Defining the Security Policy

SurfinCheck is installed with a default security policy applicable for the entire organization. In order to customize the SurfinCheck settings to reflect your individual organization's needs, it is recommended that you review the default security policy and make adjustments accordingly.

To fully customize SurfinCheck's security policy to your organization:

Review and Set the Corporate Security Policy: review the default settings of the corporate security policy which apply to all users of the organization. If needed adjust the policy to your organization's needs.
Set Group/User Security Policy: determine which groups and/or individual users within your organization require exceptions to the Corporate Security Policy, and adjust each group/user policy accordingly.

About the Security Policy

SurfinCheck allows you to define a security policy (SP) for downloadables that will be allowed or denied access to your network. You can:

Block all Java applets regardless of their activity or identity
Block Java applets that perform specific operations (see a detailed list of the operations in the next section)
Block/allow ActiveX controls
Block/allow JavaScript
Block/allow Visual Basic script
Block/allow Plugins

Blocking Java Applet Performing Specific Operations

SurfinCheck can be set to block Java applets that perform any of the following operations:

File
operations Read file
Write to file
Delete file
Rename file
Get file info
Create directory

Network
connection Listen to socket
Connect to socket
Send info via network
Receive info via network
Get user network info (e.g., get the host IP address)
Get network info (e.g., get the IP of a remote host)

Runtime Run executable
Change Java Security Manager
Set user properties (e.g., operating system, browser)
Change Java class loader
Exit browser

By default, all the above options are selected, so that any applet performing any of these operations is blocked.

Setting Multi-Level Security Policies

SurfinCheck allows you to define a security policy for:

the entire corporation
a specific department or group of users
an individual user within the organization

By default, SurfinCheck is supplied with a policy for the entire organization. This security policy is defined using a group called Corp in the Users and Groups window.

In many cases, however, you will want to define a different policy for a specific department or even for an individual user. For example, you may want to define a restrictive policy for an accounting department due to the sensitivity of the data.

When you initially define a group or user, its Security Policy is inherited. This means that users and groups automatically inherit the security policy of the entity above them. However, you can explicitly define a security policy for a group or a user that is more rigid or lenient than the entity above.

The Security Policy is set from the Users and Groups window.

Setting the Security Policy

To set the security policy:

Press the Users and Groups icon in the SurfinConsole toolbar.
Select the group or user name in the left part of the Groups and Users window. (To set the policy for the entire organization, select the Corp group.)
If you want to set a specific policy for a group or user (and override the security policy of the parent entity), set the Policy Origin to Local in the right part of the window.
Set the policy for Java, ActiveX, JavaScript, VBScript, and Plugins, by selecting the appropriate options in the right part of the window.

File operations	Read file Write to file Delete file Rename file Get file info Create directory
Network connection	Listen to socket Connect to socket Send info via network Receive info via network Get user network info (e.g., get the host IP address) Get network info (e.g., get the IP of a remote host)
Runtime	Run executable Change Java Security Manager Set user properties (e.g., operating system, browser) Change Java class loader Exit browser