![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
A judgment condition and security level are set for each judgment item. Note that a judgment item can also be excluded from judgment.
- Organization of this subsection
- (1) Security updates setting guide
- (2) Anti-virus product setting guide
- (3) Prohibited software setting guide
- (4) Mandatory software setting guide
- (5) PC security setting guide
- (6) User definition setting guide
(1) Security updates setting guide
This policy judges the application status of Windows security updates (patches and service packs).
There are two kinds of judgment condition:
- Latest security updates
This judges whether or not the latest security update has been applied to the client. If it has not, the security level is set.
Note that specific security updates can be excluded from judgment.
- Specify security updates
This judges whether or not the security update specified by the administrator has been applied to the client. If it has not, the security level is set.
(a) Guide for selecting "latest security update"
Select this judgment condition to keep the Windows security update applied to the client up to date at all times.
When this judgment condition is selected, MBSA or WUA is used to judge whether the security updates applied to the client are up to date.
When as a result of judgment a client is found not to have the latest security update applied, a warning message can be sent to the client, recommending that the security update be applied. Note that security updates that do not need to apply to the client can be excluded from judgment.
(b) Guide for selecting "specified security updates"
Select this judgment condition to manage clients for which specific Windows security updates have not been applied.
When this judgment condition is selected, each client is judged to see whether or not an important security update specified by the administrator has been applied.
When as a result of judgment a client is found not to have the specified security update applied, linkage can be performed to the network control product to exclude the client from the network.
- Reference note
- Automatic updating of judgment policies for security updates
- Patch information for judgment policies relating to security updates can be updated automatically by using the patch information files collected by Job Management Partner 1/Software Distribution.
(2) Anti-virus product setting guide
This policy judges whether or not an anti-virus product is installed, as well as the application status of the engine version and virus definition file version. Whether an anti-virus product is running on the client can also be a judgment condition. A security level can be set for each anti-virus product specified.
When as a result of judgment a client is found not to have the proper anti-virus software, a warning message can be sent to the client recommending that the virus definition file be updated, or that an anti-virus program be run.
- Reference note
- Automatic updating of judgment policies for anti-virus software
- Judgment policies (virus definition file and engine version) for anti-virus products can be updated automatically by linkage with an anti-virus product compatible with automatic judgment policy updating.
(3) Prohibited software setting guide
This policy judges whether or not prohibited software, such as that not used for operations, or that which could cause a security risk, is installed on the client. A security level is set for each instance of prohibited software.
When as a result of judgment a client is found to have prohibited software installed, a warning message can be sent to the client recommending that software be uninstalled.
(4) Mandatory software setting guide
This policy judges whether the mandatory software specified by the administrator is installed on the client. Multiple versions of software are registered as a group, and a security level is set for that group. Note that JP1/Software Distribution Client is set as mandatory software by default.
When as a result of judgment a client is found not to have mandatory software installed, a warning message can be sent to the client recommending that software be installed.
(5) PC security setting guide
This policy judges whether any settings on the client PC may lead to a reduced security level. Settings judged in this policy include account, password, and other settings. A security level is set for each judgment item that matches a judgment condition.
The following table lists the judgment conditions for judgment items in the PC security setting policy.
Table 4-7 Judgment conditions for PC security settings
No. Judgment item Judgment conditions 1 Accounts Guest account settings Select one of the following judgment conditions:
- Guest account exists.
- Guest account exists and is enabled.
2 Passwords Vulnerable password An account with a vulnerable password exists. 3 Password that never expires An account has a password that never expires. 4 Days since the password was updated#1 A password has not been updated within the period specified by the administrator. 5 Logon Automatic logon Automatic logon is enabled. 6 Power-on password Select one of the following judgment conditions:
- Power-on password is not set.
- Power-on password is not set or not installed.
7 Shares Shared folder settings A shared folder is set up on the client. 8 Anonymous connections Restrictions on anonymous connections Anonymous connections are not restricted. 9 Services Status of unnecessary services Unnecessary services are running. 10 Firewall Windows Firewall settings Select one of the following judgment conditions:
- Windows firewall is disabled.
- Windows firewall is disabled or allows exceptions.
11 Automatic updates Windows automatic update settings Automatic update is disabled. 12 Screensaver#1 Screensaver settings No screensaver is set. 13 Password protection Screensaver is not password-protected. 14 Drive encryption Drive encryption by BitLocker Select one of the following judgment conditions:
- The system drive is not encrypted.
- A drive is not encrypted.
- #1
- The administrator sets the number of days within which the password must be updated.
- #2
- Whether the screensaver is password-protected is judged irrespective of the screensaver settings. If password protection is enabled, the screensaver will be judged Safe even if the screensaver settings are disabled.
When as a result of judgment a client is found to match a judgment condition, a warning message can be sent to the client recommending that the setting associated with the judgment item be amended.
(6) User definition setting guide
This policy judges whether a user definition specified by the administrator has been set on the client. A user definition can refer to any item in the asset management database of Asset Information Manager, such as whether the client is running a power-saving CPU or automatic logon is enabled. It can also define security levels for those items.
When the judgment result shows that a user-defined security setting has not been implemented, a warning message can be sent to the client recommending that the setting be implemented.
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated