Careers & Certifications

04:00 AM
Connect Directly
RSS
E-Mail
50%
50%

PatchLink's Sanctuary

The suite helps IT administrators put teeth in corporate policies.

On the application security front, there are options that provide more flexibility than simply allowing or disallowing applications to run. We recently reviewed BeyondTrust Privilege Manager, which lets administrators elevate user rights as needed; it doesn't, however, eliminate the malware risk.

IRON-FISTED CONTROL
Sanctuary deals with the threat of malware from untrusted sources, such as rogue Internet applications, by referring to trusted lists of application groups. It uses the SHA-1 hashing algorithm to create "signatures" of allowed applications. Only those apps that are members of an allowed group can run.

While similar functionality is available to Windows administrators using Active Directory Group Policy, it's much easier to manage with a tool like Sanctuary. The Group Policy editor isn't the best place to manage application file names and hashes, while Sanctuary was designed specifically for this purpose. It also computes hashes for you, eliminating an extra step.

The whitelist database is built from scans of Sanctuary client computers, specified by IT. The logical approach is to dedicate systems with up-to-date operating system and application versions to serve as reference machines. Scans are initiated remotely from the administrative console, and results are compared against a reference database of known file definitions and predefined file groups. Allowing or denying permission for a subset of users to run a program then becomes a function of associating the file group with an object in your enterprise directory. We tested this feature by denying the use of Mozilla Firefox for an Active Directory user group.

The reference machines must be kept up to date and rescanned regularly, of course, but Sanctuary allows administrators to automate this process. The current version of the Sanctuary suite also lets IT block execution of VBScript, Microsoft Office VBA, and JavaScript files en masse. If you need to allow a specific script, you'll need to change the setting to prompt for all running scripts, which is far from desirable.

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
16
IT Hiring: Social Media Matters
Marcia Savage, Managing Editor, Network Computing,  8/27/2014
3
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed