eWeek - January 4, 2010

However, I found that once I checked the Dashboard and put out any fires, it made more sense to ditch it and use the full screen for the management interface.

There is a graphical indicator of overall system status in the lower right-hand corner of the Enterprise Console. The indicator is a green check if all is well, and a red exclamation point if there is trouble. During tests, when the indicator turned into an exclamation point, I double clicked it and the dashboard popped up, allowing me to see how the error affected my network as a whole. I could then drill down to address issues on individual computers.

Developing policy

When implementing the suite,
the first major task is to develop
policy in its major security areas:
antivirus, HIPS (host-based IPS),
firewall, NAC (network access con-
trol), application control, data con-
trol and device control.

However, a word of caution is necessary: Always test a new policy before widespread deployment to avoid deploying a policy that causes disruption of network, application and data services, such as a “block all” firewall rule or a NAC rule that would completely isolate a computer. This is largely a caution with all products in this class, but with Sophos, you get no warning that something could be broken if you take a particular action.

The basic interface of Sophos Enterprise Console is divided into three areas. Groups and policies are organized along the left, and the main pane shows computers. Clicking on a computer brings up more info, either in a new pane below or a pop-up showing details down to the individual log events, which is a fantastic help in troubleshooting.

I could also right-click a group or
computer and order an immediate
full scan. Being able to efficiently
make changes, deploy policy, scan
and check for errors also stream-
lines troubleshooting.

By clicking the Find New Computers button at the upper left, I I deployed a reasonable bunch of policies for computers connected to an internal network. Speaking of which, all network rules have the ability to be configured for multiple locations, so a laptop could be configured to allow Windows file sharing in the office but block it everywhere else.

I used pretty standard settings for AV and HIPS policy. I configured the firewall to inspect and log exceptions to policy, but not to block. This way, I could review logs and tweak firewall policy before blocking real traffic.

Application control is where it starts to get interesting. Applications and categories of applications can be blocked from installation and execution, or just logged. On the authorization tab of the Application Control Policy edi-

SOPHOS FROM PAGE 25

Above: The dashboard shows alerts and errors at a glance. Clicking on any alert category brings up a list of computers with that alert condition. Right: Once those fi res were put out, I found it was better to close the dashboard and work directly within the standard interface.