Policy-based management
A security policy is a set of well-defined rules that regulate how sensitive information and other resources are
managed, protected, and distributed.
The management architecture of F-Secure software uses policies that are centrally configured by the
administrator for optimum control of security in a corporate environment. Policy-based management implements
many functions:
•
Remotely controlling and monitoring the behavior of the products.
•
Monitoring statistics provided by the products and the Management Agent.
•
Remotely starting predefined operations.
•
Transmission of alerts and notifications from the products to the system administrator.
The information flow between Policy Manager Console and the hosts is accomplished by transferring policy
files. There are three kinds of policy files:
•
Default policy files
(
.dpf
)
•
Base policy files
(
.bpf
)
•
Incremental policy files
(
.ipf
)
The current settings of a product consist of all three policy file types:
The default policy file contains the default values (the factory settings) for a single
product that are installed by the setup. Default policies are used only on the host. If
Default policy
files
neither the base policy file nor the incremental policy file contains an entry for a variable,
then the value is taken from the default policy file. New product versions get new versions
of the default policy file.
Base policy files contain the administrative settings and restrictions for all the variables
for all F-Secure products on a specific host (with domain level policies, a group of hosts
Base policy files
may share the same file). A base policy file is signed by Policy Manager Console,
protecting the file against changes while it is passing through the network and while it
is stored in the host’s file system. These files are sent from Policy Manager Console to
Policy Manager Server. The host periodically polls for new policies created by Policy
Manager Console.
Incremental policy files are used to store local changes to the base policy. Only changes
that fall within the limits specified in the base policy are allowed. The incremental policy
Incremental
policy files
files are then periodically sent to Policy Manager Console so that current settings and
statistics can be viewed by the administrator.
Management Information Base
The
Management Information Base
(
MIB
) is a hierarchical management data structure used in the
Simple
Network Management Protocol
(
SNMP
).
In Policy Manager, the MIB structure is used for defining the contents of the policy files. Each variable has
an
Object Identifier
(
OID
) and a value that can be accessed using the
Policy API
. In addition to basic SNMP
MIB definitions, the F-Secure MIB concept includes many extensions that are needed for complete policy-based
management.
The following categories are defined in a product’s MIB:
Used to manage the workstation in the manner of an SNMP. The managed
products must operate within the limits specified here.
Settings
Delivers product statistics to Policy Manager Console.
Statistics
F-Secure Policy Manager | Introduction |
13
Содержание POLICY MANAGER 9.0
Страница 1: ...F Secure Policy Manager Administrator s Guide ...
Страница 2: ......
Страница 6: ...6 F Secure Policy Manager TOC ...
Страница 28: ......
Страница 66: ......
Страница 90: ......
Страница 94: ......
Страница 98: ......
Страница 102: ......