2.9 Managing security

There are various causes of problems related to computer security within an organization. (For example, if no anti-virus product is installed, if file share software is installed, or if the security settings for an OS are not sufficient.) To maintain a safe security status in an organization, you must define security rules for such causes, and have the computer users comply with those rules. Also, you must understand the security status, and take appropriate measures for problems as necessary.

Using JP1/IT Desktop Management 2, you can set security rules within an organization as a security policy, and apply it to each computer. By doing so, problems can be detected and the administrator notified, or automated countermeasures can be enforced.

By using a security policy, you can understand the following security statuses:

• Whether updates are applied

• Whether anti-virus products are applied

• Whether mandatory software programs are installed

• Whether prohibited software programs are installed

• Operating status of services

• Status of the OS settings

You can also configure various other settings regarding security management (for example, restrictions on the use of software programs or devices, or detection of suspicious operations on computers).

Important

An agent for UNIX is subject to the following limitations:

• The Violation Level always becomes (Unknown) because security status judgment based on the security policy is not performed. Also, assessment of other statuses (such as OS patch application and anti-virus products configuration) is not performed.

• Automatic countermeasure enforcement in response to a security-related problem (including automatic distribution of OS patches, anti-virus products, and mandatory software) cannot be performed. Also, e-mail notification cannot be performed.

• Network connection cannot be automatically controlled. The network connection is manually controlled.

• Distribution and application of OS patches or business-use software must be handled using Remote Install Manager.

Note that the number of days passed since the password was changed and the power-on password are notified as system information from an agent for UNIX. If notification is suppressed on the agent, OS patch information is not notified.

Important

An agent for Mac is subject to the following limitations:

• Automatic countermeasure enforcement in response to a security-related problem (including automatic distribution of OS patches, anti-virus products, and mandatory software) cannot be performed. Also, e-mail notification cannot be performed.

• Network connections can be automatically enabled or disabled based on a security status judgment.

• Distribution and application of OS patches or business-use software must be handled using Remote Install Manager.

Organization of this section

• 2.9.1 Managing security status

• 2.9.2 Devices available for security management

• 2.9.3 Judging security status

• 2.9.4 Managing a security policy

• 2.9.5 Restricting prohibited operations

• 2.9.6 Managing Windows updates

To Page Top