Rules
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Rules

      Control Policy and Lockdown Rule Types

      Using the ZeroLock® Management Console (ZMC) there are seven (7) rule types available to the administrator for enacting Control Policies and Lockdowns of the system.

        1. SSH-MFA:  Secure Shell Multi-Factor Authentication allows for restricting SSH access on your ZeroLock protected Linux system and the ability to require two-factor authentication for user connections.
        2. HASH:  One of the most challenging tasks in system administration is restricting the usage of specific applications, and ZeroLock facilitates the performance of this task efficiently. Using this feature, you can block or allow the required applications or executables and apply these restrictions to particular endpoints. Using a HASH, you can also clear false positives.
        3. Canary File:  Canary files help with protection against ransomware by rapidly identifying that an infection has occurred. Canary files are like a canary in a coal mine: a sacrificial test to indicate a hazard. Canary files, and files on canary shares, are files that look desirable for ransomware to infect but are not valuable to the business. 
        4. File Access:  File access rules allow the system administrator to limit the actions performed on a system file and by whom.
        5. Network Access:  Network access rules allow the system administrator to restrict what process has access to networking functionality. Using this functionality, you can limit incoming and/or outbound network traffic.
        6. Program Execution:  Program Execution rules allow the system administrator to restrict what programs are executed on a system.
        7. Ordered Ruleset:  Is a Lockdown rule type that allows for multiple rules, that are evaluated in a specific order, to be added as a single rule. The system compares a proposed action to the first rule to see if it meets the rule's criteria. If it does, the processing of the action stops, if it doesn't, it goes to the following rule, etc.   This type of lockdown rule allows the administrator to easily add groups of rules to multiple policies knowing that they will be processed in the required order.