Managing user privileges is one of the first steps in securing desktops from unauthorized use. However, privilege management can be a complex and difficult process. Viewfinity removes much of that complexity and should be useful for regulatory compliance.
by Frank Ohlhorst
In the past, administrators looking to lock down PCs and servers had to rely on complex, difficult-to-audit schemes that used policies driven by a directory service, such as Microsoft's Active Directory. That approach involved the creation of granular policies using native operating system tools that proved tedious at best, unenforceable at worst.
Viewfinity in the lab
I found that Viewfinity offers an easy-to-use, Web-based management console, which is laid out in dashboard fashion. Here, it was pretty easy to determine what to do. For example, if I wanted to control administrative privileges for a group of PCs or users, I could simply select from the "Policies" menu and then select "Create policy," which would offer me some choices, such as "Elevate privileges," "Application policy" or "Computer policy." With "Elevate privileges" I was presented with choices from which to create rules for the privilege set, such as "Run application with administrative privileges" or "Permit ActiveX control installation," and so on.
The rule selection can get very granular, allowing administrators to fine-tune access and control policies. Administrators also have the option of creating policies based upon specific applications or specific computers. Application policies that control privileges can be very useful. Take for example a situation that requires an application to have access to certain low-level OS functions. Let's say it is an application that uses an ActiveX control—normally, you may want to lock down access to that control to prevent a breach. With Viewfinity, you can grant temporary privileges to the application, allowing access to the normally locked-down ActiveX control, so the application can function properly, while the level of security remains high.
That granularity fits well with the preferred security concept of locking everything down and only allowing access to what is required. Viewfinity offers a plethora of policy controls that can be combined, grouped and assigned in multiple fashions. That level of flexibility allows administrators to create complex policies that span several administrative privileges on a PC. That bodes well for those trying to meet regulatory compliance requirements, such as HIPAA (Health Insurance Portability and Accountability Act), FDCC, PCI or the Sarbanes-Oxley Act, which encompass access controls and the control of sensitive information.
... [read the full review]
Viewfinity also offers comprehensive auditing reporting, which lets administrators create full audit reports identifying who has what privileges. Auditing goes one step further to record activity, access attempts and dependencies required by applications and processes.
Read the full review: http://www.eweek.com/c/a/Security/Viewfinity-Takes-the-Pain-out-of-Privilege-Management-720233/