If you have implemented security measures to safeguard your data and systems but are still uncomfortable, then WatchGuard ServerLock is the next step. By default, it protects critical system (dll, vxd, ocx, exe, bat, drv, etc) files, registry entries and user accounts against modification, addition/ deletion on a server. You can also define your own files, directories, or registry keys you want to protect. However one inconvenience here is that it doesn’t let you browse through directories. You have to manually enter the path for each file or directory. Further, it doesn’t support the * wildcard, so you can’t protect all files in a directory with one rule, but have to explicitly define all file extensions you want to protect. You can however protect parent directories of a set of files.
|
Moving to other good security features of ServerLock. You can’t install any software unless ServerLock is disabled. The same applies if you want to add, delete or modify users accounts. It gives standard ‘Access Denied’ messages if you try to modify a protected item.
We reviewed ServerLock for Windows 2000/NT. Security measures kick in from the installation itself. You must provide it with a strong administrator password, having at least seven characters, lowercase, uppercase, and punctuations. This password is critical because even a system administrator cannot disable ServerLock features without it.
Since it doesn’t block read access to data, it cannot be used to protect against data stealing. Another drawback is that it does not protect domain user accounts in the Active Directory.
Shekhar Govindarajan at PCQ Labs