• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Kl 010.10 mdm_eng_labs_v.1.02
 

Kl 010.10 mdm_eng_labs_v.1.02

on

  • 199 views

Kaspersky Mobile Device Management Manual

Kaspersky Mobile Device Management Manual

Statistics

Views

Total Views
199
Views on SlideShare
199
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Kl 010.10 mdm_eng_labs_v.1.02 Kl 010.10 mdm_eng_labs_v.1.02 Document Transcript

    • Lab Guide MobileDeviceManagement KasperskyEndpointSecurityandManagement Technical Training KL 010.10
    • Version 1.02 Kaspersky Lab www.kaspersky.com FOR INTERNAL USE ONLY
    • L10.1–1 Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server Lab 10.1 Adding Exchange ActiveSync Mobile Devices Server Lab objective. Install Exchange ActiveSync mobile devices server and connect it to Kaspersky Security Center. Scenario. The decision to apply the corporate security policy to employees’ mobile devices (smartphones and tablets) has been made in the company. Exchange ActiveSync is selected for connecting Android devices. Being responsible for the network security, you would like to manage the profiles via KSC Administration Console. For this purpose, it is necessary to install the Mobile Devices Server from KSC distribution on the Exchange server. Contents. The following computers are used in this lab: — DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server) In this lab, we will: 1. Install management plug-in of MDM for Exchange ActiveSync 2. Connect Exchange to KSC 3. Prepare KSC and Exchange for the installation of the Mobile Devices Server 4. Install Exchange ActiveSync mobile devices server Preparation Turn on the DC domain controller and Exchange mail server. Security-Center Exchange 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Exchange 4. Log on to the abcAdministrator account. Password—Ka5per5Ky FOR INTERNAL USE ONLY
    • L10.1–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 1 Install management plug-in of MDM for Exchange To be able to manage MDM for Exchange, you need to install the corresponding plug-in. This can be achieved during initial installation of the Server or Administration Console. In this task we will manually install the plug-in.  Security-Center Exchange 1. Close the Administration Console if already open 2. In the Administration Server distribution folder, find and run the PluginsMDM4Exchangeklcfginst.msi file 3. Wait until the MSI completes ● Task 2 Connect Exchange to KSC MDM for Exchange can only be installed on a computer where Microsoft Exchange Server 2007 or 2010 and KSC Network Agent are installed already. In this task we will install the Network Agent.  Security-Center Exchange 1. Open KSC Administration Console FOR INTERNAL USE ONLY
    • L10.1–3 Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server Security-Center Exchange 2. Select the Remote installation / Installation packages node 3. Open the properties of the Network Agent package created by default and make sure that the correct Administration Server address is specified there 4. Close the package properties 5. Install the Network Agent package on the Exchange computer using a task for specific computers:  Select the computer among Unassigned computers / ABC  Select to move the computer after the installation to Managed computers / Servers  Account: abcadministrator, password— Ka5per5Ky FOR INTERNAL USE ONLY
    • L10.1–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Exchange 6. Wait for the installation to complete and make sure that Exchange has appeared in the Managed computers / Servers node ● Task 3 Prepare KSC and Exchange for the installation of the Mobile Devices Server Make sure that there is a key that allows managing Mobile Devices Servers on the Administration Server and enable Windows authentication for the standard PowerShell web site on Exchange. It is disabled by default. FOR INTERNAL USE ONLY
    • L10.1–5 Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server  Security-Center Exchange 1. Open the Administration Server properties and switch to the Keys section 2. Add the MDM license key from the handout USB flash drive 3. Click View restrictions to make sure that the key enables management of mobile device servers FOR INTERNAL USE ONLY
    • L10.1–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Exchange 4. Close the properties of the Administration Server 5. Open the Start menu 6. In the search filed, type inetmgr and press ENTER 7. Open the Exchange / Sites / Default Web Site / PowerShell node 8. In the IIS area, double-click the Authentication component to open its properties FOR INTERNAL USE ONLY
    • L10.1–7 Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server Security-Center Exchange 9. Select Windows Authentication and click Enable in the task pane on the right 10. Close the Internet Information Services (IIS) Manager window ● FOR INTERNAL USE ONLY
    • L10.1–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 4 Install Exchange ActiveSync mobile devices server In this task, we will install MDM for Exchange.  Security-Center Exchange 1. Find the installer of MDM for Exchange on the handout USB flash drive and start it 2. On the welcome page of the wizard, click Next 3. Accept the license agreement and click Next 4. Leave Standard mode (default) and click Next FOR INTERNAL USE ONLY
    • L10.1–9 Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server Security-Center Exchange 5. Specify the domain administrator account, password—Ka5per5Ky, and click Next 6. On the following page, click Next 7. On the following page, click Install and wait for the installation to complete 8. Click Finish FOR INTERNAL USE ONLY
    • L10.1–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Exchange 9. In KSC Administration Console, select the Mobile devices / Mobile devices servers node and find Exchange ActiveSync mobile devices server there 10. Open its properties, switch to the Mailboxes section and make sure that alex@abc.lab is there ● Conclusion In this lab we installed a mobile device server for Exchange, which acts as a connection gateway between the mobile devices and the Administration Server. It supports all devices that can work with Exchange ActiveSync, and enable the administrator to manage Exchange ActiveSync policies directly from KSC Administration Console. In the next lab we will study how to change and apply the corporate password policy for mobile devices. FOR INTERNAL USE ONLY
    • L10.2–1 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Lab 10.2 Applying Corporate Security Policy via Exchange ActiveSync Lab objective. Create and apply the corporate security policy to a mobile device connected to the network via Exchange ActiveSync. Scenario. The decision was made that smartphones and tablets can connect to the corporate resource via ActiveSync. Now it is necessary to create a security policy for them and apply it. Firstly, password protection for all employees should be enforced whilst configuring automatic deletion of the information if an incorrect password is entered several times. Contents. The following computers are used in this lab: — DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. Create a profile for the Sales department 2. Apply it to the Alex account 3. Make sure that it is fully applied Preparation Turn on the DC domain controller and Exchange mail server. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it 6. From Eclipse system menu, run Windows | Android Virtual Device Manager FOR INTERNAL USE ONLY
    • L10.2–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch 9. Drag the button to the right to unlock the phone FOR INTERNAL USE ONLY
    • L10.2–3 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Desktop 10. Click to display the applications 11. Run the Email application FOR INTERNAL USE ONLY
    • L10.2–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management 12. In the window that opens, type Alex credentials: alex@abc.lab, Ka5per5Ky password and click Manual setup 13. Select Exchange FOR INTERNAL USE ONLY
    • L10.2–5 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync 14. Make the following changes:  Domain name: abcalex  Server name: exchange.abc.lab  Select the Accept all SSL certificates checkbox 15. Scroll the page down (click in the lower part of the virtual smartphone screen and drag up) and click Next FOR INTERNAL USE ONLY
    • L10.2–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management 16. Click OK to allow the Exchange Server to control security features of the device 17. On the following page, scroll the page down and click Next FOR INTERNAL USE ONLY
    • L10.2–7 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync 18. Click Activate to confirm the decision 19. Click Next and complete the account setup FOR INTERNAL USE ONLY
    • L10.2–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management 20. Make sure that the synchronization is completed successfully—there are no error messages Task 1 Create a profile for the Sales department In this task you will create a profile that will be applied to the devices of employees working in the Sales department. Specify the requirement to use passwords on the devices, which must contain both characters and digits, and prohibit simple passwords.  Security-Center Desktop 1. Open KSC Administration Console FOR INTERNAL USE ONLY
    • L10.2–9 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Desktop 2. Select the Mobile devices / Mobile devices servers node and open the properties of Exchange ActiveSync mobile devices server 3. Open the Mailboxes section 4. Click Change profiles… 5. Click Add FOR INTERNAL USE ONLY
    • L10.2–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 6. In the profile name field, type Sales and switch to the Passwords section 7. Edit the settings as follows:  Select the Alphanumeric password checkbox  Decrease the Minimum number of character sets to two  Clear the Allow simple password checkbox 8. View the other settings and click OK to save the profile FOR INTERNAL USE ONLY
    • L10.2–11 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Desktop 9. Apply the profile: select the alex@abc.lab account and click Assign profile… 10. Select Sales and click OK 11. Click OK to apply the changes and close the mobile devices server properties window ● Task 2 Apply the policy to the mobile device Synchronize the smartphone with Exchange ActiveSync, receive and apply the new policy. FOR INTERNAL USE ONLY
    • L10.2–12 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management  Security-Center Desktop 1. Click to start synchronization 2. Read the Couldn’t open connection to server due to security reasons message FOR INTERNAL USE ONLY
    • L10.2–13 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Exchange 3. Wait for the message with new settings— icon will appear in the upper-left corner of the window. This may take several minutes 4. Pull down the Notifications panel (click the black bar in the upper part of the screen and drag it down) 5. Click the Security update required notification FOR INTERNAL USE ONLY
    • L10.2–14 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Exchange 6. In the Security update window, click OK 7. Click Password FOR INTERNAL USE ONLY
    • L10.2–15 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Exchange 8. Type a password that meets the policy settings (for example, 111q) and click Continue 9. On the subsequent page, re-type the password and click OK ● Task 3 Check whether the policy is applied See how smartphone reacts to an incorrect password. FOR INTERNAL USE ONLY
    • L10.2–16 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management  Security-Center Desktop 1. Start the synchronization and wait for its successful completion 2. Click twice to lock and unlock the phone 3. Type an incorrect password several times until the error message appears FOR INTERNAL USE ONLY
    • L10.2–17 Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync Security-Center Desktop 4. Click OK 5. Type the correct password and unlock the smartphone 6. Click to go to the home screen ● Conclusion In this lab we studied the procedure of applying the corporate security policy to a smartphone connected to the computer via ActiveSync. You can also control iOS security settings similarly, via the Apple Push Notification Service. This is covered in more detail in the theoretical part of the course. In the following lab, we will install Kaspersky Security for Mobile on the smartphone of the Alex user. FOR INTERNAL USE ONLY
    • L10.2–18 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management FOR INTERNAL USE ONLY
    • L10.3–1 Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile Lab 10.3 Preparing Deployment of Kaspersky Security 10 for Mobile Lab objective. Prepare KSC Administration Server for deploying Kaspersky Security for Mobile. Scenario. The company management decided to allow employees connecting corporate mobile devices to the local network. In the near future, Kaspersky Security 10 for Mobile will be installed on them. The administrator should prepare for it: create groups, relocation rules and policies. Contents. The following computers are used in this lab: — DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. Modify configuration of the Administration Server and Administration Console 2. Create a subgroup for mobile devices in Managed computers 3. Create a policy for Kaspersky Security for Mobile 4. Create and publish a standalone installation package for Kaspersky Security for Mobile Preparation Turn on the DC domain controller and Exchange mail server. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it 6. From Eclipse system menu, run Windows | Android Virtual Device Manager 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch FOR INTERNAL USE ONLY
    • L10.3–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 1 Modify Administration Server configuration To be able to manage mobile devices, the following steps are required:  Install the Administration Console plug-in for Kaspersky Security 10 for Mobile  Add the Mobile devices support component to the Administration Server  In the configuration of the Administration Server, open the ports to be used for mobile device management  Security-Center Desktop 1. Close the Administration Console if it is open 2. On the handout USB flash drive, find the distribution of Kaspersky Security 10 for Mobile and run klcfginst.exe 3. Accept the license agreement and click Install 4. Wait until the MSI completes 5. Click Start 6. In the Search programs and files field, type appwiz.cpl and press ENTER FOR INTERNAL USE ONLY
    • L10.3–3 Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile Security-Center Desktop 7. Select Kaspersky Security Center Administration Server and click Uninstall/Change 8. On the welcome page of the wizard, click Next 9. Select Modify FOR INTERNAL USE ONLY
    • L10.3–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 10. Select Mobile devices support and click Next 11. In the Administration Server address field, type 10.28.0.20 and click Next 12. Click Modify 13. On the following page, click Finish FOR INTERNAL USE ONLY
    • L10.3–5 Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile Security-Center Desktop 14. On the shortcut menu of the server node, select Properties to open the Administration Server properties 15. Switch to the Settings tab 16. Select the Open port for mobile devices checkbox and click OK ● Task 2 Create a subgroup for mobile devices Create a subgroup Managed computers / Mobile devices. FOR INTERNAL USE ONLY
    • L10.3–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management  Security-Center Desktop 1. Select the Managed computers node and open the Groups tab 2. Click Create a subgroup 3. Type Mobile devices for the subgroup name 4. Make sure that the Mobile devices subgroup has appeared in the Managed computers group ● FOR INTERNAL USE ONLY
    • L10.3–7 Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile Task 3 Create a policy for Kaspersky Security 10 for Mobile Prepare a policy for Kaspersky Security 10 for Mobile.  Security-Center Desktop 1. Open the Managed computers / Mobile devices group and switch to the Policies tab 2. Create a policy for Kaspersky Security 10 for Mobile. Name it Policy – Kaspersky Security 10 for Mobile, and leave the default values for all parameters. Do not forget to add a license key. Ask the instructor about its location FOR INTERNAL USE ONLY
    • L10.3–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 3. This is the last step ● Task 4 Create and publish a standalone installation package for Kaspersky Security 10 for Mobile Create a standalone package for Kaspersky Security 10 for Mobile. It will be automatically published on the KSC web server.  Security-Center Desktop 1. Select the Remote installation / Installation packages node FOR INTERNAL USE ONLY
    • L10.3–9 Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile Security-Center Desktop 2. Create a new installation package:  Installation package for a Kaspersky Lab application  Name: Kaspersky Security 10 for Mobile  The distribution file can be found on the handout USB flash drive 3. Select the created package and click Create stand-alone installation package 4. Create a standalone package with the Install Network Agent along with this application option disabled 5. Click View the list of stand-alone packages to open the list of standalone packages available on the server FOR INTERNAL USE ONLY
    • L10.3–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 6. Make sure that the Kaspersky Security 10 for Mobile package is displayed on the list 7. Close the list of standalone packages ● Conclusion In this lab we prepared the Administration Server for deploying Kaspersky Security 10 for Mobile. The only required step is modifying the configuration of the Administration Server (to provide Mobile Devices support); as far as the other actions are concerned, they are optional but very useful. For example, the policy is the only way to remotely install a license key on a mobile device. By default, synchronization with the Administration Server takes place every six hours. Therefore, it is recommended to prepare the policy beforehand in order for the license key to be installed on the device at the next available synchronization. In the next lab, we will deploy Kaspersky Security for Mobile. FOR INTERNAL USE ONLY
    • L10.4–1 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Lab 10.4 Deploying Kaspersky Security 10 for Mobile Lab objective. Install Kaspersky Security for Mobile. Scenario. Deployment of Anti-Virus protection on mobile devices continues. Now, we will install Kaspersky Security 10 for Mobile on all employees’ smartphones and tablets that are allowed to connect to the corporate network. Contents. The following computers are used in this lab: — DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. E-mail Alex a link to the Kaspersky Security 10 for Mobile installation package published on the Administration Server 2. Receive the message on the smartphone, download and install the application 3. Find the smartphone of the Alex user in the Administration Console and move it to Managed computers / Mobile devices 4. Test Kaspersky Security for Mobile with the EICAR test file 5. Test synchronization of the smartphone with the Administration Server Preparation Turn on the DC domain controller and Exchange mail server. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it FOR INTERNAL USE ONLY
    • L10.4–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management 6. From the Eclipse system menu, run Windows | Android Virtual Device Manager 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch Task 1 Send a link to Kaspersky Security 10 for Mobile installation package to Alex Send a message with a request to install Kaspersky Security 10 for Mobile and a link to the installation package to the alex@abc.lab user.  Security-Center Desktop 1. In the Administration Console, select the Remote installation / Installation packages node 2. Click View the list of stand-alone packages FOR INTERNAL USE ONLY
    • L10.4–3 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 3. Find Kaspersky Security 10 for Mobile on the list and copy the link from the URL field 4. Close the list of standalone packages 5. Open Internet Explorer and go to https://exchange.abc.lab/owa/ 6. Select Continue to this website (not recommended) FOR INTERNAL USE ONLY
    • L10.4–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 7. Log on to the ABCAdministrator account, password—Ka5per5Ky, and click Sign in 8. Click New FOR INTERNAL USE ONLY
    • L10.4–5 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 9. Compose and send a message:  Addressee—alex@abc.lab  In the message body, specify the link to the installation package published on the web site (see step 3 of this task) http://10.28.0.20:8060/dlpkg?id=19387187 Click Send 10. Close the Internet Explorer window ● Task 2 Download and install Kaspersky Security for Mobile Turn on the smartphone and receive the message from the administrator in the alex@abc.lab inbox configured there, download and install Kaspersky Security for Mobile.  Security-Center Desktop 1. Open the smartphone 2. Open the Email application FOR INTERNAL USE ONLY
    • L10.4–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 3. Click to start synchronization 4. Receive a message from the administrator and click it FOR INTERNAL USE ONLY
    • L10.4–7 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 5. Click the link and download the installation package. This may take several minutes 6. Click to return to the home screen 7. Click to open the list of installed applications 8. Run Downloads FOR INTERNAL USE ONLY
    • L10.4–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 9. Click the downloaded package (dlpkg.apk) 10. Click Install to install the application FOR INTERNAL USE ONLY
    • L10.4–9 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 11. Wait for the installation to finish 12. Click Open to open the application FOR INTERNAL USE ONLY
    • L10.4–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 13. Click Next on the welcome page of the wizard 14. Click Disable FOR INTERNAL USE ONLY
    • L10.4–11 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 15. Select Deactivate 16. Click OK FOR INTERNAL USE ONLY
    • L10.4–12 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 17. Click Next 18. Click Activate FOR INTERNAL USE ONLY
    • L10.4–13 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 19. Click Start app 20. Study the interface of Kaspersky Security for Mobile ● FOR INTERNAL USE ONLY
    • L10.4–14 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 3 Apply the KSC policy to the smartphone After the first connection to the Administration Server, the smartphone will be displayed in the Unassigned computers / Domains / KMS10 node by default. The name of the last folder can be changed in the properties of the installation package. Move the smartphone to the Managed computers / Mobile devices group created during the previous lab.  Security-Center Desktop 1. In the administration console, open the Unassigned computers / Domains node 2. In the KSM10 folder, find the smartphone icon 3. Drag the smartphone to the Managed computers / Mobile devices node FOR INTERNAL USE ONLY
    • L10.4–15 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 4. Click Additional 5. Click Synchronization FOR INTERNAL USE ONLY
    • L10.4–16 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 6. Wait for the synchronization to complete and click Close 7. Wait for the message informing that the password is not in compliance with the policy and click OK FOR INTERNAL USE ONLY
    • L10.4–17 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 8. If prompted for a password, type the old password (111q) and click Next 9. Click Password FOR INTERNAL USE ONLY
    • L10.4–18 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 10. Type a new password, for example, 1111111q, and click Continue 11. Confirm the new password and click OK FOR INTERNAL USE ONLY
    • L10.4–19 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 12. Click to return to the home screen ● Task 4 Test health of Kaspersky Security for Mobile Try to download the EICAR test virus and receive a message about the detected virus. To immediately send information about this event to the Administration Server, start synchronization manually (according to the schedule specified in the policy, automatic synchronization is performed every 6 hours.)  Security-Center Desktop 1. Click to start the browser 2. Type eicar.org/download/eicar.com in the address bar and press ENTER FOR INTERNAL USE ONLY
    • L10.4–20 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 3. Read the message about detected virus 4. Click to return to the home screen 5. Click to open the list of installed applications 6. Open Downloads FOR INTERNAL USE ONLY
    • L10.4–21 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 7. Click eicar.com 8. Read the error message 9. Click to return to the home screen FOR INTERNAL USE ONLY
    • L10.4–22 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 10. Click to open the list of installed applications 11. Find and click Security 10 for Mobile 12. Click Additional 13. Scroll down and click Synchronization FOR INTERNAL USE ONLY
    • L10.4–23 Lab 10.4. Deploying Kaspersky Security 10 for Mobile Security-Center Desktop 14. Wait for the synchronization to finish and click Close ● Task 5 Test smartphone connection to the KSC Administration Server Find the Alex’s smartphone in the Administration Console. Pay attention to the virus counter.  Security-Center Desktop 1. Go to Managed computers / Mobile devices 2. Find the Alex’s smartphone there FOR INTERNAL USE ONLY
    • L10.4–24 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 3. Select the smartphone. Look through the connection statistics, pay attention to the virus counter 4. Double-click the smartphone to open its properties and look through the available fields 5. Close the properties window ● Conclusion In this lab we studied deployment of Kaspersky Security 10 for Mobile explained through the example of an Android smartphone. In the following labs, we will study protection settings including Anti-Virus protection, encryption, blocking of lost devices and blocking specified programs from starting. FOR INTERNAL USE ONLY
    • L10.5–1 Lab 10.5. Managing Applications by Other Manufacturers Lab 10.5 Managing Applications by Other Manufacturers Lab objective. Oblige employees to use Nitrodesk TouchDown for reading corporate e-mail from their mobile devices and to set a password for it. Scenario. The corporate policy allows employees reading corporate e-mail on their devices using Nitrodesk TouchDown. That is why you will enforce installation of TouchDown, and make password protection required for TouchDown to decrease the probability of unauthorized access to confidential information (for example, in case the smartphone is lost). Contents. The following computers are used in this lab: — DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. Publish a container with the Nitrodesk TouchDown installation package on the KSC Administration Server 2. Enforce its installation in the Kaspersky Security for Mobile policy 3. Require protecting TouchDown with a password in the container properties 4. Test how it works Preparation Turn on the DC domain controller. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it 6. From the Eclipse system menu, run Windows | Android Virtual Device Manager 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch FOR INTERNAL USE ONLY
    • L10.5–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 1 Create a container for Nitrodesk TouchDown Download the installation package of Nitrodesk TouchDown for Android to the Administration Server. To create a container, select the Create container with the selected app check box in the package adding wizard.  Security-Center Desktop 1. In the Administration Console, select Remote installation / Installation packages 2. Click Manage packages of mobile applications to open the list of applications for mobile devices 3. Click New FOR INTERNAL USE ONLY
    • L10.5–3 Lab 10.5. Managing Applications by Other Manufacturers Security-Center Desktop 4. Type the name of the new package—Nitrodesk TouchDown and click Next 5. Find the installation file of Nitrodesk TouchDown for Android—nitroid-droid.apk—on the handout USB flash drive 6. Specify the path to the installation file, select the Create container with the selected app checkbox and click Next 7. Wait for the wizard to complete and click Finish FOR INTERNAL USE ONLY
    • L10.5–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 8. TouchDown will appear in the list of applications in Mobile applications packages management 9. Close Mobile applications packages management ● Task 2 Make TouchDown required and password-protected In the policy of Kaspersky Security for Mobile, enforce installation of TouchDown, and in the properties of its container configure the password protection requirement. FOR INTERNAL USE ONLY
    • L10.5–5 Lab 10.5. Managing Applications by Other Manufacturers  Security-Center Desktop 1. In the Administration Console, switch to the Policies tab of the Managed computers / Mobile devices node 2. Open the policy of Kaspersky Security for Mobile 3. Switch to the App Control section and click Add FOR INTERNAL USE ONLY
    • L10.5–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 4. Add TouchDown:  Select Required on the drop-down list  Click the Select button to specify the TouchDown package in the Application package field 5. Click OK 6. In the policy of Kaspersky Security for Mobile, switch to the Containers section FOR INTERNAL USE ONLY
    • L10.5–7 Lab 10.5. Managing Applications by Other Manufacturers Security-Center Desktop 7. Double-click the TouchDown container to open its properties 8. On the Authorization drop-down list, select User sets a password, select the Require repeated authorization after (minutes) check box, and type 10 minutes. Then click OK 9. To activate container management, close the lock in the upper-right corner of the window, and select the Encrypt saved data check box 10. Click OK to close the policy ● Task 3 Make sure that the policy is applied correctly Synchronize the smartphone with the Administration Server. Download the new policy requiring to install TouchDown, install it, read the message requesting for a password, set a password. FOR INTERNAL USE ONLY
    • L10.5–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management  Security-Center Desktop 1. Open Kaspersky Security for Mobile: pull down the Notifications panel (click the black bar in the upper part of the screen and drag it down) and then click Kaspersky Security 10 for Mobile 2. Click Additional FOR INTERNAL USE ONLY
    • L10.5–9 Lab 10.5. Managing Applications by Other Manufacturers Security-Center Desktop 3. Click Synchronization to synchronize 4. Wait for the synchronization to complete and click Close FOR INTERNAL USE ONLY
    • L10.5–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 5. Wait for the message requiring to install TouchDown (it may take several minutes) and click Download 6. Wait until the application is downloaded: another icon of Kaspersky Security will appear in the taskbar 7. Pull down the Notifications panel and click Nitrodesk TouchDown: download complete FOR INTERNAL USE ONLY
    • L10.5–11 Lab 10.5. Managing Applications by Other Manufacturers Security-Center Desktop 8. Click Install 9. Wait for the installation to complete and click Open FOR INTERNAL USE ONLY
    • L10.5–12 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 10. Type a password (for example, Ka5per5Ky), then confirm it and click OK ● Conclusion In this lab, we studied how to manage applications on Android devices. Containers are convenient tools for corporate applications dealing with confidential information that are run on personal smartphones or tablets of the employees. For example, the administrator can configure a password to be required only for accessing such an application, and select to encrypt its data only. Aside from that, the smartphone will work as usually. In the next lab, we will learn how to remotely lock a phone. FOR INTERNAL USE ONLY
    • L10.6–1 Lab 10.6. Remote Locking of Mobile Device Lab 10.6 Remote Locking of Mobile Device Lab objective. Remotely lock a smartphone, communicate the unlock code to the user, and unlock the smartphone. Scenario. The user has left the smartphone at a public location. As an administrator, you can remotely lock it and display a contact phone number on the screen. When the user gets the smartphone back, you will communicate them the unlock code. Contents. The following computers are used in this lab: — DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. Configure the message to be displayed on the screen if the smartphone is locked remotely 2. Lock the smartphone 3. Unlock the smartphone Preparation Turn on DC domain controller. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it 6. From the Eclipse system menu, run Windows | Android Virtual Device Manager 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch FOR INTERNAL USE ONLY
    • L10.6–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 1 Configure the message to be displayed on the screen if the smartphone is locked remotely Configure a message to be displayed on the smartphone when locked remotely. For example, type the phone number to be dialed by the person who will find the smartphone and want to restore it.  Security-Center Desktop 1. In the Administration Console, open the Policies tab of the Managed computers / Mobile devices node 2. Find the Kaspersky Security for Mobile policy and double-click it to open 3. Switch to the Anti-Theft section 4. Click Settings in the Device Lock area to open the lock settings FOR INTERNAL USE ONLY
    • L10.6–3 Lab 10.6. Remote Locking of Mobile Device Security-Center Desktop 5. Edit the message: add a phone number, an email, and click OK 6. Click OK to close the policy ● Task 2 Lock the smartphone In the Administration Console, open the smartphone properties and send the locking command.  Security-Center Desktop 1. In the Administration Console, open the Computers tab of the Managed computers / Mobile devices container 2. Find the smartphone icon and double-click it to open its properties FOR INTERNAL USE ONLY
    • L10.6–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 3. Switch to the Applications section 4. Click Properties to open the properties of Kaspersky Security 10 for Mobile application FOR INTERNAL USE ONLY
    • L10.6–5 Lab 10.6. Remote Locking of Mobile Device Security-Center Desktop 5. Switch to the Anti-Theft section 6. Select the Device Lock check box and click Apply 7. Pull down the Notifications panel (click the black bar in the upper part of the screen and drag it down) 8. Click Kaspersky Security 10 for Mobile FOR INTERNAL USE ONLY
    • L10.6–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 9. Click Additional 10. Click Synchronization to start synchronization FOR INTERNAL USE ONLY
    • L10.6–7 Lab 10.6. Remote Locking of Mobile Device Security-Center Desktop 11. After the synchronization, the screen will go blank. Click to turn on the smartphone 12. Read the message informing that the device is locked ● FOR INTERNAL USE ONLY
    • L10.6–8 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 3 Unlock the smartphone Find the unlocking code in the Administration Console and enter it to unlock the smartphone.  Security-Center Desktop 1. Find the unlock code (a 16-digit number) in the properties of Kaspersky Security 10 for Mobile running on the smartphone, at the bottom of the Anti-Theft section FOR INTERNAL USE ONLY
    • L10.6–9 Lab 10.6. Remote Locking of Mobile Device Security-Center Desktop 2. On the smartphone, click Enter secret code 3. Type the unlock code found on the Administration Server and press ENTER FOR INTERNAL USE ONLY
    • L10.6–10 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 4. In the following window, click OK 5. Click to go to the home screen ● Conclusion This lab demonstrates the actions that can be taken if a mobile device is lost. A significant drawback of this scenario is that the device is locked only after a synchronization, which by default takes place only once every 6 hours. In the next lab, we will remotely reset the smartphone to the factory settings to delete all user’s content from it. FOR INTERNAL USE ONLY
    • L10.7–1 Lab 10.7. Remote Reset of Mobile Device (Optional) Lab 10.7 Remote Reset of Mobile Device (Optional) Lab objective. Remotely wipe out information from the smartphone. Scenario. The smartphone where confidential information is stored has been stolen from the user. You decide to preventively delete all data from it instead of trying to find the device. Contents. The following computers are used in this lab: — DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it During the lab, you will: 1. Send the command to reset the smartphone 2. Initiate synchronization on the smartphone 3. Make sure that the smartphone is reset to the factory settings Preparation Turn on DC domain controller. Security-Center Desktop 1. Boot up the computer named Security-Center 2. Log on to the abcAdministrator account. Password—Ka5per5Ky 3. Boot up the computer named Desktop 4. Log on to the abcAlex account. Password— Ka5per5Ky 5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it 6. From the Eclipse system menu, run Windows | Android Virtual Device Manager 7. On the Android Virtual Devices tab, select the Android virtual device and click Start 8. In the window that opens, click Launch FOR INTERNAL USE ONLY
    • L10.7–2 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Task 1 Send the command to reset the smartphone In the Administration Console, open the smartphone properties and send the command that wipes out information.  Security-Center Desktop 1. In the Administration Console, open the Managed computers / Mobile devices container and select the Computers tab 2. Double-click the smartphone icon to open its properties FOR INTERNAL USE ONLY
    • L10.7–3 Lab 10.7. Remote Reset of Mobile Device (Optional) Security-Center Desktop 3. Switch to the Applications section 4. Click Properties to open the properties of the Kaspersky Security 10 for Mobile application FOR INTERNAL USE ONLY
    • L10.7–4 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 5. Switch to the Anti-Theft section 6. Select the Full Reset check box and click Apply 7. Open Kaspersky Security for Mobile: pull down the Notifications panel (click the black bar in the upper part of the screen and drag it down) and click Kaspersky Security 10 for Mobile FOR INTERNAL USE ONLY
    • L10.7–5 Lab 10.7. Remote Reset of Mobile Device (Optional) Security-Center Desktop 8. Click Additional 9. Click Synchronization to synchronize FOR INTERNAL USE ONLY
    • L10.7–6 KASPERSKY LAB™ KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management Security-Center Desktop 10. When synchronization is completed, the smartphone will power off ● Conclusion This is the last lab. We reset the smartphone to the factory settings to wipe the information from it. It should be noted that in real life, the reset command should be sent by SMS, because it will then be carried out immediately, while planned synchronization with the Administration Server is performed only once every 6 hours by default. 1.02 FOR INTERNAL USE ONLY