Computer Configuration.
Security Thresholds and
Responses
To configure Network Enforcer's security thresholds for each computer
select a computer (or computers) from the list, and click on "Configure
Computer" then "Configure Threshold Levels and Responses". In the threshold
configuration window you will be able to set a threshold for each filter
security level (low, medium, and high), and specify how the Network Enforcer
client on the selected computer will respond.
For instance: If you have the LOW Security threshold set to 10 it will take
10 filter violations before the Network Enforcer client will do any of the
specified responses/actions you have enabled (i.e.: alert the user, or email the
administrator, or shut the computer down).
Security thresholds make it possible for you to NOT be alerted every time
something unwanted happens, but if it happens often enough THEN you are alerted.
On the other hand, you can set the thresholds (say a HIGH Security threshold of
1) so that you are alerted right away when a behavior occurs, allowing you to
react instantly (or have Network Enforcer lock the computer, shut it down, etc.
right when it happens).
Behavior/Activity Filters
The behavior/activity filters make up the core of the Network Enforcer software.
Network Enforcer allows you to add filters for the following behavior
categories:
- Application Usage - watches for unauthorized applications
from being ran
- Website Visits - watches for unauthorized website visits
- File System Activity - watches for unauthorized file system
usage (deletions, opens, creations, modifications, etc.)
- Email Activity - watches for unauthorized email activity
(specific file attachments, recipients, subjects, senders, domains, etc.)
- Keystrokes Typed - watches for unauthorized keystroke
combinations/phrases (such as passwords, company names, phone numbers, etc.)
- Windows Used - watches for unauthorized windows interacted
with
- Internet Connections Established - watches for unauthorized
internet connections (connections on specific ports, to certain hosts, etc.)
Each filter you add has a security level - low, medium, or high. Less
critical behaviors should be classified as low security, whereas network
critical behaviors (such as a user accessing a top secret file, or router
website control panel) should be given a high security classification.
To add a filter simply click on "Configure Computer" (after selecting a
computer/computers), and then "Configure Activity Filters". In the activity
filter window enable what behaviors you want watched (i.e.: Application Usage,
Website Visits, etc.) and then click "Add Filter" to add a filter. Choose the
filter you want to add from the popup menu and follow the directions given for
each filter type you choose.
For instance: If you do not want a user running solitiare.exe, you would
click on "Add an Application Filter..." then enter "solitaire.exe" as the
application to trigger the filter. Finally, specify a security level for the
filter. If the user runs solitaire enough times to trigger the appropriate
security threshold it is classified under Network Enforcer will respond as
configured in your threshold settings for that computer.
Activity Blocking
Network Enforcer can block specific behaviors, as well. Network Enforcer can
restrict specific websites, applications, and windows from being opened. To
configure blocking, click on the "Blocking" button in the Activity Filters
configuration window. Here you will be able to tell Network Enforcer to close
applications, websites, and windows based on their security level.
For instance, if you do not want to block a low or medium level website from
being visited, but do not want a high security website to be viewed, you would
enable the "Close HIGH Security Websites Visited".
Network Enforcer can restrict many popular chat clients from being executed
as well. To enable chat filtering click on "Chat Filters" in the Activity
Filters configuration window, then check off what chat clients you do not want
to be used on your network. You can assign a security level to chat client
filtering so they count towards the security thresholds if they are executed.
Synchronizing Settings
Once you configure settings for a computer you will need to synchronize them
with the client. Basically, this just tells the remote client on the computer
selected to update its settings based on what you have configured for that
computer. Whenever you make changes you will be automatically prompted to resync,
but you can manually resync settings at anytime by using the synchronization
commands under the "Configure Computer" menu.
If you need to configure ALL settings choose "Synchronize Settings". If you
need to just resync the activity filters, choose "Synchronize Activity Filters".
Importing and Exporting Settings
Network Enforcer allows you to quickly and easily transfer settings between
computers. Once you have a filter-set you are happy with, you can click on the
"Export" menu item under "Configure Computer" and export the activity filters,
threshold settings, or all settings. Once exported the settings can then be
imported to other computers by selecting those computers and clicking on an
"Import" menu item under the "Configure Computer" menu. These settings will be
transferred immediately and you will then be prompted to sync the settings with
the Network Enforcer clients. This allows you to configure multiple computers in
mere seconds once you have an initial computer's settings and filters
configured.
Login Settings
An administrative login is required for each computer you want to perform remote
client installation on. If you need to change login settings you can do so by
clicking on "Configure Computer" then "Configure Computer Login Settings". The
login settings are not required if you plan on physically installing the client
on each computer. |
