For production deployments, you can take the following steps to secure an audit and monitoring service installation:
- Use the Installation group policy to specify which installation agents and collectors are part of. By enabling the Installation group policy you can prevent local administrators from configuring a computer to be part of an unauthorized installation.
- Configure a trusted group of collectors to prevent a hacker from creating a rogue collector to collect data from agents.
- Configure a trusted group of agents to prevent a hacker from performing a Denial of Service attack on the collector and database by flooding a collector with false audit data.
- Encrypt all data sent from the collector to the database.
Before you can follow these steps to secure an installation, you must have access to an Active Directory user account with permission to create Active Directory security groups, enable group policies, and edit Group Policy Objects.
- Open the Group Policy Management console.
- Expand the forest and domain to select the Default Domain Policy object.
- Right-click, then click Edit to open Group Policy Management Editor.
- Expand Computer Configuration > Policies > Centrify DirectAudit Settings, then select Common Settings.
- Double-click the Installation policy in the right pane.
- On the Policy tab, select Enabled.
- Click Browse to select the installation you want to secure, then click OK.
- Click OK to close the Installation properties.