Page Comparison

...

Log into your DSM as the Security Administrator.
In the menu bar, click Policies.
Click Add Online Policy.
In Name, enter a descriptive name.
- Once you enter a name for a policy, you cannot change it.
In Description, enter a short description to help identify the purpose of this policy, such as Database_Policy.
- You can change this description at a later time.
(Optional) Select Learn Mode.
- Armor recommends that you select Learn Mode when you create and apply a new policy.
- The cloning feature allows you to create an identical policy for future GuardPoints that require the same access rules.
- To learn more about Learn Mode, see Create a starter policy with learn mode.
Under Security Rules, click Add.
In the window that appears, there are six options:
- Resource - Specifies which folders or files in a GuardPoint can be accessed.
- User - Specifies the users or user groups that can access the GuardPoint.
- Process - Specifies the executables that can access the GuardPoint, such as usr/lib/exec/mysql.exe.
- When - Specifies the date and time range when files can be accessed.
- Action - Specifies the allowed file action, such as read, write, remove, rename, make directory, etc.
- Effect - The following options correspond to Effect:
  - Permit - Permits access to the data.
  - Apply Key - Enables users and processes the ability to encrypt and decrypt data inside of the GuardPoint.
  - Audit - Creates an entry in the DSM message logs that describes what data is being accessed, when the attempt was made, and the security rule being applied.
  - Deny - Denies access to the data. You can also deny users or processes by simply leaving them out of the policy rules.
    
    Note
    A blank field indicates the value of All.
    Also, note the policy rules are read in a descending order, similar to firewall rules.
To learn more about each of these options, continue to the appropriate section below.

Expand

title	1. Rule Criteria (Resource)

This topic explains how to create a new Resource Set.

Next to Resource, click Select.
In the window that appears, click Add. This window also lists pre-existing resource sets.
In Name, enter a descriptive name for your Resource Set.
Click Add to specify a resource inside of your newly created Resource Set.

In the Add Resource screen, you can define a folder in the directory field, as well as individual files. When you specify a resource, the typed path must start where the GuardPoint ends. In the following example, the intended resource is test.pdf, located inside the C:\Data directory. Since the GuardPoint is C:\Data, you can manually type in your resource in the File field.

For example, Guard Point = C:\Data - File = test.pdf - Complete Path = C:\Data\test.pdf.

Note

When specifying a resource, do not use Select a Host or the Browse function to designate a directory path. This feature automatically puts the full path of the resource in the Directory field. This action will cause the rule to be analyzed incorrectly.

Also, by default, the Include Sub-Folders is selected. This option permits access to any sub-folders beneath the specified resource. If necessary, you can unmark this option.

Click Ok to apply the new resource to your Resource Set.
- (Optional) To add additional resources, click Add, and then return to step 5.
Click Ok.
In the list of Resource Sets, mark the desired resource set, and then click Select Resource Set.
The Resource Set is now applied to the policy rule. You now have the option to add other criteria or select a desired Effect.
- If you do not want to specify a resource in your policy rule, then you can move down and decide on the next option for your policy rule.
Next to Effect, click Select, and then mark the desired permissions.
Click Ok.
Mark the rule, and then click Up to move the new rule above the catch-all rule.

...

Versions Compared

Old Version 37

New Version 38

Key