Public Lockdown

NOTE: In order to use Network Security's Web User Interface after locking down *PUBLIC, you must create rules to grant PTWEB access to four server functions. See Web Browser Help for details.

Once you are confident you have spent enough time and study looking at the historical data, and have the allowed SERVER user rules in place, it is time to block the potential for all other unauthorized access. This process is known as public lockdown. In addition to rejecting public access, during this process, you will instruct Network Security to trigger an immediate alert for all rejected transactions so they can be promptly addressed.

If you are using Central Administration to manage multiple systems, note that the default *PUBLIC rules cannot be copied to Endpoints. Each default *PUBLIC Rule will need to be changed to *REJECT manually for all Endpoints individually.

ClosedLocking down your servers - web browser
  1. On the Rules screen, click one of the *PUBLIC user rules.
  2. Choose Lookup to the right of the Authority field and choose *REJECT.
  3. Under Audit, select Yes.
Edit Rule screen
  1. Click Save.
  2. Repeat these steps for the next server, until all servers have been locked down.
NOTE: Reject rules may have an immediate impact once added. You may get calls from users who think they should have access to a service no longer permitted, or users whose job description has changed, requiring different accesses. On implementation of public lockdown, plan to run regular rejected transaction reports. See Transaction Report Menu.
ClosedLocking down your servers - green screen
  1. From the Main Menu, choose option 2, Work with Security by User.
  2. Choose 2 to change one of the *PUBLIC rules.
  3. Change Audit to Y. Repeat for all the *PUBLIC rules so they will all be audited.
  4. Choose 2 on the *PUBLIC rule for a server you want to lock down.
  5. Set Authority to *REJECT. Change one server to *REJECT (with Aud=Y) at a time, then monitor and respond to any subsequent access requirements.
  1. Repeat these steps for the next server, until all servers have been locked down.
NOTE: Reject rules may have an immediate impact once added. You may get calls from users who think they should have access to a service no longer permitted, or users whose job description has changed, requiring different accesses. On implementation of public lockdown, plan to run regular rejected transaction reports. See Transaction Report Menu.

Recommendation – Use a message management process such as Powertech Interact to be notified of reject messages (with Msg set to Y) in real time.

 

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.17 | 201803210423