Versions Compared

Old Version 55

changes.mady.by.user Former user

Saved on

compared with

New Version 56

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before you begin, you must:

...

  1. Log into your DSM as the Security Administrator. 
  2. In the menu bar, click Policies



  3. Click Add Online Policy
  4. In Name, enter a descriptive name. 
    • Once you enter a name for a policy, you cannot change it. 
  5. In Description, enter a short description to help identify the purpose of this policy, such as Database_Policy. 
    • You can change this description at a later time. 
  6. (Optional) Select Learn Mode
  7. Under Security Rules, click Add



  8. In the window that appears, there are six options: 
    • Resource - Specifies which folders or files in a GuardPoint can be accessed. 
    • User - Specifies the users or user groups that can access the GuardPoint.
    • Process - Specifies the executables that can access the GuardPoint, such as usr/lib/exec/mysql.exe.
    • When - Specifies the date and time range when files can be accessed.
    • Action - Specifies the allowed file action, such as read, write, remove, rename, make directory, etc.
    • Effect - The following options correspond to Effect
      • Permit - Permits access to the data.
      • Apply Key - Enables users and processes the ability to encrypt and decrypt data inside of the GuardPoint.
      • Audit - Creates an entry in the DSM message logs that describes what data is being accessed, when the attempt was made, and the security rule being applied. 

      • Deny - Denies access to the data. You can also deny users or processes by simply leaving them out of the policy rules. 





        Note

        A blank field indicates the value of All.

        Also, note the policy rules are read in a descending order, similar to firewall rules.

  9. To learn more about each of these options, continue to the appropriate section below. 

...

Expand
titleRule Criteria (Action) 

This topic explains how to create an Action Set. This option allows you to limit the type of actions a user or process (with permitted access) can execute in a GuardPoint.   

  1. Next to Action, click Select

    Image Modified

  2. Mark the actions you want to allow your users or processes to be able to execute in the GuardPoint. 
  3. Click Select Action

    Image Modified

  4. Note that the Actions field is now populated. In Effect, click Select, and then mark the desired permissions.
  5. Click Ok

    Image Modified

  6. Mark the desired rule, and then click Up to move the rule above the catch-all rule. 
  7. Click Apply to save. 

    Image Modified
Expand
titleRule Criteria (Effect) 

The Effect field must be completed; this is the only mandatory field to complete in order to create a policy rule.

The Effect field will either permit or deny access, and additionally, determine if the rule should be audited or if the encryption key will be applied.

The following table shows the available options:

Type of EffectAction
PermitPermits access to the data.
Deny

Denies access to the data.

Apply KeyEncrypts the data written into the GuardPoint with the key specified in the Key Selection Rules tab.
Audit

Creates an entry in the Message Log that describes:

  • What data was accessed
  • When the data was access
  • The applied security rule

Image Modified


Next Steps

Next, Introduction to GuardPoints and the Copy Method.

...