F-SECURE POLICY MANAGER 8.0 Administrator's Manual - page 29
CHAPTER 3
29
Installing F-Secure Policy Manager Server
F-Secure Policy Manager's Built-In Security Features
F-Secure Policy Manager has built-in security features that ensure
detection of changes in the policy domain structure and policy data. More
importantly, it is impossible to deploy unauthorized changes to managed
hosts. Both these features rely on a management key pair that is
available to administrators only. These features, based on strong digital
signatures, will in most cases provide the right balance between usability
and security in most Anti-Virus installations, but the following features
may require additional configuration in high security environments:
1. By default, all users can access the Policy Manager Server in
read-only mode but are only able to view the management data. This
is a convenient way of sharing information to users who are not
allowed full administrative rights. Multiple users can keep a read-only
session open simultaneously, monitoring the system status without
affecting other administrators or managed hosts in any way.
2. To enable easy migration to new management keys, it is possible to
re-sign the policy domain structure and policy data with a newly
generated or previously existing key pair. If this is done accidentally,
or intentionally by an unauthorized user, the authorized user will
notice the change when he tries to login to F-Secure Policy Manager
the next time. In the worst case, the authorized user needs to recover
backups in order to remove the possible changes made by the
unauthorized user. In any case, the policy domain structure and
policy data changes will be detected, and there is no way to distribute
the changes to managed hosts without the correct original key pair.
Both of these features may be undesirable in a high security environment
where even seeing the management data should be restricted. The
following measures can be taken to increase the level of system security: