Sample policies

Seven sample policies are shipped with Symantec ESM. After installing Symantec ESM, make copies of the sample policies, then rename and edit the copies to implement your company's security policy.

The following sample policies are shipped with Symantec ESM and let you begin with the most basic security issues and resolve any weaknesses before proceeding to the next level of complexity:

Phase 1

The Phase 1 policy includes the following modules:

  • Account Integrity

  • Disk Quota

  • Encrypted File System

  • File Watch

  • Login Parameters

  • Network Integrity

  • OS Patches

  • Password strength

  • Startup Files

  • System Auditing

Phase 2

The Phase 2 policy includes the following modules in addition to the modules in Phase 1:

  • File Attributes

  • Object Integrity

  • Registry

  • User Files

Phase 3

Phase 3 policies let you apply different standards to various networks or computers, such as Relaxed for development or testing, Cautious for production, and Strict for sensitive areas such as finance or strategic planning.

Phase 3 has the following types:

  • Phase 3:a Relaxed

    Includes all modules in Phase 2 with more security checks enabled

  • Phase 3:b Cautious

    Includes all modules in Phase 3:a with more security checks enabled and the Backup Integrity module

  • Phase 3:c Strict

    Includes all modules in Phase 3:b with more security checks enabled

Queries

The Queries policy reports account information and file permissions. It includes the following modules:

  • Account Information

  • Discovery

  • File Watch

  • User Files

Dynamic Assessment

The Dynamic Assessment policy integrates your customized scripts and programs with Symantec ESM. It uses the Integrated Command Engine (ICE) module.

[an error occurred while processing this directive]