Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


November 2006

Examining Security-Policy Management

It all comes down to what’s important to your environment
From the November 2006 Edition
of Windows IT Pro
Blake Eno
Market Watch
InstantDoc #93688
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Companies create security policies for many reasons—perhaps you need to comply with corporate security standards, or you want to adhere to certain recommended best practices, or you need to abide by regulatory compliance. Your computing environment is unique, and therefore your security policies need to be tailored to your specific infrastructure. The biggest security-policy management challenge you probably face is accomplishing it all without increasing head count and costs.

You're probably on the lookout for an easy-to-use solution that provides visibility into your organization's current state, as well as automated remediation. You'll find a wealth of solutions on the market that seek to protect specific aspects of your organization— whether it's Active Directory (AD), file servers, workstations, or a combination of these or other areas. Where do you start looking for that perfect solution that targets your specific needs? Let's examine the various factors that might comprise a security-policy management solution, from AD integration to regulatory compliance to endpoint security.

Pillar Protection
AD is the central pillar of many organizations, and changes made to it can affect users company-wide. Administrators can use AD to push security policies across the entire enterprise, so it's vital that you know who is making changes, what the changes are, when the changes are being made, where the changes are being made, and why the changes are being made. NetPro considers this "5 Ws" list the centerpiece of its ChangeAuditor for Active Directory product. ChangeAuditor identifies these "5 Ws" for all changes to group and user configuration in the AD environment. NetPro offers similarly functioning modules for file servers and Microsoft Exchange Server.

Configuresoft's Enterprise Configuration Manager (ECM)—although not tied solely to AD—also plays a big role in the Windows security-policy management space, offering support for Exchange, Systems Management Server (SMS), and so on. Recognizing the uniqueness of individual environments, Configuresoft has fashioned a solution that collects thousands of asset, security, and configuration settings from throughout your enterprise and stores them in its Configuration Management Database (CMDB). You can then use this assembled information to determine which policies are appropriate for your infrastructure.

You should also consider NetIQ in this arena. Its Change Guardian for Active Directory is similar to NetPro's solutions, in that it ensures that all changes to AD are authorized, monitored, and audited.

Targeted Systems
Most vendors in the security-policy management market provide policy templates from popular industry experts or leading IT security organizations to help you secure your organization. Most of these templates are customizable, or if you feel up to the job, you can create your own template from scratch. New Boundary Technologies, like many other vendors, offers policy templates but sets itself apart from the competition in other ways. Its policy-management solution, Policy Commander, automatically implements, monitors, and enforces computer-security policies across your network, whether internal or remote. The unique aspect of Policy Commander is its specialized targeting of security policies. Targeting—based on each computer's configuration and role, security level, organization group, and location—lets organizations push a particular policy out to only the appropriate computers or servers that need it.

Altiris offers similar functionality but separates itself from the pack with its cross-platform support and agent/agentless structure. Altiris's SecurityExpressions automatically audits, deploys, and enforces security policies across all Windows, UNIX, and Linux desktops, notebooks, and servers. Such cross-platform support is becoming more and more important, as many IT shops are becoming increasingly heterogeneous.

Regulatory Compliance
Generally speaking, security is a never-ending battle that administrators fight across all aspects of the organization. Lately, security has played a key role in the midst of increasing regulatory-compliance pressures in the wake of Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) Act. Auditors now require that customers provide evidence of compliance policies, so it's important that you know where you're compliant and where you aren't.

Security-policy management solutions help you identify your compliance levels, but more important, such solutions help you—and your auditors—address any security gaps and learn how to bridge them. With its Directory Experts Conference Survey, NetPro polled users about their organizational priorities. Whereas 67 percent of respondents answered that improving Windows security was the top organizational priority, 73 percent of respondents marked compliance as the top priority.

   Previous  [1]  2  Next 


Learning Path For information about least privilege:
"Least Privilege User Accounts On Windows XP"

"Dealing with the Least Privilege Security Principle"


For information about NAC and NAP:
"Market Watch: Network Quarantine"

"Hey Microsoft!: QUARANTINE!"


For information about regulatory compliance:
"Is Your IT Infrastructure Compliance-Ready?"

"Sarbanes-Oxley Checklist"
Top Viewed ArticlesView all articles
Kon-Boot Lets You Bypass Logon for Windows and Linux

Kon-Boot looks like a very interesting tool since it can get you into a system without having to logon first. ...

Google to Take On Windows with New OS

It's official: Google will compete head-to-head with Microsoft's dominant Windows OS with a new system called Google Chrome OS. Based on the Google Chrome browser and not its previous OS effort, the smart phone-based Android system, Google Chrome OS will ...

Q. How can I continually check a performance counter from Windows PowerShell?

...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Addressing the Insider Threat with NetIQ Security and Administration Solutions

Why SaaS is the Right Solution for Log Management
Related Events Security Summit

Concrete Ways to Make Sure Your SharePoint Deployment Doesn't Blow Up

Top 10 Email Security Challenges and Solutions

Check out our list of Free Email Newsletters!
Active Directory (AD) eBooks The Essentials Series: Active Directory 2008 Operations

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

Test Drive IT Solutions and Get Free Music Downloads
Solve your toughest IT problems with these free downloads and receive 5 free music downloads!


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
How Thin-Client Virtual Desktops Can Improve ROI
Read this Essential Guide to get a technical overview of VDI and understand what you need to consider when planning for desktop virtualization.
New from Left-Brain.com - Exchange Server 2007 Training Package
This intensive, 21-hour training course can easily eliminate up to four years of trial, error, and frustration! You’ll learn how to avoid the costly misconfigurations that even the most seasoned experts make. Find out more!

Improve SharePoint Performance on a WAN
Learn how to increase in user-perceived remote performance in SharePoint 2007 while decreasing the load on W front-end servers (WFE).

Exchange Server Consolidation Using Virtualization
Find out the top 10 reasons your should consolidate Exchange and which consolidation strategy you should choose: physical, virtual, or both.

Desktop Management is a Never-Ending Job for Administrators
Get a complete desktop management solution to centralize the management of thousands of desktops that will help you keep up with increased demand with limited manpower.

Get Windows IT Pro To Go & Save 25%
The Windows IT Pro Master CD is a powerful combination of content and convenience. Instantly search over 10K solution-driven articles instantly, and get online access to new articles each month at windowsitpro.com. Subscribe today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement | Reprints and Licensing