Endpoint Admission Defense Help >> Operation Guide >> Security Level Management >>Add/Modify Security Level

Add/Modify Security Level

This function helps you add/modify the security level.

Operation Procedure

1. Enter the Security Level Management page.
   Approach 1: Select the User tab, click User Security Policy and then click Security Level Configuration.
   Approach 2: Select the User tab, and then in the navigation tree click User Security Policy/Security Level.
2. Click Add or click the icon corresponding to the security level.
3. Type the basic information, and select the security mode for each sub-item.
4. Click OK.

Parameters

• Action After: You can specify the parameter only when the highest security level is set to Isolate , Kick Out or Block and Kick Out. The value ranges from 0 to 100. When this value is not 0 or null, the system prompts the user to settle the potential security defect within a period specified by the threshold if the user fails the authentication. If the defect is not settled with the specified time range, the system isolates or kicks out the user. The user can access the Internet within the threshold. When this value is 0 or null, the user is isolated of kicked out immediately if the authentication fails.
• Traffic Monitoring: Specifies the actions to be taken when the host traffic is policy-incompliant. The thresholds include IP traffic thresholds, broadcast packets thresholds, thresholds of packets passing the NIC used for authentication, TCP/UDP connections thresholds.
• Check Anti-Virus Software: Specifies the actions to be taken in response to anti-virus software check failures. The failures fall into these categories: anti-virus software not installed, anti-virus client runtime error, old anti-virus software/engine version, and old virus definition version. An anti-virus client runtime error occurs when the anti-virus client software is installed but not running.
• Check Anti-Spyware Software: Specifies the actions to be taken in response to anti-spyware software check failures. The failures fall into these categories: anti-spyware software not installed, anti-spyware client runtime error, old anti-spyware software/engine version, and old anti-spyware data version. An anti-spyware client runtime error occurs when the anti-spyware client software is installed but not running.
• Check Firewall Software: Specifies the actions to be taken in response to firewall software check failures. The failures fall into two categories: firewall software not installed and firewall client runtime error. A firewall client runtime error occurs when the firewall client software is installed but not running.
• Check Anti-Phishing Software: Specifies the actions to be taken in response to anti-phishing software check failures. The failures fall into two categories: anti-phishing software not installed and anti-phishing client runtime error. An anti-phishing client runtime error occurs when the anti-phishing client software is installed but not running.
• Check Hard Disk Encryption Software: Specifies the actions to be taken in response to hard disk encryption software check failures. A hard disk encryption software check failure occurs when the hard disk encryption software is missing.
• Check PC Software: Specifies the actions to be taken in response to PC software Group check failures. You can specify an action for all the PC software groups, or specify an action for each kind of application group.
• Check Patch Management Software: Specifies the actions to be taken in response to patch management software check failures. A patch management software check failure occurs when the patch management software is not instaslled or not running.
• Check Windows Patches: Specifies the actions to be taken in response to patch checking failures. The failures fall into three categories:
  1) WSUS/SMS server collaboration failure: User host cannot communicate with the Microsoft patch server.
  2) Auto-Installation failure: After the patches are downloaded from the Microsoft server, they cannot be installed automatically.
  3) Specified patches check failures: After you specify the patches to be checked, INC will detect whether the specified patches are installed, if not, take actions according to the severity level of the uninstalled patches.
• Check Registry: Specifies the actions to be taken when the registry is incompliant with the policy. You can specify an action for all the registry monitor policies, or specify an action for each policy.
• Check Share Control: Specifies the actions to be taken when the share directory is incompliant with the policy. You can specify an action for all the share monitor policies, or specify an action for each policy.
• Check Asset Registration Status: Specifies the action to be taken when an asset is found unregistered. Asset registration status check is implemented in conjunction with the INC DAM module.
• Check Windows System Settings: Configure the security mode for each Windows system check item. The Windows system check items include whether Windows system restore is enabled, whether data execution prevention is enabled, and whether the guest account is disabled.
• Password Control: Specifies the action to be taken when the password of the operating system is not policy-compliant.
• Check MDM Collaboration Policy Configuration:Specifies the network action and device action to be taken when the MDM collaboration configuration does not pass the security check. Network action includes No Action, Isolate, and Kick Out. Device action includes No Action, Lock, Wipe Corporation Data, and Wipe Data. The option is displayed only when the MDM collaboration configuration is enabled and the check items vary with MDM vendors.
• Block and Kick Out: The system blocks and kicks out noncompliant users, and generates security logs for violations.
• Kick Out: When the security check fails, the system kicks out the user and records the result in security logs.
• Isolate: When the security check fails, the system isolates the user, performs informing/remediation, and records the result in security logs.
• Inform: When the security check fails, the system performs informing/remediation and records the result in security logs.
• Monitor: When the security check fails, the system records the result in security logs only without isolating or informing the user.
• Lock: When the MDM check fails, the system locks the smart device and records the result in MDM security logs.
• Wipe Corporation Data: When the MDM check fails, the system wipes the corporation data from the smart device and records the result in MDM security logs.
• Wipe Data: When the MDM check fails, the factory default settings are restored on the smart device, and the system records the result in MDM security logs.

Precautions

• The security level name is not editable.
• Action After is configurable only when at least one Isolate , Kick Out or Block and Kick Out action is set under any areas other than Traffic Monitoring and Check Operating System Password.
• For consistency of data in the policy server cache and the database, a packet is sent to the policy server after you modify a security level being used by a security policy. In case the packet sending packet fails, you are prompted in the modification success page. However your modification is still saved to the database.
• When modifying a security level, you are not allowed to modify the service group to which the security level belongs.
• Action After takes effect only in user authentication.