Upload
tarek-amer-msc-ccnp-ccna
View
839
Download
3
Embed Size (px)
Citation preview
ContentsIntroduction................................................................................................................................2Licensing and Activation............................................................................................................2Architecture................................................................................................................................3
A. Network Agents...........................................................................................................3B. Administration Console...............................................................................................3C. Administration Server.................................................................................................3D. Database......................................................................................................................3
Management Tools.....................................................................................................................4A. Tasks............................................................................................................................4B. Commands...................................................................................................................4C. Policies........................................................................................................................5D. Groups and selections..................................................................................................5
System Requirements for Administration Server.......................................................................5Software requirements...........................................................................................................5Ports used by Kaspersky Security Centre 10.........................................................................6Hardware requirements..........................................................................................................7
Security Center Initial Deployment...........................................................................................8Installation process.................................................................................................................8
Remote Deployment of Kaspersky Endpoint Security for Business.......................................24Phase 1: Creating Groups.....................................................................................................25Phase 2: Discovering and adding client computers to groups..............................................29Phase 3: Automatic Installation of KSC Network Agent +KSE..........................................32
Creating Polices.......................................................................................................................36Creating a Task:........................................................................................................................62
1- Update antivirus definitions.............................................................................................622- Virus scanning..................................................................................................................67
1 | P a g e
Introduction
Kaspersky Security Center 10 Service Pack 1 Maintenance Release 2 offers the ability to manage multiple operating systems and device types in one integrated platform. The security administrator can manage the all Windows Desktops and Servers, OSx, Linux, Novell, VMware, iOS, Android, Symbian and Windows Mobile devices from a single unified console.
This document is intended to provide guidance to successfully test Kaspersky Security Center 10 SP1 MR 2 and its managed components successfully in a controlled manner.
Licensing and Activation
The new licensing scheme offers the following options:
A. Kaspersky Endpoint Security for Business Core allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption and control components. It covers the components installed as part of Basic installation on workstations. In Kaspersky Security Center 10, the Core option provides the protection functionality, except for new features - system management and mobile device management.
B. Kaspersky Endpoint Security for Business Select allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption. It covers the components installed as part of Standard installation, both on workstations and file servers. Kaspersky Security 10 for Mobile is also supported. In Kaspersky Security Center 10, the Select option provides the standard protection features and mobile device management.
C. Kaspersky Endpoint Security for Business Advanced in Kaspersky Endpoint Security 10 for Windows allows using all protection components, including encryption. It covers the components installed as part of Full installation, both on workstations and file servers. Kaspersky Security 10 for Mobile is also supported. In Kaspersky Security Center 10 SP1 MR2, the Advanced option provides encryption and system management, in addition to features covered by the Select option.
2 | P a g e
Architecture
A. Network Agents
An agent is a link between the central point (Administration Server) and anti-virus installed on a workstation. It receives settings and commands for the anti-virus and is responsible for their execution. It is also responsible for receiving the data necessary for the anti-virus, in particular, for updates.
In the opposite direction, from the anti-virus to the central point (Administration Server), the agent relays the current anti-virus status, command execution results and other information that may interest the administrator.
B. Administration Console
Console is the interface of the management system. The administrator uses the console to examine managed computers’ status, modify their settings, and run commands. The administrator communicates with Kaspersky Security Center via the console.
C. Administration Server
Server is the core component of the management system that provides data storing and routing. The server stores the settings specified by the administrator for all anti-viruses, receives from the agents’ information on computers’ protection status, and transmits administrator’s commands. The server also processes information. If the administrator needs a report, not just list of events, Administration Server operates data and transfers the report to be displayed in the console.
D. Database
Administration Server stores some information in the database. In particular, all events received from the computers, and management system events. The database stores not all system information. For example, anti-virus settings are stored as files in the Administration Server folder of Kaspersky Security Center.
E. All together
All Kaspersky Security Center components are connected and work via the Administration Server. The Server implements all centralized management functions. The administrator uses these Server functions via the Console. Network Agents perform these functions at network computers.
3 | P a g e
Management Tools
A. Tasks
Tasks are used for performing actions that have a clear start and logical finish. For example, on-demand scanning. It has a list of objects to be scanned; when started, scans these objects one by one and finishes when all objects are scanned. According to the same principle, updating is a task: when started, connection to the update source is established, the list of available updates and the updates are downloaded. The operation finishes when the downloaded updates are deployed. As a tool for managing actions that have a distinct start, a task has a schedule. As a tool for managing computer groups, a task has its scope—the list of computers where it is to be run.
B. Commands
Unlike a task that is finished sometime after it starts, a command is an action that is performed virtually instantly and whose result is important immediately. Running a command can be delayed for
4 | P a g e
the time necessary for delivering the command to the computer, but when the command is received, it is executed immediately. For example, computer connection check is a command. Immediate result—the connection is either established or not. Running a task manually is also a command. Result—the task is either running or returns an error. As a command’s result is important immediately, commands have no schedule, they are always run manually. As a centralized management tool, a command has a scope just like a task.
C. Policies
A policy defines permanent anti-virus properties: for example, rules for processing network connections, report storing time, heuristics level. A policy is, in a sense, the main tool for protection management, as it is in policy where permanent computer protection parameters are specified. A policy has no schedule. Anti-virus properties defined by a policy are valid until the policy is changed. A policy, as a task, has a scope.
D. Groups and selections
A group is a permanent set of computers. Groups are mainly used for defining policy scope: a collection of computers sharing a common policy is a group. As only one policy can be applied to a computer, a computer cannot be included in two groups. Not only a policy, but also tasks may be applied to a group. In addition to groups, Kaspersky Security Center features selections—situational sets of computers having common characteristics. For example, computers running Windows XP or computers where threats were detected over the last 24 hours. A selection can be used as a task or command scope. Policies do not apply to selections.
System Requirements for Administration Server
Software requirements
The supported operating systems and requirements for them are listed below:
Windows Server 2003 Windows Server 2003 x64 Windows Server 2008 Windows Server 2008 (kernel-mode ) Windows Server 2008 x64 Service Pack 1 (Windows Installer 4.5 is necessary) Windows Server 2008 R2 Windows Server 2008 R2 (kernel-mode ) Windows XP Professional Service Pack 2 Windows XP Professional x64 Windows Vista Service Pack 1 Windows Vista x64 Service Pack 1 (Windows Installer 4.5 is necessary) Windows 7 Windows 7 x64
In addition to the operating system, the following software is necessary:
5 | P a g e
Microsoft.NET Framework 2.0 (is included in the distribution kit) Microsoft Data Access Components 2.8 (is included in the distribution kit)
Ports used by Kaspersky Security Centre 10To ensure that Kaspersky Security Center 10 SP1 MR2 components are functioning correctly, following ports, described in table below, should be open. These are default ports and most of them could be changed.
6 | P a g e
Notice: In case of external SQL server TCP 1433 and UDP 1434 ports will be used.
Hardware requirements
Minimum hardware requirements are as follows:
CPU: Intel Pentium® 1 GHz or higher (1.4 GHz is the minimum for a 64-bit OS) RAM: 4 GB Free disk space: 10 GB (When using the Systems Management functionality, at least 100 GB
of free disk space should be available).
7 | P a g e
Security Center Initial Deployment
Installation process
Installation can be either custom or typical. During the typical installation, the administrator is prompted to:
Accept the license agreement for Kaspersky Security Center Select installation type (Typical) Specify network size Accept the license agreement for Kaspersky Endpoint Security (is necessary to install its
plug-in)
Four options are represented for the network size:
Less than 100 computers on network From 100 to 1000 computers in the network From 1000 to 5000 computers on network More than 5000 computers on network
8 | P a g e
1- Welcome screen
9 | P a g e
2- Accept the End User License Agreement
3- Select the custom installation
10 | P a g e
4- If you plan to manage mobile devices or integrate with Cisco NAC, select the relevant modules:
11 | P a g e
5- Choose the size of your environment:
12 | P a g e
6- Allow Security Center setup to create an administrative account or select an existing administrator from Active Directory:
13 | P a g e
7- Specify an account for Kaspersky Security Center services :
14 | P a g e
8- Select the type of database to be used - We choose SQL database:
15 | P a g e
9- Select SQL authentication mode:
16 | P a g e
Kaspersky Security Center will create a networked shared folder for things like standalone installation packages; you can modify the location of that folder here:
17 | P a g e
By default, the Kaspersky Network Agent will communicate over ports 13,000 and 14,000 you have the options of changing this default:
18 | P a g e
Select how you wish the server to be identified. It is recommended to use a static IP address to avoid DNS resolution issues, handle split domain environments, and deploy Kaspersky Security for Virtualization and Mobile Device Management most effectively:
19 | P a g e
10- Select application plug-ins to manage Kaspersky applications for the operating system you want to protect:
20 | P a g e
11- Begin the installation:
21 | P a g e
Wait till the installation complete:
22 | P a g e
Finalize the installation:
23 | P a g e
Launch Kaspersky Security Center from the Start Menu, and follow the prompts of the Quick Start Wizard. During this process, the initial virus definition database download will begin and will take several minutes to complete, depending on your internet connection speed. At this point, the initial installation of the management is considered to be complete.
Remote Deployment of Kaspersky Endpoint Security for BusinessRequirements for Client Computers: Necessary Firewall Ports are open: TCP: 139, 445 UDP: 137, 138 or Firewall is turned off.
24 | P a g e
Phase 1: Creating Groups Step 1: Go to the “Tasks” tab in the “Managed Computers” group or to the desired sub-group and create a new task. In our situation, we created nine groups, one for each school:
- Yasmina School- Al Bateen,School- Al Mamoura School- Al Mushrif School- Al muna Primary School- Pearl Primary School- West Yas School - Al ain International School- HQ Site
And we created desired sub-groups inside each one of them - staffs, student and servers.
25 | P a g e
26 | P a g e
27 | P a g e
28 | P a g e
Phase 2: Discovering and adding client computers to groups
29 | P a g e
30 | P a g e
31 | P a g e
Phase 3: Automatic Installation of KSC Network Agent +KSE
32 | P a g e
33 | P a g e
34 | P a g e
35 | P a g e
Creating Polices
A policy applies to a group of managed computers. Each group has the Policies node which contains all policies applied to the group.
36 | P a g e
Select the application for which you want to create a group policy
37 | P a g e
38 | P a g e
1- Application Startup Control:
Application Startup Control allows the administrator to restrict the program start on the client computer. Program start permissions are specified in special rules. When a program starts, the following conditions are checked:
1- The category to which the program belongs2- The account that starts the program3- The rules regulating the start of this program category for this account
If at least one rule that allows starting the program is met, and there are no matching blocking rules, the start is allowed. If there are no allowing rules, or there are both allowing and blocking rules for this account to start a program of this category, the start is prohibited.
The list of rules is specified in the KES policy, in the Application Startup Control section. Initially, the list contains two standard rules that cannot be deleted:
39 | P a g e
Allow all—a rule allowing start of all programs. The rule is enabled by default. Disabling it is dangerous, it can result in operating system failure on the client computers if alternative allowing rules are not configured
Trusted updaters—if this rule is enabled, the applications installed by trusted updaters will not be blocked even if there are no allowing rules for them. It is a special KL category that includes programs that download and install module updates, for example, Adobe Updater. The rule is disabled by default—it is used only in a special mode of Application Startup Control.
2- Application privilege ControlThis component keeps track of application activities in the system and regulates the activity of applications depending on their status.
40 | P a g e
3- Device controlThe component allows controlling the connection of removable drives.
41 | P a g e
4- Web Control:The component allows controlling access to web resources depending on their content and location.
42 | P a g e
Configuration of protection settings:
43 | P a g e
1- General protection settings:
44 | P a g e
Trusted zone
45 | P a g e
Trusted Applications
46 | P a g e
Network ports
47 | P a g e
2- File Antivirus:
This component resides in RAM, scanning all opened, saved, and active files to ensure maximum protection at all times
48 | P a g e
49 | P a g e
3- Mail Antivirus
This component scans incoming and outgoing messages for dangerous objects. The following protocols are supported: POP3, SMTP, IMAP, MAPI, and NNTP.
50 | P a g e
4- Web Antivirus
This component scans inbound traffic on your computer
51 | P a g e
52 | P a g e
53 | P a g e
5- IM Anti-virus
This component protects traffic for the following instant messaged: ICQ, MSN, AIM, Mail.Ru Agent, and IRC.
54 | P a g e
6- Network Attack blocker
Kaspersky Endpoint Security for windows detects and defends your computer against network activity and attacks that could dangerous.
55 | P a g e
7- System watcher
56 | P a g e
57 | P a g e
Kaspersky Security Network (KSN) is a special security network which allows users to get: additional protection level; applications reputation data; websites reputation data; quick reaction on new threats
58 | P a g e
59 | P a g e
60 | P a g e
61 | P a g e
Creating a Task:
1- Update antivirus definitions
62 | P a g e
63 | P a g e
64 | P a g e
65 | P a g e
66 | P a g e
2- Virus scanning
67 | P a g e
68 | P a g e
69 | P a g e
70 | P a g e
------------------------------------------------End of the document---------------------------------------------------------
71 | P a g e