Active Security Explained

Active Security is used to collectively describe Ranger for Networks unique security solutions. When enabled Ranger's active security constantly monitors users actions checking them against user defined restrictions. When a security violation is committed Ranger will actively block the users illegal attempt and automatically log the incident for auditing and later reporting.

Securing Networks within Education Environments

With over 10 years experience providing security software to education establishments we understand the unique difficulties faced by network managers as they try to secure their network and yet still deliver a diverse range of software and services.

Securing a school network starts the same way as any other network. Concerns over Internet security and Virus protection but then on top of this school networks have unique demands such as a high volume of users with limited accountability for their actions, complex usage scenarios such as roaming users between physical locations and securing numerous software packages from misuse.

Trying to secure a network like this with only native windows security is extremely difficult and very time consuming. Limitations such as the inability to provide high level granularity over user actions and with no easily accessible reporting makes its difficult to know what the users are actually doing.

Rangers Active security on the other hand brings together a sophisticated selection of security options yielding immediate impact and ease of use. Providing network managers with the tools they need to quickly and easily secure the network. Using the highly configurable security options, Ranger can be customized to meet the specific schools network usage policy.

Ranger's Active Security Options

Rangers' security options spans a number of programs. The options include:

• Application Security
• Window Title Checking
• Drive Restrictions
• Path Limitations
• Time Restrictions
• Direct Intervention
• Rule based events (based on scheduled or network events)

The majority of Ranger's active security is configured within Ranger Administrator on a security group level. For each group the following can be configured:

Application Security

Ranger can stop programs by closing any program which is configured within the groups banned application list. Unlike security tools that work by closing a program based on the executable name, Ranger application security stops programs based on the programs unique signature.

Using Ranger Administrator to scan and acquire programs unique signatures the network managers can ban programs by simply dragging the desired program signature to the banned list.

This method stops determined users trying to rename programs off the network and then bringing them back in and trying to run them.

Window Title Checking

Ranger's title check security provides a powerful, highly configurable and granular solution. Using title checks you have control over complete programs or parts within. As long as a window title is displayed, Ranger can restrict its use.

For example you can stop access to Windows control panel or program such as Microsoft Word and also restrict access of Word's Tools - Options dialog.

Ranger's title checks is particularly useful for small third-party programs that do not have an associated Windows policies to control access or usage.

Drive Security

Ranger's drive security combines a number of security measures, working together to prevent users from accessing sensitive areas of the computer or network.

Hiding Drives

Controlling drive visibility is the first step, by removing local drives from Windows Explorer and programs file open or save dialogs you can quickly prevent users from browsing local folders and attempting to change system settings.

To ensure Windows and other programs continue to operate correctly, Ranger redirects any dialogs looking for the local disk to the users home area. This prevents application or system errors from being displayed. This measure has a secondary benefit that is it helps users to save work in consistent locations and prevent users from saving work to the local computer which is unavailable as they roam around the site.

Note: As part of a logon check, Ranger tests the availability of the users home area. If the location is unavailable Ranger will attempt to reconnect the drive to the users home area, should this fail a temporary area will be provided as an replacement.

Scanning paths

With drive security enabled, Ranger scans every input dialog and particular files for references to illegal drive locations. If an illegal drive or paths is identified the program is closed and the incident logged. For example if a user types "c:\" Ranger would remove the string and log the attempted access.

Protecting Network Shares

Drive security also activates UNC path scanning. This prevents users from accessing locations by the UNC e.g. \\server\share. This security measure is not meant as a replacement for good security practice including hiding and restricting shares permissions, however it provides immediate restriction of network locations which may have been missed.

Time limitations

Ranger can restrict application usage by time of day. This method works for both legitimate and restricted programs. By entering the program name into a list you can then specify in 15 minute blocks whether the program is to be allowed or restricted. If a program is already running before a time restriction window is entered, the program can be forcibly closed down.

LAN Ranger - real time network view

In addition to the active security available within Ranger Administrator, LAN Ranger allows network managers to interact with the network either on demand, at a certain time or when a particular event occurs.

On Demand

Using LAN Rangers Network Explorer tab the network manager can start and stop programs, log users off, shutdown the computers or take screenshots for one or many computers at a time.

Rule based

Using LAN Rangers Ranger React tab you have all the controls available in LAN Rangers Network Explorer however these actions can be scheduled or configured to run based on a network event being triggered. For example if a specific application is started more than 5 times, like winword.exe, the program can be closed down.

Logging

It's one thing to know that your network is locked down, but with Ranger you can also monitor, audit and report on user actions so you can find out what the network users are trying.

Regardless of security option used, when an incident occurs Ranger will log the event, displayed in real time within LAN Ranger status log viewer. Historical events in the Status Log can then be queried allowing you to filter the logs down to specific events such as user or time of day.

Reporting

In addition to the status log filter, HTML based reports can be generated. The dynamic HTML reports allow the information to be analysed by drilling through the results, manipulating the data to show the information you are looking for. The reports can then be printed, ideal for management reporting.