CA ControlMinder lets you protect Windows services. A Windows service is a program that runs in the background on Windows, and is the Windows equivalent to a daemon on UNIX.
The CA ControlMinder Windows service protection intercepts service access events that originate from one of the following:
CA ControlMinder intercepts the services.exe process for each service access. This includes starting or stopping a service. For example, net start service, net stop service, and so on, are all protected.
Intercepted events in this case are audited using the protected service's name.
CA ControlMinder intercepts registry calls to the service control management database to protect against service state queries or changes. This means that CA ControlMinder automatically protects the registry areas that are associated with the protected service. Effectively, CA ControlMinder protects the following registry keys when you define service protection:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service_name HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service_name\*
Intercepted events in this case are audited using the full registry path.
You protect a Windows service in the same way as you protect other resources, that is by creating assigning a resource to the service and adding accessors to the resource's access control lists. The resource class for a Windows service is WINSERVICE. A WINSERVICE resource has two access control lists: an ACL and an NACL. Valid access types for an entry in a WINSERVICE access control list are:
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|