• No results found

Accounts and Passwords

In document Proofpoint Administration Guide (Page 129-133)

About Administration Privileges

The Proofpoint Protection Server supports these administration privileges:

• Root Administrator - the root administrator:

- has access to all of the licensed Proofpoint Protection Server modules, including Administrators Management privileges.

- can create new administrators of any level (root, super administrators, and administrators) and assign access to the Proofpoint modules.

- can view, log out, delete, and modify other administrators.

- can "unlock" any administrator who has been locked out of the management interface because of repeated login failures.

• Super Administrator - the super administrator:

- can only be created by a root administrator.

- has Administrators Management privileges.

- can only create other administrators.

- can only give access to the licensed modules that he or she also has access to.

- cannot view, log out, delete, or modify other super administrators or root administrators.

• Administrator - the administrator:

- is created by the root administrator or the super administrator.

- cannot view, create, or modify other administrators.

- can only view or have access to the licensed modules or folders in the Quarantine and DLP Incidents that were granted when the account was created.

The Proofpoint Protection Server is configured by default with one account with Administrators Management privileges - the login name is admin and the password is what you determine at the time you installed the Proofpoint Protection Server software or set up the appliance.

When administrators with Administrators Management privileges log in to the Proofpoint Protection Server, the Administrators link is available to them, and they have access to the configuration parameters for all other administrators for the system.

Viewing the Administrator List

Use the Administrator > Administrators page to view current administrators, view administrators (super-users) who have access permission to add and delete other administrators, and to change the information for an existing administrator.

Important: The Administrators page is only available to root administrators and super administrators. Both have Administrators Management access under Managed Modules.

Current Session notes the date and time the administrator has logged in to the Proofpoint Protection Server. If more than one administrator logged in with the same account information, each session for that user displays in this column.

Logout - for each administrator that is currently logged in to a session of the management interface, the Logout button displays under Current Session. You can log an administrator out of a session by clicking Logout.

Unlock - if an administrator is locked out of the management interface because he or she entered an incorrect password, you can allow them access by clicking Unlock.

Access Icons

root administrator super administrator administrator

Adding and Deleting Administrators

Only administrators with Administrators Management privileges can add or delete Proofpoint Protection Server administrators on the Administrator > Administrators page. See About Administration Privileges for detailed descriptions of administrator types.

When you create a root administrator, all of the Managed Modules disappear because the root administrator has access to everything.

When you create an administrator with Administrators Management access, you are creating a super administrator.

To add an administrator, click Add Administrator and fill in the fields in the Add Administrator page. Most of the fields are self-explanatory. Fields that require more description are included here:

Administrator ID - enter the identification name for the administrator. Alphanumeric characters, periods, and dashes are allowed; you cannot use spaces or special characters, and the ID is case-sensitive. This is the name you enter into the Proofpoint Protection Server login screen.

Password - enter the administrator password, and then confirm it in the Re-type Password field. If you have password policies in place, you must adhere to them when entering a password. If the password does not adhere to the password policy, you will see an error message when you click Add Administrator.

Note: The default password policy requires at least seven characters, a mix of digits and letters, and must contain at least one special character.

Change Password On Next Logon - click the On radio button if you want to force administrators to change their password each time they log in to the management interface.

Name - enter the name of the administrator. Alphanumeric characters and periods are allowed. The following special characters are not allowed: " $ ! % & ( ) [ ] { } | \ / ^ ~ ` = + , @ # * : ; < > ? Enter an email address, telephone number, and comment for the administrator, if applicable.

Managed Modules - for each administrator you add, you can control the administrator access to the modules. For each administrator, select the check boxes to add view access and administrative privileges for specific modules.

Module names that are not licensed appear in italics and are only visible to the root administrator.

Modules that are not checked for an administrator are not visible when he or she logs in to the Proofpoint Protection Server. When you select Quarantine or DLP Folders in the Managed Modules table, you have the option of limiting the administrator's access to the folders in the Quarantine or in the Incident Queue. See Folder Access Control in this topic.

Important: If you check the Administrators Management box, the administrator is able to modify the other administrator privileges. This is a super administrator.

Each Module in the Managed Modules list corresponds to the same module in the navigation pane, except where noted here:

- System: controls Settings, Policy Routes, and Custom Modules.

- Server Management: controls Servers, Services, Update Service, Config History, and Backup and Restore.

Click Add Administrator to save your changes.

To delete an administrator from the list, select the administrator and click Delete Administrator and confirm.

Important: If there is only one administrator on the list, you will not be able to delete it because you cannot delete the only administrator who has Administrators Management privileges.

Folder Access Control

When an administrator with full Administrators Management privileges creates an account for another administrator, he or she can control which Quarantine folders the new administrator can view and manage.

When you select Quarantine in the Managed Modules table, you will see a list of Available Folders and Allowed Folders. By default, the new administrator has access to all of the folders. All of the Quarantine folders are listed in the Allowed Folders list.

To limit access to specific folders, you must move the folders you do not want the administrator to have access to from the Allowed Folders list to the Available Folders list. The new administrator will only be able to view and manage messages in the folders left in the Allowed Folders list.

For example, if you create an account for the security officer in your organization and move all of the folders except the Asset and Regulation folders from the Allowed Folders list to the Available Folders list, the security officer will only be able to view and manage messages in those two folders.

The following list describes how Quarantine Folder Access Control is implemented:

Root administrators and super administrators with Administrators Management privileges have access to all of the folders in the Quarantine. By default, this is the admin account.

You cannot restrict Quarantine or DLP folder access for root administrators or super administrators.

You can only restrict DLP folder access for administrators who do not have access to the Groups and Users Managed Module.

• Administrators with Administrators Management privileges have access to all of the folders in the Quarantine. By default, this is the admin account.

• When you add an administrator and select Quarantine under Managed Modules, by default the new administrator has access to all of the folders in the Quarantine.

• To limit access to specific Quarantine folders, select the folders to which you do not want to grant access in the Allowed Folders list and move them to the Available Folders list. Click Add Administrator when you are done.

• An administrator with limited folder access is not allowed to add any other administrators.

• An administrator with limited folder access is not allowed to add or delete folders from the Quarantine. The Add and Delete links are not available on the Quarantine > Folders page. The All check box is not available on the Quarantine > Folders page.

• When an administrator with limited folder access creates a rule, the administrator will only see the Quarantine folders to which he or she has access on the Rule page. An administrator with limited folder access will not be able to create a Quarantine folder from the Rule page.

• When an administrator with limited folder access edits an existing rule, he or she will not be able to change the folder to which the quarantined messages are sent.

• The End User Services > Filters > Folders page will not include the Folders for administrators with limited folder access.

The all selections choice is removed from the list of Quarantine folders on the Quarantine > Messages page for administrators with limited folder access.

• The New Folder choice is removed from the Folder list on the Quarantine > Messages page for administrators with limited folder access.

• The Deleted folder is not accessible to an administrator with limited folder access.

Changing Administrator Parameters

Administrators with Administrators Management privileges can change account information and folder access control for other administrators.

Navigate to the Administrator > Administrators page and click the name of the administrator to change his or her account information.

See Adding and Deleting Administrators for details on folder access control and password syntax.

Changing Account and Password Information

As an administrator, you can change your password, name, and contact information, regardless of your administration privileges. However, you cannot change your access control.

To change your password and contact information, navigate to Administrator > Account and Password and change the information in the fields. Save your changes when you are done.

Important: If password policies are in effect, you must adhere to these policies for your new password to be accepted by the system.

Administrator Password Policy

The Administrator > Password Policy page displays password policies created on the Groups and Users >

Password Policies page and the authentication profiles created on the Groups and Users > Import/Auth Profiles page.

Select the password policy from the list that you want to apply to the Proofpoint administrators, and then click Save Changes. To create additional password policies, click the Manage Password Policies link to take you to the Groups and Users > Password Policies page.

Select the authentication profile from the list that you want to apply to the Proofpoint administrators, and then click Save Changes. To create additional authentication profiles, click the Manage Authentication Sources link to take you to the Groups and Users > Import/Auth Profiles page.

Note: The No Authentication Allowed choice means the administrator will not be allowed to authenticate at all - for example, if an administrator leaves your organization you can select this choice to "lock" the

administrator out of authentication on the Proofpoint Protection Server.

Chapter 6 - Logs and Reports

Log Concepts

The log files from the agent systems are periodically transferred to the master Proofpoint Protection Server, also known as the Log Database Transfer Host. The Log Database Transfer Host (or Config Master) loads the log files into a database and maintains these tables: raw log file data from each Proofpoint Protection Server system, hourly aggregated data, daily aggregated data, and monthly aggregated data. The aggregated data is available for generating reports.

The Log Database Transfer Host provides these logs:

• Filter - log of events generated by the filtering engines.

• Email Command Processor - log of messages that are processed as a result of the end users making requests from their End User Digests.

MTA - log of messages processed by sendmail. The events are collected from /var/log/maillog.

• Regulatory Compliance - events generated by this module.

• Digital Assets - events generated by this module.

• Proofpoint Encryption - events generated by this module.

Log concepts are illustrated in the following diagram.

Each agent in a cluster runs a script named logprexfer.sh that prepares the agent log files for transfer. The master Proofpoint Protection Server runs a script named logcollector.sh that pulls the log files from the agents at specified intervals. It then uses the logparser.sh script to parse the log data into CSV files and the

logloader.sh script to load the CSV files into the master log database.

For each Proofpoint Protection Server in the cluster, the log files are maintained in the directory

${PROOFPOINT_ROOT}/var/spool/logxfer. You can configure the Proofpoint Protection Server to keep "old"

log files in an archive for specified periods of time. For example, the default archival period is 14 days. After 14 days, old log files are removed from the Proofpoint Protection Server database, freeing up disk space. You can change the

In document Proofpoint Administration Guide (Page 129-133)

Related documents