Before you implement any policy, you should prepare the endpoint for the policy. This lets you later isolate issues that are specifically related to this policy.
To prepare an endpoint for policy deployment:
Use the latest available manufacture-supplied version and patch of the OS for OS policies. This lets you protect the system before a modification potentially compromises the system. After you apply the policy, you can apply patches and configure the system as required knowing that the policy protects the system from malicious or accidental changes. The same logic applies to applications.
Review the policy rules and add additional roles if required. Create your own policy that defines roles, users, and their relationship (role membership). You can then deploy this policy before or after the sample policy.
Make sure you do not give any single user too many privileges. For example, by default the superuser is added to ROL_AC_ADMIN, which provides CA ControlMinder administration privileges. However, the best practice is to remove this user and add security administrators to this group instead.
Create a new database before you implement the policy. This ensures that policy rules are not going to conflict or otherwise change existing rules in the database. If you cannot create a new database, you should back up the database so that you can restore it to the state before you applied the policy.
Back up the existing audit log file and then remove it. This ensures that CA ControlMinder will create a new audit log file when it logs new events. Having an audit log file that only contains events that relate to the policy you deploy can help you identify and isolate issues relating to the policy more quickly.
Verify that the preset CA ControlMinder variable values ("AC Variables Definitions" section), match your environment and add or modify values as required.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|