Endpoint Admission Defense Help >> Operation Guide >> Security Policy Management

Security Policy Management

The key to EAD security authentication is to configure and deploy security policies for different types of users. A security policy includes these parts: basic information, isolation mode, URL control, anti-virus software control, anti-spyware software control, firewall software control, anti-phishing software control, hard disk encryption software control, PC software control group, Windows patch control, patching software control, registry control, share control, asset registration status check, Windows System Settings, regular check, and MDM Collaboration Policy. Security policies control user security authentication. You can deploy security policies by binding them with services. After an access user is granted access to a service that contains a security policy, the user terminal is under the protection of the EAD security defense system defined by the security policy. A security policy includes the following information:

• Basic Information: Includes security policy name, security level, monitoring in real time, and check passed message. Each security policy has a security level that specifies the measures to be taken in case of abnormality during security check or Real-Time monitoring.
• Isolation Mode: Includes three modes, Deploy ACLs to Access Device, Deploy ACLs to iNode Client, Deploy VLANs to Access Device, and Deploy User Groups to Access Device. One security policy can have only one isolation mode.
• URL Control: Configures the user to access only the specified URLs, and prevents users from modifying the URL-to-IP mappings. For how to configure a URL control policy, see URL Control Policy.
• Anti-Virus Software Control: Specifies whether to check the PC anti-virus software of a user terminal according to the requirements configured in the terminal security software control part.
• Anti-Spyware Software Control: Specifies whether to check the PC anti-spyware software of a user terminal according to the requirements configured in the terminal security software control part.
• Firewall Software Control: Specifies whether to check the firewall software of a user terminal according to the requirements configured in the terminal security software control part.
• Anti-Phishing Software Control: Specifies whether to check the anti-phishing software of a user terminal according to the requirements configured in the terminal security software control part.
• Hard Disk Encryption Software Control: Specifies whether to check the hard disk encryption software of a user terminal according to the requirements configured in the terminal security software control part.
• Software Control Group: Specifies whether to check software control group groups and which software control group groups are to be checked.
• patching software Control: Specifies whether to check the patching software of a user terminal.
• Windows Patch Control: Specifies whether to check Windows patches and which Windows patches are to be checked.
• Registry Control: Specifies whether to check the registry and which registry monitoring policies are to be used for checking.
• Share Control: Specifies whether to check terminal sharing and which share monitoring policy is to be used for checking.
• Asset Registration Status Check: Specifies whether to check the registration status of assets. The option is available only if the INC DAM component is installed.
• Windows System Settings Check: Checks whether Windows system restore is enabled, whether data execution prevention is enabled, and whether the guest account is disabled.
• Periodic Check: Specifies the items to be checked periodically for an online user.
• Windows Firewall Policy: Specify whether or not to deploy the firewall policy to endpoints.
• MDM Collaboration Policy: Specifies whether to check the MDM collaboration and which MDM collaboration policy is to be used for checking. The option is available only when the vendor configuration is enabled.

Functions

• Add/Modify Security Policy
• Delete Security Policy

Parameters

• Security Level:Security levels are sets of actions performed on a host in response to security events.
• Configure Isolation Mode: The isolation mode can be Deploy ACLs to Access Device, Deploy ACLs to iNode Client, Deploy VLANs to Access Device, or Deploy User Groups to Access Device. If none of the isolation modes is selected, the security policy list displays Not Deploy in the Isolation Mode column.
• Security ACL: Controls the access range of a user passing the security authentication.
• Isolation ACL: Controls the access range of a user failing the security authentication.
• Isolation VLAN: The VLAN used by a user failing the security authentication.
• Security VLAN: The VLAN used by a user passing the security authentication.
• Security User Group:User group for users who have passed the security check.
• Isolation User Group:User group for users who failed the security check.
• Service Group: Specifies the service group to which the current security policy belongs. Authorized operators can add a security policy to their associated service groups.

Related Topics

• Service Configuration Management
• Security Level Management
• Endpoint Access Control
• Traffic Control
• PC Security Software Policy
• PC Software Control Group
• Windows Patches
• Patching Software
• Registry Control Management
• Share Control
• MDM Collaboration Policy
• Password Control
• Security Log
• MDM Security Log