Investigating Rules that Allow Communication to the Internet
SUMMARY In Policy Monitor, device tests are used to identify rules on a device that violate a defined policy, or changes that introduce risk into the environment.
Device tests are used to identify rules in a device that violate a defined policy or changes that introduce risk into the environment. From a network security perspective, it is important to know about changes to device rules. A common occurrence is when servers get unintentional access to the Internet because of firewall change on the network. JSA Risk Manager can monitor for rule changes on network devices by creating a policy monitor question based on the device rules.
Create a Policy Monitor question that checks what devices have access to the Internet.
- Click the Risks tab.
- On the navigation menu, click Policy Monitor.
- From the Actions menu, select New Devices/Rules Question.
- In the What type of data do you want to return, click Devices/Rules.
- From the Importance Factor list, select the level of importance that you want to associate with your question.
- In the Which tests do you want to include in your question section, select the add (+) icon next to the test allow connections to the Internet. This action adds the test to your question.
- Click Save Question.
- Select the Policy Monitor question that you created for monitoring device rules.
- Click Submit Question.
- Review the results to see whether any rules allow access to the Internet.
- Monitor your protected assets by putting the Policy Monitor question into monitoring mode.