Information Security for the Enterprise Home About Us Contact Us
ISC
Mideye
ControlGuard
Support
Buy Online
Brochure

PolicyAgent™

Overview

PolicyAgent gives the system administrator control over most user-configurable settings within SecretAgent and SpyProof!, ensuring that program usage conforms to a specific organizational security policy. Default settings for nearly all user interface elements and all functional aspects of the two programs may be specified and (optionally) locked against modification by the end-user. PolicyAgent also provides control over the SecretAgent optional key recovery capability.

PolicyAgent 5.7 for Windows may be used to generate security policies for use with SecretAgent for Windows, Mac OS X, and UNIX (Java GUI only) as well as for SpyProof!

What You Can Control

  • which tokens and precisely which combinations of algorithms can be used for encryption and key generation
  • whether users can generate their own self-signed certificates and use the self-signed certificates of others as recipients
  • CA-specified key type/size requirements and target e-mail address for PKCS#10 certificate request generation and transmission
  • default RDN values, validity periods, and usage extensions for the generation of (self-signed) certificates and PKCS#10 certificate requests
  • the list of trusted root certificates and whether CRL checking of all recipient and signer certificates is mandatory
  • the output format and algorithm options available to the user in the Encrypt dialog
  • whether users can cache the passwords for their private key files (with or without a timeout period)
  • the configuration of organizational LDAP queries
  • the cryptographic actions to be audited (controls the creation of entries in the event log)
  • the URL to be opened when a user selects the "Support on the Web" help menu item
  • the local key recovery policy (determines whether key recovery is mandatory and, if so, specifies the certificates of individual and “shared-secret” groups of Key Recovery Agents)


As the following screenshot of the PolicyAgent panel for the SecretAgent Preferences dialog illustrates, default settings may be specified and optionally locked against user modification:



How It Works

PolicyAgent presents a series of configuration panels that let you specify your security policy settings. (You may also load an existing policy and reconfigure it.) The program then generates a digitally signed security policy file. Once installed on a system, the policy file acts by controlling the behaviour of the SecretAgent, Certificate Explorer, and SpyProof! applications running on that system.

On Windows, if a security policy is present in the software distribution source directory during install, SecretAgent's Setup program will automatically install it. (SecretAgent for Windows Setup program may only be run by a user with administrator rights. Security policy settings are always digitally signed by a designated security officer, but on Windows NT4/2000 they are further protected by strict registry access controls.)

SecretAgent for Windows can be configured by PolicyAgent to periodically poll a designated corporate server for (digitally signed) software updates and (digitally signed) security policy updates. This mechanism allows an enterprise to "push out" to their end-users software patches as well as updated policies (with, say, new trusted root certificates or new CRL distribution points) whenever the situation calls for it. Individual end-user machines need not be reconfigured individually and the update process is completely user-transparent.

Encryption & Trust
SecretAgent
SpyProof
PolicyAgent
  Key Recovery Utility
Document Access Server
CertAgent
Credential Management
Development Tools
Technical Information
Brochures

© Copyright 2006 tamtech Solutions Ltd