weight key is not a key that each rule automatically has; it must be created by a user.

If a Weight key exists for a rule and has a value, it always becomes the rule's weight value. If there is no Weight key, the rule gets its weight from the Impact key. If neither key has a value, then the rule gets its weight from the Priority key. If none of these keys have a value, the rule

gets a weight value of 1.0.

You can customize the values of rules in one of two places:

1.In the SecurityExpressions server interface by editing the policy file and then uploading it into a policy.

2.In the SecurityExpressions console application, if using it, by adjusting rule keys in the .SIF file.

The following is the formula the software uses to calculate system scores:

19

Page 26 Page 28
Page 27
Image 27
Symantec Security Expressions Server manual About Policy Files, How System Scores are Calculated
Page 26 Page 28