Bomgar Box™ Secure Deployment Guide

Symantec-Recommended Security Settings

PDF Version (387KB)   Email This Item

Administration Interface: User Accounts

The following recommendations exist for functionality that is accessible through the Administration Interface and then by clicking on the "USER ACCOUNTS" tab. The recommendations are split into two subsections; the first involves attributes that can be set on an individual account level. The second subsection details recommendations that can be applied to group policies.

The Bomgar Box™ allows for users to be segmented into teams based on discipline, areas of expertise, or other attributes. Support recipients may then be routed to the team that is most appropriate to address their issue.

In addition to teams, the Bomgar Box™ allows for the use of group policies. Group policies allow administrators to define common attributes and apply them to multiple users. Symantec recommends the use of group policies to segment functionality and to apply the principal of Least Privilege Access. A hypothetical example of group policies would be the segmentation of support representatives into three separate groups: Representative Trainees, Representatives, and Managers.

In this scenario, Representative Trainees could be configured to have the ability to access the appliance, but would not be allowed to initiate remote screen sharing sessions with support recipients. Upon completion of their training, trainees would then be placed into the "Representative" group.

Representatives are full-fledged users that would be able to initiate remote screen sharing sessions to support users. They would be publicly visible on the website and would be allowed to transfer files to the support recipient's computer. This group would most likely consist of the majority of your support representatives. An additional sub-group may exist that has all the functionality of the Representatives group, but records all screen sharing sessions. This group could be used to monitor representatives that have just completed their training.

The Managers group would be comprised of shift or department managers. These individuals would be allowed to access the Bomgar Box™ reports, add files to the File Store, update the HTML design of the appliance and edit the Canned Messages. In this hypothetical environment, the functionality would not normally be needed by the support desk representatives. In order to comply with the concept of Least Privilege Access, this functionality would be restricted to managers.

Symantec recommends the use of group policies to tailor the level of access granted to support representatives based on business requirements and documented roles and responsibilities within your organization.

The Bomgar Box™ provides the ability to allow the support recipient to determine the level of access granted to his or her computer. Upon enabling this feature, when a support session is initiated, a dialog box will appear on the support recipient's computer. He or she will be prompted to authorize the level of access that the support representative will be given. The client's selection is then saved within a report. In addition, a support recipient may retake control of his or her computer or terminate the support session if required, at any time.