Audit-On-Connect

Specify and confirm a password. SecurityExpressions Audit & Compliance Server generates an encrypted password that you must add the to the configuration files for each of the Connection Monitors. Include the encrypted password in the [Options] section of the configuration file with the Password option.

Settings for DHCP Plug-In or DHCP Network Monitor Connection Monitors

When a connection event is detected by either of the DHCP connection monitors, the system may not yet be booted fully to a state that allows an audit to occur. In order to ensure that a system is audited properly when detected by a DHCP connection monitor, you can configure the system here to retry any failed connections. These settings control how many seconds will pass between retries and the number of times a connection will be retried before attempting to audit the system.

Configuring Connection Monitors

Most of the configuration work is in editing the configuration file (dmconfig.txt). The settings described here are only part of the process.

List the IP address or fully-qualified name of the computer hosting a Connection Monitor.

To add a Connection Monitor device to the list, type the IP address or fully-qualified device name and click Add New.

To remove a device from the list, select the IP address or fully-qualified device name and click

Remove.

Once you set the settings on this page, you must enable the connection monitor.

Enabling Connection Monitors

To fully enable a Connection Monitor, you must set complete computer and credential settings:

IP address or fully-qualified computer name - To enable a Connection Monitor you must add the IP address or fully-qualified computer name of the devices with installed Connection Monitors.

Password and encrypted password - When you create and verify a password, an encrypted password appears. You must add the encrypted password for each monitor to the configuration file named dmconfig.txt, which resides in the same directory as the Connection Monitor.

Settings for DHCP Plug-In or DHCP Network Connection Monitors - When a connection event is detected by either of the DHCP connection monitors, the system may not yet be booted fully to a state that allows an audit to occur. In order to ensure that a system is audited properly when detected by a DHCP connection monitor, you can configure the system here to retry any failed connections. These settings control how many seconds will pass between retries and the number of times a connection will be retried before attempting to audit the system.

Include the encrypted password in the Options section of the configuration file. For example,

[Options]

Port = 9009

45

Page 53
Image 53
Symantec Security Expressions Server manual Configuring Connection Monitors, Remove, Enabling Connection Monitors