ADMINISTERINGF-SECURE POLICY MANAGER

Page 2

Agenda

How to use Policy Manager Console?

• Introducing Anti-Virus Mode and Advanced Mode

• How to find most relevant settings?

How do I manage my environment?

• Domain Management

• Policy Management

• Software Management

• Outbreak Management

Policy Manager Maintenance

CONSOLE INTRODUCTION

Page 4

Policy Manager User Accounts

The Policy Manager Console recognizes two types of users

• Administration mode users

• Read-only mode users

There can only be one administration mode connection to the same Policy Manager Server at the time

• Read-only connections are not limited

In read-only mode the user cannot make any changes to the policy domain, since there is no access to the administration private key

Page 5

Connection Profiles

Each Policy Manager Console requires at least one connection profile

• The default profile is created during console initialization

• Connects by default to the local PMS

Additional Profiles

• Allows managing several servers from one console

• Requires changes to the Apache configuration!

Page 6

Creating Connection Profiles

Default Profile Additional Profile

Page 7

Console Modes

The Policy Manager Console offers two different graphical interfaces

• Anti-Virus Mode

• Optimized for administering F-Secure Anti-Virus Client Security

• Advanced Mode

• Used for deeper product configurations

• Products other than AVCS have to be administered with this mode

• Some settings are only available in this mode!

Page 8

Anti-Virus Mode

Message view• Informative messages• e.g. virus definitions update info

Management tabs• Host configuration and monitoring• Operations management

Policy domain tab• Displays policy domain structure

Page 9

Advanced Mode

Message view• Informative messages• e.g. virus definitions update info

Policy properties pane• Host configuration and monitoring• Operations management

Product help• Field focus help, if policy properties tab selected

Product view pane• Provides most common settings• Functions differ for selected properties tabs (e.g. policy tab)

Page 10

Lost in Settings…

Each F-Secure Product comes with a set of predefined values.

• They can be viewed and changed in the properties pane

• It can be quite challenging and sometimes frustrating to find relevant settings in the properties pane MIB tree structure

Therefore, the Policy Manager Cosole has a special product view (in

the settings pane), providing a more user friendly interface

• Settings are grouped in categories (similar to AV Mode)

• Easier to find important settings, that are nested deep in the MIB structure

Page 11

Management Information Base (MIB)

A set of OIDs that constitute, in practice, the configuration information

for a managed applications

• Separate MIB file for each program

• Needed in order to administrate the program. A default installation of PMC only includes MIBs for F-Secure Anti-Virus Client Security

PMC extracts MIBs from installation packages immediately while

accepting them

• Possible to deactivate MIBs from PMC (faster policy distribution, better visibility of applications in use)

Page 12

How to Find the Most Relevant Settings?

To be able to find settings, it’s important to understand the actual function of each product component

F-Secure Management Agent

• Communication configuration (e.g. PMS address)

• Local user interface configuration (e.g restricting product uninstallation)

• Alert configuration

Point Applications (Anti-Virus and Anti-Spyware, Internet Shield)

• All product related settings

Automatic Update System (Agents and Proxy)

• Communication configuration for virus definitions updates

Page 13

Product View

• Inbuild help view• General settings descriptions• Field focus for policy properties tab

• Category settings• Linked to the data found in the MIB tree structure (properties pane)

• Product view categories• Categories change depending on currently selected properties tab (e.g. policy tab)

Page 14

21

Finding the Management Server Address

1

22

1

34

5

12

3

4

5

POLICY MANAGERADMINISTRATION

Page 16

Domain Management

To use Policy Manager most efficiently it is important to create a well structured policy domain

Possible domain structure

• Root level: Lowest possible policy level (replace “Root” with company name, e.g F-Secure)

• 1st level: Implement the company infrastructure on this level (e.g. different sites)

• 2nd level: Divide your company hardware into logical groups (e.g servers and workstations)

• 3rd level: Divide company workstations in into logical groups (e.g. representing your departments).

• 4th level: Host level (workstations)

Page 17

Adding Hosts

Once you have created your domain structure you are ready to add

hosts

Main methods

• Import hosts directly from your Windows domain

• F-Secure Intelligent Installation (no FSMA required)

• Import hosts through autoregistration

• Needs FSMA (autoregistration request done by FSMA)

• Create hosts manually

• Possible to create base policies for hosts, which will never connect to the PMS communication directory (e.g. gateways)

Page 18

Autoregistration

Each host running FSMA, installed with the correct public administration key, will send an autoregistration request to the PMS

Autoregistered hosts are not imported automatically

• Before importing any host, carefully check the host information

• Never import a host, that you cannot identify (some untrusted party might have installed the product with a correct admin.pub)

Page 19

Host Import Rules

It is possible to automatically place an

autoregistered host into your domain

structure by creating import rules

Import criteria

• Host name (WINS and DNS)

• IP Address

• Custom properties (defined during product installation)

• Rules are read from top to bottom, first rule matching a request will be applied

Page 20

Policy Management

Defining policy domain settings and restrictions and

distribute them to the managed hosts belongs to the

daily routine work for every Policy Manager system

administrator

• But how to change policy settings?

All product settings are provided by the product’s

MIB. Its information is used to define the actual

content of policies

Page 21

Settings

F-Secure product settings are accessible by either browsing the policy

MIB tree or using the product view

• Settings can be defined by setting the values of policy variables

The Policy Manager Console shows two types of variables

• Leaf nodes

• Table cells

Most policy variables have a predefined value/s

• Default values can be overwritten just like any other value!

Page 22

How Strict Should Policies Be?

Central management can only work, if you do not allow the managed

hosts to change critical settings

• Sometimes it’s hard to find the balance between security and usability

• Rule of thumb: Restrict all settings on the root level and start creating special policies on sub-domain level with less restrictions (e.g. certain power user rights for development department)

Policy Manager Console knows two different types of restrictions

• Access restrictions

• Value restrictions

Page 23

Access Restrictions

There are two types of access restrictions

Final

• Always forces the policy

• Incremental policy files are overwritten only when marking a value as final!

• The end-user cannot change the value, as long as the final restriction is set

Hidden

• Hides the value from the end-user

• Unlike the final restriction, the hidden restriction might be ignored by the managed application

Page 24

Value and Table Restrictions

In some situations, the administrator wants to allow access to a

certain setting, but wants to limit the users’ freedom of choice

Value restrictions

• None (no restriction applied)

• Choice (force defined values)

• Range (force defined integer value range)

Table restrictions

• Fixed size (no adding or deleting of rows)

Page 25

Understanding Settings Inheritance

In F-Secure Policy Manager Console, each policy domain

automatically inherits the settings of its parent domain

• If settings are defined on multiple layers, tracking changes can become challenging and frustrating task

• Therefore never define settings directly on the host level!

Page 26

Colors for Better Understanding…

Values on selected policy domain levels are colored as follows

• Black: Value created on the selected domain level

• Gray: Value inherited

• Red: Invalid value

• Dimmed red: Invalid inherited value

Page 27

Setting Inheritance Problem

Tracking of policy changes becomes difficult or impossible

• Symptoms: You created a new setting on a domain or sub-domain level. Some hosts don’t take the setting into use

• Cause: You probably defined certain policy settings directly on host level. Changes made on the domain level will not reach these hosts

• Dilemma: You will most probably never find the hosts, without manually searching. In a large environment, this is impossible

Page 28

Lost Track Over Policies… What Next?

Policy Manager Console provides functions to help you in situations

where you have lost track of policy settings

• Show domain value

• Change value

• Clear value

• Force value / tree

Page 29

Another Setting Inheritance Problem

Situation: You know which

setting is not taken into use on

certain hosts but would like to find

out, how many hosts are actually

affected

Solution: Use “Show Domain

Value” to find out which hosts do not

inherit the setting defined on the

active domain level

Page 30

Force Value vs. Clear Value

If policy values have been defined on multiple levels, there are

two possibilities to reinforce the values from a certain domain

level

• Using “Force value”

• Forces the selected value to all sub-domains and hosts below the selected domain => downward action

• Force value actions cannot be undone (check active domain level before pressing “yes”!)

• Using “Clear value”

• After pressing the clear button, the value will either be inherited or empty, no value has been defined => upward action

Page 31

Software Management

Regular checkups for product updates and product hotfixes should be

a routine for every system administrator

All necessary information can be found through the F-Secure Webclub

• Direct links to latest product releases

• List of product related hotfixes

• Documentation, etc.

Page 32

How To Deploy Updates & Hotfixes?

Centralized (using Policy Manager Console)

• Policy based installation (recommended)

• Preconfigured installation package (e.g. msi package)

Standalone

• Executing the installation package or hotfix locally

Page 33

Virus Outbreak Management

New security threats emerge every day.

• Around 10 viruses are found each day, some of them with the ability of spreading globally within hours!

Policy Manager Outbreak Management

• Latest security news delivered to PMC (radar alerts)

• Host protection status overview

• Automatic virus alert reporting from managed hosts

• Host infections status and reports

Page 34

Outbreak Management

Security News• From the last two weeks• Domain protection overview

Security News Details• Description of Malware• Host protection status• Host connection status• AV Update Delta

Page 35

Virus Alert Reporting

All infections on managed hosts are automatically reported to the

Policy Manager Server

Easiest way to monitor infections in your network is to use the

console’s anti-virus mode

• Virus protection for workstations section (summary tab)

• More info available under virus protection status

• Infection name

• Infected object

• Action taken (e.g. deleted)

Page 36

Virus Outbreak…What next!

1. Disconnect the infected computer/s from the network immediately!

2. Keep on monitoring your network

• If the infection still keeps spreading (e.g. new infection alerts), take down the whole network

• Block all outgoing traffic!

• Make sure that all the hosts have the latest virus definitions

3. Get more information about the infection (virus news)

• Check configuration of corporate hardware and software (e.g. firewalls, content scanners, workstation security settings)

• Download special disinfection tools (test and distribute them to the whole domain)

4. Re-enable the network (after all infected computers are clean!)

5. Inform your employees and partners about the outbreak

MAINTENANCE

Page 38

Backup & Restore Process

Full Backup (recommeded)

• Full backup includes restoring the policy domain structure as well as the alerts, host, statistics, and installation operations

• No Policy Manager Console sessions may be open when creating a backup and Policy Manager Server must be stopped

Policy Data and Domain Structure Backup

• Backup of the fsa\domains directory of Policy Manager Server’s repository (Commdir)

• No Policy Manager Console sessions may be open when creating a backup

Page 39

How to Restore the Backup?

Restoring process

• Stop F-Secure Policy Manager Server and Policy Manager Console services

• Delete old files and copy the backup in place

• Restart services

Page 40

Summary

How to use Policy Manager Console?

• Introducing Anti-Virus Mode and Advanced Mode

• How to find most relevant settings?

How do I manage my environment?

• Domain Management

• Policy Management

• Software Management

• Outbreak Management

Policy Manager Maintenance