This topic article explains your options for creating Vormetric policy rules and how to configure these rules in your DSM (Data Security Manager). These rules will determine who or what has access to your encrypted data.
Video Tutorial
...
Widget Connector |
---|
overlay | youtube |
---|
_template | com/atlassian/confluence/extra/widgetconnector/templates/youtube.vm |
---|
width | 400px |
---|
url | https://www.youtube.com/watch?v=FXRih1bzZaQ |
---|
height | 300px |
---|
|
Prerequisites
...
Before you begin, you must:
What Are Policy Rules?
...
A policy rule is a statement that gives you options to allow, deny, apply an encryption key, and audit access attempts on a GuardPoint based on a combination of 6 criteria. The policy rules are analyzed in descending order, similar to firewall rules, which means the order of these rules is important.
Create a Policy with Security Rules
...
Log into your DSM as the Security Administrator.
...
In the menu bar,
...
click Policies.
...
Image Modified
...
Click Add Online Policy.
...
...
In Name, enter a descriptive name.
...
...
...
In Description, enter a short description to help identify the purpose of this policy, such as Database_Policy.
...
...
(Optional)
...
Select Learn Mode.
...
...
...
...
...
...
...
...
Under Security Rules,
...
click Add.
...
...
Image Added
In the window that appears, there are six options:
...
...
...
...
...
...
...
...
Specifies the allowed file action, such as read, write, remove, rename, make directory, etc.
Effect
...
...
...
...
...
...
...
...
...
...
Image Added
Note |
---|
A blank field indicates the value of All. Also, note the policy rules are read in a descending order, similar to firewall rules. |
To learn more about each of these options, continue to the appropriate section below.
...
Expand |
---|
title | 1. Rule Criteria (Resource) |
---|
|
This topic explains how to create a new Resource Set. Next to to Resource, click click Select.
Image Removed Image Added
In the window that appears, click click Add. This window also lists pre-existing resource sets.
Image Removed Image Added
In
In Name, enter a descriptive name for your Resource Set. Click Click Add to to specify a resource inside of your newly created Resource Set.
Image Removed Image Added
In the the Add Resource screen screen, you can define a folder in the directory field, as well as individual files. When you specify a resource, the typed path must start where the GuardPoint ends. In the following example, the intended resource is is test.pdf, located inside the the C:\Data directory directory. Since the GuardPoint is is C:\Data, you can manually type in your resource in the the File field field. Image Removed Image Added
Note |
---|
When specifying a resource, do not use Select a Host or the Browse function to designate a directory path. This feature automatically puts the full path of the resource in the Directory field. This action will cause the rule to be analyzed incorrectly. Also, by default, the Include Sub-Folders is selected. This option permits access to any sub-folders beneath the specified resource. If necessary, you can unmark this option. |
Click Ok Click Ok to apply the new the new resource to your Resource Set. click Image Removed Click Click Ok. In the list of of Resource Sets, mark the desired resource set, and then click click Select Resource Set.
Image Removed Image Added
The Resource Set is now applied to the policy rule. You You now have the option to add other criteria or select a desired desired Effect. Image RemovedNext to to Effect, click click Select, and then mark then mark the desired permissions. Click Click Ok. Mark the rule, and then click click Up to to move the new rule above the catch-all rule.
Image Removed Image Added
|
Expand |
---|
title | 2. Rule Criteria (User) |
---|
|
This topic explains how to create a new User Set. This option allows specific, authorized users or user groups to access a GuardPoint. Next to to User, click click Select.
Image Removed Image Added
In the window that appears, to create a User Set, click click Add. click type the Image Removed In In Name, enter a descriptive name. In Image Removed Click Click Browse Users. In In Host Name, select host to browse. In In Domain, select the same host for your local virtual machine accounts. Image Removed(Optional) You can configure how to browse for Users, either by single single Members, Groups, or or Group Members. Click Click Ok to to populate the desired user list.
Image Modified
In the window that appears, enter the Admin credentials for the virtual machine that you want to remote browse, and then click click Ok.
Image Modified
Mark the users you want to add to your User Set. Click Click Ok.
Image Modified
Mark the desired User Set. Click Click Select User Set. The The newly created User Set will populate the the User field field. Next to to Effect, click click Select, mark the desired permissions, and then click then click Ok. Mark the rule, and then click click Up to to move the new rule above the catch-all rule. Click Click Apply to to save your changes, and then click click Ok to to return to the list of policies.
|
Expand |
---|
title | 3. Rule Criteria (Process) |
---|
|
This topic explains how to create a Process Set. This option allows a path or paths and their executables to access a GuardPoint. In the menu bar, click click Policies, mark the link for the policy you want to add, and then click click Add. Next to to Process, click click Select.
Image Removed Image Added
In the the Select Process Set window window, click click Add.
Image Removed Image Added
In
In Name, enter a descriptive name. Click Click Add.
Image Removed Image Added
Click
Click Select to to choose a host. Click Click Ok. Mark the desired host. Click Click Select.
Image Modified
Note that the the Host field field is now populated. Click Click Browse to to find the directory path.
Image Removed Image Added
In the window that appears, select (highlight) the parent directory where the executable lives, and then click click Ok.
Image Removed Image Added
Note that the the Directory field field is now populated. In In File, enter the executable name. Click Click Ok.
Image Removed Image Added
Click
Click Ok.
Image Removed Image Added
Mark your newly created Process Set. Click Click Select Process Set.
Image Removed Image Added
In
In Effect, click click Select, and then mark then mark the desired permissions. Click Click Ok.
Image Removed Image Added
Mark the rule, and then click click Up to to move the new rule above the catch-all rule. Click Click Apply to to save and apply your Process Set and policy rule.
Image Removed Image Added
|
Expand |
---|
title | 4. Rule Criteria (Time) |
---|
|
This topic explains how to create a Time Set. This option allows or denies access to a guarded folder based on a configured day and time. Next to to When, click click Select.
Image Removed Image Added
Click Add
Click Add to create a Time Set. In In Name, enter a descriptive name for the Time Set. Click Click Add to to create time parameters.
Image Removed Image Added
Configure your desired time parameters. Click Click Ok to to populate the time parameters into the Time Set.
Image Removed Image Added
Mark the desired Time Set. Click Click Select Time Set.
Image Removed Image Added
In
In Effect, click click Select, and then mark and then mark the desired permissions. Click Click Ok to to add this Time Set to the policy. Mark the desired rule, and then click click Up to to move the rule above the catch-all rule. Click Click Apply to to save.
Image Removed Image Added
|
Expand |
---|
title | 5. Rule Criteria (Action) |
---|
|
This topic explains how to create an Action Set. This option allows you to limit the type of actions a user or process (with permitted access) can execute in a GuardPoint. Next to to Action, click click Select.
Image Removed Image Added
Mark the actions you want to allow your users or processes to be able to execute in the GuardPoint. Click Click Select Action.
Image Removed Image Added
Note that the the Actions field field is now populated. In In Effect, click click Select, and then mark and then mark the desired permissions. Click Click Ok.
Image Removed Image Added
Mark the
Mark the desired rule, and then click click Up to to move the rule above the catch-all rule. Click Click Apply to to save.
Image Removed Image Added
|
Expand |
---|
title | 6. Rule Criteria (Effect) |
---|
|
The Effect field must be completed; this is the only mandatory field to complete in order to create a policy rule. The Effect field will either permit or deny access, and additionally, determine if the rule should be audited or if the encryption key will be applied. The following table shows the available options: Type of Effect | Action |
---|
Permit | Permits access to the data. | Deny | Denies access to the data. | Apply Key | Encrypts the data written into the GuardPoint with the key specified in the Key Selection Rules tab. | Audit | Creates an entry in the Message Log that describes: |
Image RemovedImage Added |
Next
...
Next, Step:Introduction to GuardPoints and the Copy Method.
Topics Discussed