Continued from the article: Detailed explanation of the functions of the terminal security management system (1).
1. Control ** or illegal network applications, so that the client computer can not use FTP HTTP** by prohibiting ** port, and prevent it from occupying a large amount of network bandwidth by prohibiting the network communication of P2P ** software such as Thunderbolt.
2. Restrict the computer's access to the intranet and the Internet through parameters such as network ports, IP addresses, communication directions, processes, etc., reasonably allocate network traffic, and avoid the risks caused by random information exchange.
3. Establish network separation within the enterprise, such as setting up the computers of the finance department and the R&D department to not access each other. Administrators can also specify a network range to trigger actions such as prompting the end user and disconnecting the access link, or locking the terminal screen if the endpoint network access exceeds the range.
4. Set the LAN segment to effectively distinguish whether the port restriction takes effect on the LAN segment.
5. Support binding IP MAC address to prevent ARP spoofing and attacks.
6. Through the statistical analysis of network traffic, it is found that the computers that abuse network resources are found to reasonably allocate the network resources of the enterprise.
Help managers clearly understand what application software users use, formulate black and white lists, prevent potential risk procedures, and improve work efficiency.
1. Employees can be restricted from installing software that is not related to work, employees are prohibited from uninstalling important application software, and the use of software on employees' computers can be regulated.
2. Support time-based control, allowing managers to manage different types of programs in different periods, such as prohibiting entertainment programs such as playing games and watching movies during working hours, and appropriately loosening restrictions during rest periods to achieve humanized management.
3. Record the start-up and exit of various programs, window title switching and other details.
4. Automatically collect all applications run by clients and provide them to administrators for classification management.
5. Support remote uninstallation of client software, including conventional uninstallation, forced uninstallation, silent uninstallation and batch uninstallation.
6. Count the duration and percentage of users using various applications, and display the statistical results in the form of intuitive and clear charts, so that managers can grasp the user's work status in detail and evaluate the user's work efficiency.
Completely record the whole process of the use and dissemination of documents on the user's computer, find illegal use, and prevent the documents from being illegally tampered with or leaked.
1. Record all operations that occur in the whole life cycle of a document from creation, renaming, modification, opening, copying to deletion.
2. The scope of records includes documents stored in various locations such as local disks, servers, hard disks, optical discs, mobile disks, network disks, etc.
3. When sensitive operations such as modification, copying or deletion occur, the document will be automatically backed up to prevent the file from being damaged or maliciously deleted by the departing employee.
4. The monitoring file program or format can be set, and the file exceeding a certain size can not be backed up to reduce the load pressure of the file backup server.
Classify and standardize the use and permissions of removable storage devices to prevent removable storage leaks.
1. Each mobile storage device (such as USB flash drive, mobile hard disk, etc.) can be authenticated and read and written authorized by user and department.
2. It can prohibit the use of external mobile storage devices within the enterprise, such as prohibiting employees from bringing their own USB flash drive to use within the company; The mobile USB flash drive belonging to the company or department can only be used in the terminal or area authorized by the enterprise to realize the exclusive use of the special disk.
3. The files copied to the mobile storage can be automatically encrypted, and the encrypted documents can only be used on the authorized computer.
4. You can query the USB disk insertion and unplugging and document operation of each computer, and query the copy information of the USB device on the terminal computer according to the time period or file name, including the source path and destination path of the copied file.
More functions: Detailed explanation of the functions of the security management system of Anqishen terminal (3).