Controlling access to Bluetooth devices
This protection type allows you to control how Bluetooth devices are used on user workstations.
SES Evolution makes it possible to monitor when Bluetooth devices are connected and disconnected, by generating logs if Audit mode is enabled in an audit rule set. Access to Bluetooth devices can also be blocked in a protection rule set.
Security rules can be configured to filter Bluetooth devices based on their class. To understand Bluetooth classes, refer to the IEEE standard on Bluetooth.
NOTE
If a multifunction Bluetooth device is blocked by a rule, all of its functions will be blocked. For example, if a rule blocks the use of the microphone class, headsets will also be blocked.
To create rules for Bluetooth devices:
- Select the Security > Policies menu and click on your policy.
- Select a rule set.
- Click on the Devices > Bluetooth tab.
- If you are in read-only mode, click on Edit in the upper banner.
- Click on Add > Rule (Bluetooth devices). A new line is displayed.
- On the left side of the rule, click on
to add Bluetooth device identifiers. - Enter a name for each identifier.
- Select the device’s service class and major class.
- Click on OK.
- In the Access field, select Allow or Block if you are in a protection rule set, or Allow or Audit if you are in an audit rule set. Skip rule set allows you to ignore all the rules contained in this rule set and evaluate the next rule set.
- In the upper banner in the rule, you can:
- Make the rule passive. Passive rules behave like standard rules but do not actually block any actions. The agent only generates logs that indicate which actions security rules would have blocked.
Use this mode to test new restriction rules, determine their impact, and make the necessary adjustments before disabling Passive rule mode. For further information on testing rules and policies, refer to Testing security policies. - Select the log settings that this rule will send.
- Specify whether an action must be performed when a log is sent for this rule.
- Enter a comment.
- Enter a description to explain what this rule aims to achieve.
- Make the rule passive. Passive rules behave like standard rules but do not actually block any actions. The agent only generates logs that indicate which actions security rules would have blocked.
- The row number of each rule appears on its left. Rearrange the sequence of your rules if you need to, by clicking on the arrows above and below the row number.
- Click on Save at the top right of the window to save changes.
If you only want to monitor the use of Bluetooth devices in the pool:
- Create a Bluetooth device rule in an audit rule set.
- Create an identifier that includes all Bluetooth device classes.
- Select Audit as the action in the Access field.
- Analyze logs that are generated every time a device is connected and disconnected.