![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
After considering which security level to apply to each judgment item, give consideration to which action to implement for each security level.
- Organization of this subsection
- (1) Which action to implement
- (2) How to implement the action
- (3) When to implement the action
- (4) Example action settings
(1) Which action to implement
In the action policy, set which action to implement for each of the security levels Danger, Warning, Caution, and Safe.
The actions that can be set for each security level are as follows:
- Notify the administrator by email
- Send a message to the client
- Control (permit or deny) client connections to the network
- Implement a user-defined action (user-specific command set by the administrator)
The actions in the action policy are implemented automatically according to the security level judgment based on the judgment policy.
After an automated action is implemented by the action policy, an administrator can manually implement another action for any clients that fail to take appropriate measures. Use the Client Security Management window of AIM to perform an action manually on a specific client.
(2) How to implement the action
Consider which of the following two methods for implementing actions is more beneficial:
- Implementing an action immediately following judgment of the security level
This method automatically implements the action as soon as the security levels are judged for each of the groups specified by the administrator. For client security control systems, this method is set by default.
- Judging the security level and implementing actions separately
In this method, at some time after security levels have been judged, the action command (cscaction) is executed to implement the actions. This method is useful when the security levels of many clients are judged and time is needed to complete the judgments and implement the actions, or when you want to create a report on the judgment results before implementing any actions.
To implement actions at a separate time from the judgment of security level, you must specify that implementation of an action immediately after judging the security level be skipped. To do so, in the Basic Settings page of the Client Security Control - Manager Setup dialog box, specify Skip for Action execution. For details about the Client Security Control - Manager Setup dialog box, see 5.4.3 Setting up JP1/CSC - Manager.
For details about the action command (cscaction), see cscaction (implements actions for a specified client) in 15. Commands.
The following figure shows an example of implementing actions when the judgment of security levels and the implementation of actions are performed section by section.
Figure 4-6 Example of implementing actions
(3) When to implement the action
The implementation conditions you can set depend on the security level.
(a) Implementation conditions for security levels Danger, Warning and Caution
In the action policies for the security levels Danger, Warning, and Caution, you can use the number of consecutive days or times the client has remained at the same security level as a condition for implementing an action.
n Number of consecutive days and times
An action policy can execute an action when the security level is judged to be the same for a specified number of days or times.
The following figure shows an example with no action execution conditions set for the security level Caution, and an example when three or more consecutive times is used as an action execution condition.
Figure 4-7 Examples of action execution conditions
When no action execution condition is specified, the action is implemented as soon as the security level is judged Caution. On the other hand, when three or more consecutive times is specified as an action execution condition, the action is implemented after the security level is judged as Caution three consecutive times.
When you specify three or more as the number of consecutive days, the action is implemented even if the security level has been judged the same only two consecutive times, provided that there are at least three days between the dates of the two judgments.
You can specify a number of consecutive days and times for each security level in the Edit Action Policy window. For example, suppose you specify the following action policy for the Warning security level: send a notification message to the client (no consecutive days or times specified); send a notification email to the administrator after two or more consecutive times; and deny network connections after three or more consecutive times. In this case, after the first time the security level is judged Warning, a message will be sent to the client. After the second time, a message is sent to the client and an email is sent to the administrator. After the third time, a message is sent to the client, an email is sent to the administrator, and the client network connections are denied.
You can also set both a number of consecutive days and a number of consecutive times for the same action. For example, if you specify that network connections be denied after the security level is judged Warning for three or more consecutive days or five or more consecutive times, the action is implemented as soon as either condition is met.
n Method for counting the number of consecutive days and times
When you specify a number of consecutive days or times, you can also specify which of the following counting methods to use:
- Increase the count when the security level is the same
The count is increased when the security level is the same as the previous judgment, and cleared when it is different.
- Increase the count when the security level is the same or higher
The count is increased when the security level is the same or higher than the previous judgment, and cleared when it is lower. It is also cleared when the security level is judged not to be Danger, Warning, or Caution.
The following figure shows an example of each counting method.
Figure 4-8 Examples of counting security levels
You can set the counting method in the Basic Settings page of the Client Security Control - Manager Setup dialog box. For details about the Client Security Control - Manager Setup dialog box, see 5.4.3 Setting up JP1/CSC - Manager.
- Note
- If you choose to increase the count when the security level is the same or higher, depending on your settings the action may not be implemented when intended.
- The following table shows an example of action execution when the conditions are six or more consecutive times for Danger, four or more consecutive times for Warning, and two or more consecutive times for Caution.
Judgment result No. of consecutive times Action execution Caution 1 Not implemented. Warning 2 Not implemented.
A higher security level than the previous level is judged, and the count is increased to two for the security level Warning.
Because the action execution condition for Warning (four or more consecutive times) has not been met, the action is not implemented.Warning 3 Not implemented. Caution 1 Not implemented.
Because the judgment result indicates a lower security level than the previous level, the count is cleared and restarted from 1.Warning 2 Not implemented. Warning 3 Not implemented. Warning 4 The action for Warning is implemented. Caution 1 Not implemented. Warning 2 Not implemented. Warning 3 Not implemented. Danger 4 Not implemented.
A higher security level than the previous level is judged, and the count is increased to four for the security level Danger.
Because the action execution condition for Danger (six or more consecutive times) has not been met, the action is not implemented.Danger 5 Not implemented. Danger 6 The action for Danger is implemented. - If you choose to increase the count when the security level is the same or higher, you must set the same number of consecutive days or times as the action execution condition for each security level.
(b) Execution condition for Safe
You can set up the action policy for Safe in such a way that an action is implemented when the security level changes.
The following figure shows an example where no action execution condition is set, and an example where the action policy implements an action in response to a change in the security level.
Figure 4-9 Examples of action execution conditions
When no action execution condition is specified, the action is implemented as soon as the security level is judged Safe. The action is also implemented when the security level is judged Safe, and then judged Safe again at the next judgment.
If you specify that the action be implemented when the security level changes, the security level is compared with the previous judgment result, and the action is implemented if the security level is found to have changed. Therefore, if the security level is judged Safe, and is then judged Safe again at the next judgment, no action is implemented. The action is implemented only when the security level changes to Safe from another security level.
(4) Example action settings
The following table lists example action policies, and examples of actions implemented by an administrator after an automated action is implemented by the action policy.
Table 4-8 Example action settings
No. Security level Example action policy setting Automated action and response 1 Danger Deny network connections. Network connections are denied to clients with Danger security level.
The administrator implements security measures for those clients denied access to the network. When a client is subsequently judged Safe, its network connections are restored.2 Warning
- Send a message to the client user.
- Notify the administrator by email (action execution condition: two or more consecutive times).
- Deny network connections (action execution condition: three or more consecutive times).
A message is sent to clients with Warning security level. When the client's security level is Warning in two consecutive judgments, an email is sent to the administrator. After the third consecutive judgment, the client network connections are denied.
The administrator implements security measures for those clients denied access to the network. When a client is subsequently judged Safe, its network connections are restored.3 Caution
- Notify the administrator by email
- Send a message to the user.
A message is sent to clients with Caution security level. An email is also sent to the administrator.
The administrator implements security measures for those clients with Caution security level.4 Safe Network connections are permitted. No measures are necessary.
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated
![[Figure]](FIGURE/ZU040370.GIF)
![[Figure]](FIGURE/ZU040320.GIF)
![[Figure]](FIGURE/ZU040330.GIF)
![[Figure]](FIGURE/ZU040360.GIF)