Computer
Configuration in Network Enforcer
Security Thresholds
and Responses
To configure Network Enforcer's security thresholds for
each computer select a computer (or computers) from the list, and
click on "Configure Computer" then "Configure Threshold Levels
and Responses". In the threshold configuration window you will
be able to set a threshold for each filter security level (low,
medium, and high), and specify how the Network Enforcer client
on the selected computer will respond.
For instance: If you have the LOW Security threshold set to
10 it will take 10 filter violations before the Network Enforcer
client will do any of the specified responses/actions you have
enabled (i.e.: alert the user, or email the administrator, or
shut the computer down).
Security thresholds make it possible for you to NOT be alerted
every time something unwanted happens, but if it happens often
enough THEN you are alerted. On the other hand, you can set the
thresholds (say a HIGH Security threshold of 1) so that you are
alerted right away when a behavior occurs, allowing you to react
instantly (or have Network Enforcer lock the computer, shut it
down, etc. right when it happens).
Behavior/Activity
Filters
The behavior/activity filters make up the core of the Network Enforcer
software. Network Enforcer allows you to add filters for the following
behavior categories:
- Application Usage - watches for unauthorized applications
from being ran
- Website Visits - watches for unauthorized website visits
- File System Activity - watches for unauthorized file system
usage (deletions, opens, creations, modifications, etc.)
- Email Activity - watches for unauthorized email activity
(specific file attachments, recipients, subjects, senders,
domains, etc.)
- Keystrokes Typed - watches for unauthorized keystroke combinations/phrases
(such as passwords, company names, phone numbers, etc.)
- Windows Used - watches for unauthorized windows interacted
with
- Internet Connections Established - watches for unauthorized
internet connections (connections on specific ports, to certain
hosts, etc.)
Each filter you add has a security level - low, medium, or high.
Less critical behaviors should be classified as low security,
whereas network critical behaviors (such as a user accessing
a top secret file, or router website control panel) should be
given a high security classification.
To add a filter simply click on "Configure Computer" (after
selecting a computer/computers), and then "Configure Activity
Filters". In the activity filter window enable what behaviors
you want watched (i.e.: Application Usage, Website Visits, etc.)
and then click "Add Filter" to add a filter. Choose the filter
you want to add from the popup menu and follow the directions
given for each filter type you choose.
For instance: If you do not want a user running solitiare.exe,
you would click on "Add an Application Filter..." then enter
"solitaire.exe" as the application to trigger the filter. Finally,
specify a security level for the filter. If the user runs solitaire
enough times to trigger the appropriate security threshold it
is classified under Network Enforcer will respond as configured
in your threshold settings for that computer.
Activity Blocking
Network Enforcer can block specific behaviors, as well. Network
Enforcer can restrict specific websites, applications, and windows
from being opened. To configure blocking, click on the "Blocking"
button in the Activity Filters configuration window. Here you
will be able to tell Network Enforcer to close applications,
websites, and windows based on their security level.
For instance, if you do not want to block a low or medium level
website from being visited, but do not want a high security website
to be viewed, you would enable the "Close HIGH Security Websites
Visited".
Network Enforcer can restrict many popular chat clients from
being executed as well. To enable chat filtering click on "Chat
Filters" in the Activity Filters configuration window, then check
off what chat clients you do not want to be used on your network.
You can assign a security level to chat client filtering so they
count towards the security thresholds if they are executed.
Synchronizing Settings
Once you configure settings for a computer you will need to synchronize
them with the client. Basically, this just tells the remote client
on the computer selected to update its settings based on what
you have configured for that computer. Whenever you make changes
you will be automatically prompted to resync, but you can manually
resync settings at anytime by using the synchronization commands
under the "Configure Computer" menu.
If you need to configure ALL settings choose "Synchronize Settings".
If you need to just resync the activity filters, choose "Synchronize
Activity Filters".
Importing and Exporting
Settings
Network Enforcer allows you to quickly and easily transfer settings
between computers. Once you have a filter-set you are happy with,
you can click on the "Export" menu item under "Configure Computer"
and export the activity filters, threshold settings, or all settings.
Once exported the settings can then be imported to other computers
by selecting those computers and clicking on an "Import" menu item
under the "Configure Computer" menu. These settings will be transferred
immediately and you will then be prompted to sync the settings
with the Network Enforcer clients. This allows you to configure
multiple computers in mere seconds once you have an initial computer's
settings and filters configured.
Login Settings
An administrative login is required for each computer you want to perform remote
client installation on. If you need to change login settings you can do so
by clicking on "Configure Computer" then "Configure Computer Login Settings".
The login settings are not required if you plan on physically installing the
client on each computer.
