2.9.1 Managing security status
The following figure shows how the security status of a computer is managed.
![[Figure]](GRAPHICS/ZU070010.GIF)
First, define a security policy according to the security rules of an organization. JP1/IT Desktop Management 2 automatically assigns the default policy to managed computers. Therefore, you can judge the security status based on the default policy even if a new security policy has not yet been created. A recommended security policy (in which recommended security settings are defined) is also provided. For details about the default policy and the recommended security policy, see (3) Security policies provided by the product.
If you want to judge the security status based on a security policy other than the default policy, you need to add a security policy and assign it to the managed computers. After a security policy is assigned to a computer, the management server judges the security status of the computer based on the collected device information and the security policy. Also, prohibited operations are restricted and operation logs are collected on the managed computer. If automated countermeasures (Auto Enforce) are set, the countermeasures are enforced when the security policy is violated. For details about how to judge the security status, see 2.9.3 Judging security status. For details about how to restrict prohibited operations, see 2.9.5 Restricting prohibited operations.
The results of the security status judgment and the restriction of prohibited operations are notified to the management server, and the security status of the computer is displayed. The administrator must check the security status and take appropriate actions for solving problems. If automatic notification of messages is set in a security policy, messages are automatically sent to the managed computers according to the judgement results.
Operation logs are collected on the managed computers. Suspicious operations, judged based on the collected operation logs, are detected based on the security policy settings. The administrator can track suspicious operations through the operation logs, and check for information leakage. For details about tracking detected suspicious operations using operation logs, see 2.10.3 Investigating suspicious movements of files from systems using operation logs.
- Important
-
When the security settings for computers within an organization are defined by a group policy for Active Directory, the settings take precedence over the security settings defined by a security policy for JP1/IT Desktop Management 2 even if automated countermeasures are set for the latter security settings.
- Important
-
When you manage the security status of a virtual computer, install an agent on the virtual computer, as well as on the virtualization server.
Related Topics: