1.7.2 Taking measures against a security policy violation
In JP1/IT Desktop Management 2, you can specify various settings to prepare for the occurrence of security policy violations. You can set the configuration in such a way as to automatically take measures against a security policy violation and automatically report the occurrence of a security policy violation by email.
In addition, JP1/IT Desktop Management 2 is provided with functions for taking measures against a security policy violation after its occurrence. The functions include forcibly changing the settings of a computer that has violated a security policy and automatically sending the user of that computer a request message to take necessary measures.
By using these functions, you can smoothly take necessary measures when a security policy violation occurs.
- Important
-
The following notes apply to agents for UNIX or Mac:
For agents for UNIX
-
Because security status determination is not provided,
![[Figure]](GRAPHICS/ZU990046.GIF)
(Unknown) is always displayed as the violation level.
-
Neither automatic correction of security problems (automatic distribution of OS patches) nor email security notification is provided.
-
Automatic control of enabling or disabling network access is not provided. You need to enable or disable network access on demand.
For agents for Mac OS
-
Security status determination is provided for items listed below. For excluded items, Out of Target is displayed as the violation level.
-
Windows Update (Automatic Update)
-
Software use
-
OS Security (Guest Account, Days Since Last Password Change, Auto Logon, Firewall, and Password (Screen Saver))
-
User-Defined Security Settings
-
-
Neither automatic correction of security problems (automatic distribution of OS patches) nor email security notification is provided.
-
To distribute or apply OS patches, you must use distribution with Remote Installation Manager.
-
- Organization of this subsection
(1) Recognizing a security policy violation through email
You (administrator) can set the configuration in such a way that if a security policy violation is found by the determination result of the security status, you are automatically informed of the violation by email. By specifying this mail notification setting, you can recognize in a timely manner that there is a problem with the security status and take action quickly.
If a security policy violation occurs, an event of the type security control is generated. Set the configuration in such a way that an email is automatically sent when this event is generated. Based on the sent email, check the security status and take necessary measures against a security policy violation.
- 1. Set mail notification.
-
Set the event that triggers mail notification and the mail destination in the Event Notifications view, which is displayed by selecting Events in the Settings module and then Event Notifications.
To report a security policy violation by email, set an event with the severity Critical or Warning and of the type Security as a mail notification target.
The following table describes the correspondence between the severity of each event to be reported and the violation level of the security status:
Severity
Violation level
![[Figure]](GRAPHICS/ZU030004.GIF)
(Critical)
![[Figure]](GRAPHICS/ZU990047.GIF)
(Critical)
![[Figure]](GRAPHICS/ZU030005.GIF)
(Warning)
![[Figure]](GRAPHICS/ZU990048.GIF)
(Important)
![[Figure]](GRAPHICS/ZU990049.GIF)
(Warning)
![[Figure]](GRAPHICS/ZU030006.GIF)
(Information)
![[Figure]](GRAPHICS/ZU990050.GIF)
(Safe)
- 2. Check the sent email.
-
You can check the occurrence conditions of a security-related event in the email sent from JP1/IT Desktop Management 2. If a critical event has occurred, start the operation view of JP1/IT Desktop Management 2 from the URL written in the email, check the security status, and then take necessary measures.
The following figure shows the content of an email to be sent:
![[Figure]](GRAPHICS/Z070002J.GIF)
- 3. Check the security status.
-
In the operation view of JP1/IT Desktop Management 2, you can obtain detailed information such as the details of a security policy violation and the location in which the security policy violation occurred. In the Home module or Security module, check the status of the computer judged as Critical and take action.
For mail notification, you need to specify the mail server to be used to send and receive emails.
Related Topics:
(2) Automatically taking measures against a security policy violation
If you enable automatic enforcement, when some security configuration item of a computer is in violation of a security policy, that security configuration item is automatically changed to its expected status.
If you set automatic enforcement to a security policy, the security configuration items of computers are automatically changed to their expected status at the time when a security policy is applied to computers. Automatic enforcement can save the administrator of JP1/IT Desktop Management 2 and computer users the effort of taking necessary measures. According to the security principles and operation in your organization, examine the security configuration items for which automatic enforcement is enabled in a security policy.
- Tip
-
For example, in an environment where Windows Firewall is disabled intentionally, if automatic enforcement enables Windows Firewall, a problem might occur with operation. In such a case, set a security policy not to apply automatic enforcement to the specified security configuration items.
You can see if necessary measures are taken against a security policy violation by confirming that Safe () is displayed for the relevant item in the Security module.
Related Topics:
(3) Manually taking measures against a security policy violation
If you select manual enforcement, when you check the security status and find some security configuration item of a computer is in violation of a security policy, manually take measures against that violation.
- Forcibly take measures.
-
For the security configuration items for which you can enable automatic enforcement, if some security configuration item is in violation of a security policy, you can forcibly take measures against that violation in an arbitrary timing.
- Request the user to take measures.
-
You can set the configuration to automatically send an arbitrary message including details of a security policy violation to the user of the computer that is in violation of a security policy. Using this function with automatic enforcement, you can request the user to take measures in the security configuration items (such as password strength and power on password) to which automatic enforcement is not (cannot be) applied. To enable automatic message notification, specify the settings in Action Items in the Add Security Policy dialog box or the Edit Security Policy dialog box.
You can also set the configuration to send a message to a computer user in an arbitrary timing.
You can see if necessary measures are taken against a security policy violation by confirming that Safe () is displayed for the relevant item in the Security module.
Related Topics:
(4) Taking measures against a security policy violation by a computer managed offline
The following automatic enforcement items do not work for computers managed offline:
-
Auto Enforce for Install Updates
-
Auto Enforce for prohibited software (uninstallation)
-
Auto Enforce for mandatory software
For that reason, if you (administrator) check the security status and find that some security configuration item that automatic enforcement does not work for is in violation of the security policy, you must directly instruct the user of the computer to take necessary measures.
After the user has taken necessary measures, obtain the device information of the computers managed offline again to check the security status.
You can see if necessary measures are taken against a security policy violation by confirming that Safe () is displayed for the relevant item in the Security module.