User manual ALCATEL-LUCENT ICS DISSOLVABLE AGENT FOR SAFEGUARD

[. . . ] ICS Dissolvable Agent for SafeGuard Alcatel-Lucent Release 2. 2 ICS Release 4. 0 Administration Guide PART NUMBER: 005-0030 REV A1 PUBLISHED: MARCH 2007 ALCATEL-LUCENT 26801 WEST AGOURA ROAD CALABASAS, CA 91301 USA (818) 880-3500 WWW. ALCATEL-LUCENT. COM Alcatel-Lucent Proprietary Copyright © 2007 Alcatel-Lucent. This document may not be reproduced in whole or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the AlcatelLucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. 2 ICS Dissolvable Agent for SafeGuard Administration Guide Contents Preface About this Guide . [. . . ] This option does not display the scan report to end users but is useful for gathering information about potential issues with your network before you restrict end point connections. This action is only available for Anti-spyware scan rules. Warn Observe Allow Remediation -- Use the remediation area to specify resources and information that the end point users need to become compliant with the enforcement rule. For example, if the rule requires an anti-virus program, you should provide a link to a location where the end point user can download the application and instructions on how to install it. Because users might be repeatedly warned, or even denied access if they do not comply, it is important to make sure you provide sufficient and clear remediation resources. In Alcatel-Lucent's End Point Validation (EPV) feature, a bypass policy is required to perform remediation. See the section, Creating Global Bypass Policies, in the End Point Validation chapter of the OmniAccess SafeGuard OS Administration Guide for further details. Enforcement Rule Types Use enforcement rules to control which applications your users must, or must not have on their computer when they connect to your network. There are the following types of enforcement rules: ICS Dissolvable Agent for SafeGuard Administration Guide 25 Chapter 4: Administering Security Scanner Policies Firewall Application -- Use firewall application rules to require a certain firewall application. Anti-Virus Application -- Use anti-virus application rules to require a supported anti-virus application. If you want to require an anti-virus application that is not supported, use the custom application rule. Anti-Spyware Scan -- Use anti-spyware scan rules to prohibit certain spyware types. Custom Application -- Use custom application rules to prohibit or require any application. Custom Group -- Use Custom Group rules to bundle custom application enforcement rules into one rule. When you put enforcement rules in a group, the end point computer must meet at least one of the conditions in order to be in compliance. See Custom Group Rules on page 31. Firewall Application Rules Firewall application rules determine which firewall applications end point computers must have when they are logged onto your network. You can use this feature to require that end point users obtain the latest version of an Integrity client when they connect to your gateway. Creating a Firewall Application Rule The steps below give an overview of creating a firewall application rule. For detailed information about individual user interface elements, and how to complete the page, see the online help. To Create a Firewall Application Rule: 1 2 3 Log into the ICS Administrator Console and click Enforcement Rules. On the Enforcement Rules page click New Rule and choose Firewall Application. If end point computers violate these conditions they are considered to be out of compliance. 4 5 Select the action you want ICS to take if the end point user is not in compliance with this rule. Use the remediation area to specify any information or resources you want to provide to end point users to help them to become compliant with this rule. 26 ICS Dissolvable Agent for SafeGuard Administration Guide Chapter 4: Administering Security Scanner Policies 6 Click Save Rule. Anti-virus Application Rules It is important to protect your network from viruses. Every time an end point user logs in, your network is exposed to any viruses that the end point computer is infected with. Users who access your network through a gateway are particularly likely to be infected, since they are more likely to use their computers for personal uses, which put them at risk for viruses. [. . . ] Using this information, you can then provide remediation information to the user. Spyware Found Use the Spyware Found report to see how often particular spyware applications were found on your end point computers. If you find that ICS is scanning for a particular spyware application that you want to allow, you can add it to the ignore list. See AntiSpyware Scan Rules on page 29. Rules Broken Use the Rules Broken report to determine which rules are causing your end point users the most trouble. If a rule is consistently being broken at a high rate, that may indicate the rule is too strict or that you are not providing enough remediation information for that rule. Anti-Keylogger The Anti-Keylogger report shows processes that were flagged by ICS as potentially being keyloggers. [. . . ]