33
allowed full administrative rights. Multiple users can keep a read-only
session open simultaneously, monitoring the system status without
affecting other administrators or managed hosts in any way.
2.
To enable easy migration to new management keys, it is possible to
re-sign the policy domain structure and policy data with a newly
generated or previously existing key pair. If this is done accidentally,
or intentionally by an unauthorized user, the authorized user will
notice the change when he tries to login to F-Secure Policy Manager
the next time. In the worst case, the authorized user needs to recover
backups in order to remove the possible changes made by the
unauthorized user. In any case, the policy domain structure and
policy data changes will be detected, and there is no way to distribute
the changes to managed hosts without the correct original key pair.
Both of these features may be undesirable in a high security environment
where even seeing the management data should be restricted. The
following measures can be taken to increase the level of system security:
Possible different installation scenarios for high security
environments:
1.
F-Secure Policy Manager Server and F-Secure Policy Manager
Console will be installed in the same machine and access to the
F-Secure Policy Manager Server will be limited only to the localhost.
After this, only the person who has physical access to the localhost
can use the F-Secure Policy Manager Console.
When access to the F-Secure Policy Manager Server is limited only
to the localhost during the installation (see
, 44), F-Secure
Setup modifies the
#FSMSA listen
directive in
httpd.conf
file as
follows:
#FSMSA listen
Listen 127.0.0.1:8080 <- Allow connections only from
localhost to PMC port 8080
Summary of Contents for POLICY MANAGER 7.0 -
Page 1: ...F Secure Policy Manager 7 0 Administrator s Guide...
Page 9: ...9 ABOUT THIS GUIDE Overview 10 How This Guide is Organized 11...
Page 15: ...15 1 INTRODUCTION Overview 16 Installation Order 18 Features 19 Policy Based Management 20...
Page 24: ...24 2 SYSTEM REQUIREMENTS F Secure Policy Manager Server 25 F Secure Policy Manager Console 27...
Page 45: ...45 Click Next to continue...
Page 47: ...47 Step 11 Setup displays the components that will be installed Click Next...
Page 60: ...60 4 COMMDIR MIGRATION Introduction 61 Instructions 61...
Page 81: ...81 After the key pair is generated F Secure Policy Manager Console will start...
Page 216: ...216 B Ilaunchr Error Codes Overview 217 Error Codes 218...
Page 225: ...225 D Remote Installation Support for Windows 98 ME Enabling Remote Administration 226...
Page 228: ...228 E NSC Notation for Netmasks Overview 229...
Page 235: ...235 GLOSSARY...