Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kaspersky Security center 10 documentation

3,925 views

Published on

Kaspersky Security center 10 SP1 MR2 documentation

Published in: Technology
  • Thanks for this documentation!!!!!!!!!!!!!!!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Kaspersky Security center 10 documentation

  1. 1. 1 | P a g e Contents Introduction................................................................................................................................2 Licensing and Activation ...........................................................................................................2 Architecture................................................................................................................................3 A. Network Agents...........................................................................................................3 B. Administration Console...............................................................................................3 C. Administration Server .................................................................................................3 D. Database ......................................................................................................................3 Management Tools.....................................................................................................................4 A. Tasks............................................................................................................................4 B. Commands...................................................................................................................4 C. Policies ........................................................................................................................5 D. Groups and selections..................................................................................................5 System Requirements for Administration Server ......................................................................5 Software requirements ...........................................................................................................5 Ports used by Kaspersky Security Centre 10 .........................................................................6 Hardware requirements..........................................................................................................7 Security Center Initial Deployment ...........................................................................................8 Installation process.................................................................................................................8 Remote Deployment of Kaspersky Endpoint Security for Business .......................................24 Phase 1: Creating Groups.....................................................................................................25 Phase 2: Discovering and adding client computers to groups .............................................29 Phase 3: Automatic Installation of KSC Network Agent +KSE..........................................32 Creating Polices .......................................................................................................................36 Creating a Task:........................................................................................................................62 1- Update antivirus definitions.............................................................................................62 2- Virus scanning .................................................................................................................67
  2. 2. 2 | P a g e Introduction Kaspersky Security Center 10 Service Pack 1 Maintenance Release 2 offers the ability to manage multiple operating systems and device types in one integrated platform. The security administrator can manage the all Windows Desktops and Servers,OSx, Linux, Novell, VMware,iOS, Android, Symbian and Windows Mobile devices from a single unified console. This document is intended to provide guidance to successfully test Kaspersky Security Center 10 SP1 MR 2 and its managed components successfully in a controlled manner. Licensing and Activation The new licensing scheme offers the following options: A. Kaspersky Endpoint Security for Business Core allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption and control components. It covers the components installed as part of Basic installation on workstations. In Kaspersky Security Center 10, the Core option provides the protection functionality, except for new features - system management and mobile device management. B. Kaspersky Endpoint Security for Business Select allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption. It covers the components installed as part of Standard installation, both on workstations and file servers. Kaspersky Security 10 for Mobile is also supported. In Kaspersky Security Center 10, the Select option provides the standard protection features and mobile device management. C. Kaspersky Endpoint Security for Business Advanced in Kaspersky Endpoint Security 10 for Windows allows using all protection components, including encryption. It covers the components installed as part of Full installation, both on workstations and file servers. KasperskySecurity 10 for Mobile is also supported. In KasperskySecurity Center10 SP1MR2, the Advanced option provides encryption and system management, in addition to features covered by the Select option.
  3. 3. 3 | P a g e Architecture A. Network Agents An agent is a link between the central point (Administration Server) and anti-virus installed on a workstation. It receives settings and commands for the anti-virus and is responsible for their execution. It is also responsible for receiving the data necessary for the anti-virus, in particular, for updates. In the opposite direction, from the anti-virus to the central point (Administration Server), the agent relays the current anti-virus status, command execution results and other information that may interest the administrator. B. Administration Console Console is the interface of the management system. The administrator uses the console to examine managed computers’ status,modify their settings, and run commands. The administrator communicates with Kaspersky Security Center via the console. C. Administration Server Server is the core component of the management system that provides data storing and routing. The server stores the settings specified by the administrator for all anti-viruses, receives from the agents’ information on computers’ protection status, and transmits administrator’s commands. The server also processes information. If the administrator needs a report, not just list of events,Administration Server operates data and transfers the report to be displayed in the console. D. Database Administration Server stores some information in the database. In particular, all events received from the computers, and management system events. The database stores not all system information. For example, anti-virus settings are stored asfiles in the Administration Serverfolder of KasperskySecurity Center. E. All together All Kaspersky Security Center components are connected and work via the Administration Server. The Serverimplements all centralized management functions. The administrator usesthese Serverfunctions via the Console. Network Agents perform these functions at network computers.
  4. 4. 4 | P a g e Management Tools A. Tasks Tasksare used for performing actions that have a clear startand logical finish. For example, on-demand scanning. It has a list of objects to be scanned; when started,scans these objects one by one and finishes when all objects are scanned. According to the same principle, updating is a task: when started, connection to the update source is established, the list of available updates and the updates are downloaded. The operation finishes when the downloaded updates are deployed. As a tool for managing actions that have a distinct start,a task has a schedule. As a tool for managing computer groups, a task has its scope—the list of computers where it is to be run. B. Commands Unlike a task that is finished sometime after it starts, a command is an action that is performed virtually instantly and whose result is important immediately. Running a command can be delayed for the time
  5. 5. 5 | P a g e necessaryfordelivering the command to the computer, but whenthe command is received,it is executed immediately. For example, computer connection check is a command. Immediate result—the connection is either established or not. Running a task manually is also a command. Result—the task is either running or returns an error. As a command’s result is important immediately, commands have no schedule, they are always run manually. As a centralized management tool, a command has a scope just like a task. C. Policies A policy defines permanent anti-virus properties: for example, rules for processing network connections, report storing time, heuristics level. A policy is, in a sense, the main tool for protection management, as it is in policy where permanent computer protection parameters are specified. A policy hasno schedule. Anti-virus properties defined by a policy are valid until the policy is changed.A policy, as a task, has a scope. D. Groupsand selections A group is a permanent set of computers. Groups are mainly used for defining policy scope: a collection of computers sharing a common policy is a group. As only one policy can be applied to a computer, a computer cannot be included in two groups. Not only a policy, but also tasks may be applied to a group. In addition to groups, Kaspersky Security Center features selections—situational sets of computers having common characteristics. For example, computers running Windows XP or computers where threats were detected over the last 24 hours. A selection can be used as a task or command scope. Policies do not apply to selections. System Requirements for AdministrationServer Softwarerequirements The supported operating systems and requirements for them are listed below:  Windows Server 2003  Windows Server 2003 x64  Windows Server 2008  Windows Server 2008 (kernel-mode )  Windows Server 2008 x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows Server 2008 R2  Windows Server 2008 R2 (kernel-mode )  Windows XP Professional Service Pack 2  Windows XP Professional x64  Windows Vista Service Pack 1  Windows Vista x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows 7  Windows 7 x64 In addition to the operating system, the following software is necessary:
  6. 6. 6 | P a g e  Microsoft.NET Framework 2.0 (is included in the distribution kit)  Microsoft Data AccessComponents 2.8 (is included in the distribution kit) Ports used by Kaspersky Security Centre10 To ensure that Kaspersky Security Center 10 SP1 MR2 components are functioning correctly, following ports, described in table below, should be open. These are default ports and most of them could be changed.
  7. 7. 7 | P a g e Notice: In case of externalSQL server TCP 1433 and UDP 1434 ports will be used. Hardwarerequirements Minimum hardware requirements are as follows:  CPU:Intel Pentium® 1 GHz or higher (1.4 GHz is the minimum for a 64-bit OS)  RAM: 4 GB  Free disk space:10 GB (When using the Systems Management functionality, at least 100 GB of free disk space should be available).
  8. 8. 8 | P a g e Security Center Initial Deployment Installation process Installation can be either custom or typical. During the typical installation, the administrator is prompted to:  Accept the license agreement for Kaspersky Security Center  Select installation type (Typical)  Specify network size  Accept the license agreement for Kaspersky Endpoint Security (is necessary to install its plug-in) Four options are represented for the network size:  Less than 100 computers on network  From 100 to 1000 computers in the network  From 1000 to 5000 computers on network  More than 5000 computers on network
  9. 9. 9 | P a g e 1- Welcome screen
  10. 10. 10 | P a g e 2- Accept the End User License Agreement
  11. 11. 11 | P a g e 3- Select the custom installation
  12. 12. 12 | P a g e 4- If you plan to manage mobile devices or integrate with Cisco NAC,select the relevant modules:
  13. 13. 13 | P a g e 5- Choose the size of your environment:
  14. 14. 14 | P a g e 6- Allow Security Center setup to create an administrative account or select an existing administrator from Active Directory:
  15. 15. 15 | P a g e 7- Specify an account for Kaspersky Security Center services :
  16. 16. 16 | P a g e 8- Select the type of database to be used - We choose SQL database:
  17. 17. 17 | P a g e 9- Select SQL authentication mode:
  18. 18. 18 | P a g e Kaspersky Security Center will create a networked shared folder for things like standalone installation packages; you can modify the location of that folder here:
  19. 19. 19 | P a g e By default, the Kaspersky Network Agent will communicate over ports 13,000 and 14,000 you have the options of changing this default:
  20. 20. 20 | P a g e Select how you wish the server to be identified. It is recommended to use a static IP address to avoid DNS resolution issues, handle split domain environments, and deploy Kaspersky Security for Virtualization and Mobile Device Management most effectively:
  21. 21. 21 | P a g e 10- Select application plug-ins to manage Kaspersky applications for the operating system you want to protect:
  22. 22. 22 | P a g e 11- Begin the installation:
  23. 23. 23 | P a g e Wait till the installation complete:
  24. 24. 24 | P a g e Finalize the installation: Launch Kaspersky Security Center from the Start Menu, and follow the prompts of the Quick Start Wizard. During this process, the initial virus definition database download will begin and will take severalminutes to complete, depending on your internet connection speed. At this point, the initial installation of the management is considered to be complete. Remote Deployment ofKaspersky Endpoint Security for Business Requirements for Client Computers: Necessary Firewall Ports are open: TCP: 139, 445 UDP: 137, 138 orFirewall is turned off.
  25. 25. 25 | P a g e Phase 1: Creating Groups Step 1: Go to the “Tasks” tab in the “Managed Computers” group or to the desired sub-group and create a new task. In our situation, we created nine groups, one for each school: - Yasmina School - Al Bateen,School - Al Mamoura School - Al Mushrif School - Al muna Primary School - PearlPrimary School - West Yas School - Al ain International School - HQ Site And we created desired sub-groups inside each one of them - staffs,student and servers.
  26. 26. 26 | P a g e
  27. 27. 27 | P a g e
  28. 28. 28 | P a g e
  29. 29. 29 | P a g e Phase 2: Discovering and adding client computers togroups
  30. 30. 30 | P a g e
  31. 31. 31 | P a g e
  32. 32. 32 | P a g e Phase 3: Automatic Installation of KSC NetworkAgent +KSE
  33. 33. 33 | P a g e
  34. 34. 34 | P a g e
  35. 35. 35 | P a g e
  36. 36. 36 | P a g e Creating Polices A policy applies to a group of managed computers. Each group has the Policies node which contains all policies applied to the group.
  37. 37. 37 | P a g e Select the application for which you want to create a group policy
  38. 38. 38 | P a g e
  39. 39. 39 | P a g e 1- Application Startup Control: Application Startup Control allows the administrator to restrict the program start on the client computer. Program start permissions are specified in special rules. When a program starts,the following conditions are checked: 1- The category to which the program belongs 2- The account that starts the program 3- The rules regulating the start of this program category for this account If at least one rule that allows starting the program is met, and there are no matching blocking rules, the start is allowed. If there are no allowing rules, or there are both allowing and blocking rules for this account to start a program of this category, the start is prohibited. The list of rules is specified in the KES policy, in the Application Startup Control section. Initially, the list contains two standard rules that cannot be deleted:
  40. 40. 40 | P a g e  Allow all—a rule allowing start of all programs. The rule is enabled by default. Disabling it is dangerous, it can result in operating system failure on the client computers if alternative allowing rules are not configured  Trusted updaters—if this rule is enabled, the applications installed by trusted updaters will not be blocked even if there are no allowing rules for them. It is a special KL category that includes programs that download and install module updates, for example, Adobe Updater. The rule is disabled by default—it is used only in a special mode of Application Startup Control. 2- Application privilege Control This component keeps track of application activities in the system and regulates the activity of applications depending on their status.
  41. 41. 41 | P a g e 3- Device control The component allows controlling the connection of removable drives.
  42. 42. 42 | P a g e 4- Web Control: The component allows controlling access to web resources depending on their content and location.
  43. 43. 43 | P a g e Configuration ofprotection settings:
  44. 44. 44 | P a g e 1- General protection settings:
  45. 45. 45 | P a g e Trusted zone
  46. 46. 46 | P a g e Trusted Applications
  47. 47. 47 | P a g e Network ports
  48. 48. 48 | P a g e 2- File Antivirus: This component resides in RAM, scanning all opened, saved, and active files to ensure maximum protection at all times
  49. 49. 49 | P a g e
  50. 50. 50 | P a g e 3- Mail Antivirus This component scans incoming and outgoing messages for dangerous objects. The following protocols are supported: POP3, SMTP, IMAP, MAPI, and NNTP.
  51. 51. 51 | P a g e 4- Web Antivirus This component scans inbound traffic on your computer
  52. 52. 52 | P a g e
  53. 53. 53 | P a g e
  54. 54. 54 | P a g e 5- IM Anti-virus This component protects traffic for the following instant messaged: ICQ,MSN, AIM, Mail.Ru Agent, and IRC.
  55. 55. 55 | P a g e 6- Network Attack blocker KasperskyEndpoint Security for windows detects anddefends your computer against network activity and attacks that could dangerous.
  56. 56. 56 | P a g e 7- System watcher
  57. 57. 57 | P a g e
  58. 58. 58 | P a g e Kaspersky Security Network (KSN) is a specialsecurity network which allows users to get: additional protection level; applications reputation data; websites reputation data; quick reaction on new threats
  59. 59. 59 | P a g e
  60. 60. 60 | P a g e
  61. 61. 61 | P a g e
  62. 62. 62 | P a g e Creating a Task: 1- Updateantivirusdefinitions
  63. 63. 63 | P a g e
  64. 64. 64 | P a g e
  65. 65. 65 | P a g e
  66. 66. 66 | P a g e
  67. 67. 67 | P a g e 2- Virusscanning
  68. 68. 68 | P a g e
  69. 69. 69 | P a g e
  70. 70. 70 | P a g e
  71. 71. 71 | P a g e ------------------------------------------------Endofthe document---------------------------------------------------------

×