Application Control for Windows
Not all the users in an organization require the same level of access to the Programs in Windows. It is advisable to grant minimum access to the Users to prevent any accidental or intentional misuse. Sectona PAM gives you the liberty to define such permissions through its Server Access Policy, wherein you can restrict or allow access to certain Programs for specific User Groups. You can choose these Programs from the existing library or add a new Program to the Program Repository.
This chapter will consists of the following:
- Building server access policy
- Defining application control
- Editing a policy
- Editing a Program in the library
- Deleting a policy
- Deleting a Program from the library
Before you begin
- You have installed the Server Control component on the target device.
- The Sectona Windows Monitoring Service is in running state.
- The User Group you wish to allow/deny access already exists.
Supported Access Types for Windows to enable
Building server access policy
- Navigate to Policies in the navigation bar.
- Select the Server Access Policy from the sidebar.
- Click on the Windows tab.
- Click on the +Add Server Access Policy button.
- Fill in the essentials(Policy details, User Groups and Parameters) in the form that appears.
- Policy Details: You need to enter the details of the policy you wish to create.
- Policy Name: Provide the name of the policy you want to create.
- Description: Enter a short description about the policy.
- Policy Type: Select whether you want to allow or deny permissions.
- Expiry: Set the expiry date of the policy.
- User Groups: In the Enforced to User Group(s), specify the User groups you want to apply the server policies on. In the Exception User(s), mention the Users who will be exempted from the server access policy. Click on Next
- Parameters: In this tab, select the Programs for which you want to allow or deny access. Confirm option means that authorized users will be asked to confirm their choice when they try to access the program(s)(set as a Parameter in the policy). The Elevate option will allow the user to elevate the access level. Click on Next.
The Allow permission allows only the selected application and restricts the rest of the application. The Deny permission denies all the selected application and allows the rest of the application.The Confirm and Elevate options will appear only if the Policy Type is set as 'Allow' in the Policy details. You can select either from Confirm and Elevate options, both of them or none of them.
- Summary: It displays a summary of your policy based on the input provided in the last three sections.
- Click on the "Finish" button.
Defining application control
By default, there exists a list of stored Programs for the ease of the user. To add a new Program to the Program Repository:
- Navigate to the "Policies" option in the navigation bar.
- Select the "Server Access Policy" from the sidebar.
- Click on the Windows tab.
- Click on the "+Program Repository" button.
- A page will appear where you will find again a button to "+ Add Program".
- Click on that and fill in the essentials for your new command to be created.
- Risk category: This describes the various types of risk that might occur during running the server access policy commands.
- Unusual user activity: If the user behavior in the system performing activities is unusual.
- User activity: If certain user activity is bringing about a risk.
- Unusual account activity: If the account activities in the system are unusual.
- Data theft and exfiltration: Accessing unauthorized data and retrieving it from a system or server.
- Privilege account abuse: When the privileged user ignores the policies or may be some malicious activity is taking place by access to unauthorized user.
- Accountability risk: Someone is responsible for stealing the data from the system or server.
- Identity theft: Someone pretends to be some else in order to get the access.
- General: Some misbehavior of the activities due to user performing it wrongly.
- Leapfrogging: Adapting to the user and system activities directly in order to have secure access of the data.
- Name: Specify the name you want to provide.
- Path: Specify the path of the application in the system.
- Exe Name: Provide with specific extension name.
- Process Name: Provide the name of the process for the app.
- Primary Title: Provide a title you want to.
- Secondary Title: Providing second title is optional.
- Version: Provide the version name (optional).
- Publisher: Provide the name of the publisher.
- Process description: Specify the description of what the process will do.
- Hash : Provide app hash which is (optional).
- Type: The command type may vary from the choice you made.
- Administrative
- Backup
- Configuration
- Remote access
- Risk category: This describes the various types of risk that might occur during running the server access policy commands.
- Click on the "Save" button.
Editing a policy
- Navigate to the "Policies" option in the navigation bar.
- Select the "Server Access Policy" from the sidebar.
- Click on the Windows tab.
- As the new page open you will find the list of existing server access policies.
- Click on to the policy name and make necessary changes in the form the window that appears.
- Click on the Update button and your policy will be updated.
Editing a Program in the library
- Navigate to the "Policies" option in the navigation bar.
- Select the "Server Access Policy" from the sidebar.
- Click on the Windows tab.
- Click on the "+Program Repository" button. A list of existing Programs appears.
- Click on the Program you want to modify and make the necessary changes.
- Click on to the update button and your Program will be updated.
Deleting a policy
- Navigate to "Policies" in the navigation bar.
- Select the "Server Access Policy" from the sidebar.
- Click on the Windows tab.
- A list of existing server access policies for Windows appears.
- Click on the delete icon in the last column. The policy will be deleted.
Description | Representation |
---|---|
Delete record |
Deleting a Program from the library
- Navigate to the "Policies" option in the navigation bar.
- Select the "Server Access Policy" from the sidebar.
- Click on the Windows tab.
- Click on the "+Program Repository" button and a list of existing Programs appears.
- Click on the Program you want to delete.
- Click on the delete button to remove that particular program from the list.
Changes made in a policy during a session will be implemented only after restarting the session.
Related How-to Articles