Objective.
This lab focuses on installing the Security Center Antivirus Management Server.
Preliminary information.
Before proceeding with the installation, you need to decide on a general scenario for deploying anti-virus protection. The two main scenarios offered by the Security Center developers are:
- - deployment of anti-virus protection inside three organizations;
- - deployment of anti-virus protection for the client organization's network (used by organizations acting as ssrvisnroviders). The same scheme can be used within an organization with several remote subdivisions, whose computer networks are administered independently of the head office network.
In these labs, the first scenario will be implemented. If you plan to use the second one, then you will additionally need to install and configure the Web-Console component. And here it is necessary to say about the architecture of the Security Center. It includes the following components:
- 1. Administration Server, which performs the functions of centralized storage of information about the LAN programs installed in the organization's network and their management.
- 2. Administration agent interacts between the Administration Server and the LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
- 3. Administration Console provides a user interface for managing the Server. Administration Console is made as a component of an extension to Microsoft Management
Console (MMS). It allows you to connect to the Administration Server both locally and remotely, via a local network or via the Internet.
4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection of the network of a client organization managed by Kaspersky Security Center. The use of this component will not be explored in this laboratory workshop.
- 1. Installing and configuring Administration Server and Console.
- 2. Creation of administration groups and distribution of client computers among them.
- 3. Remote installation on client computers of the Network Agent and anti-virus programs of the LC.
- 4. Updating signature databases of LC programs on client computers.
- 5. Configuring notifications about anti-virus protection events.
- 6. Launching the on-demand scan task and checking the operation of event notifications on client computers.
- 7. Analysis of reports.
- 8. Configuring automatic installation of anti-virus programs on new computers in the network.
This lab will review the implementation of the first stage. In fig. Figure 5.35 shows a diagram of a laboratory bench that simulates a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center Server and Administration Console on the AVServ.
Figure: 5.35.
Table 5.5
Differences in versions of the distribution kit of Kaspersky Security Center 9.0
|
Component |
Full |
|
|
version |
version |
|
|
Administration Server distribution kit |
||
|
Kaspersky Endpoint Security for Windows distribution kit |
||
|
Network Agent distribution kit |
||
|
Microsoft SQL 2005 Server Express Edition |
||
|
Microsoft .NET Framework 2.0 SP1 |
||
|
Microsoft Data Access Component 2.8 |
||
|
Microsoft Windows Installer 3.1 |
||
|
Kaspersky Security Center System Health Validator |
The Security Center distribution kit can be downloaded from the link http://www.kaspersky.com/downloads-security-center. In this case, you can choose the version of the downloaded distribution kit - Lite or full. Table 5.5 lists the differences in distributions versions for version 9.0, which was used in the preparation of the descriptions of the laboratory works. To run the laboratory, you will need the full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.
Description of work.
After completing the preparatory steps, launch the Security Center installation program on the AVServ server. After the welcome window, you will be prompted for a path to save the files required during the installation process, another welcome window and a license agreement window will appear, which must be accepted to continue the installation process.
When choosing the type of installation, mark the "Custom" item, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.
If you select the "Standard" option, the wizard will install the Administration Server together with the server version of Network Agent, Administration Console, application management plug-ins available in the distribution kit, and Microsoft SQL Server 2005 Express Edition (if it has not been installed earlier).
The next step is to select the server components to be installed (Fig. 5.36). We need to install the Administration Server, and leave a check mark on this item.
We will not use Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network.
Also, as part of the laboratory workshop, it is not planned to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components now.
The selected network size affects the setting of values \u200b\u200bfor a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after server installation.
You will also need to specify the account under which the administration server will run, or agree to create a new record (Fig. 5.37).
In previous versions of Windows (for example, when installing on Windows Server 2003), the System Account option may appear in this window. In any case, this entry must have administrator rights, which will be required both for creating a database and for the subsequent operation of the server.
Table 5.6
Parameters set based on network size
|
Parameter / number of computers |
100-1000 |
1000-5000 |
More |
|
|
Display in the console tree of the node of slave and virtual Administration Servers and all parameters associated with slave and virtual Servers |
absent |
absent |
present |
present |
|
Displaying sections Safetyin the properties windows of the Server and administration groups |
absent |
absent |
present |
present |
|
Creating a Network Agent policy using the Quick Start Wizard |
absent |
absent |
present |
present |
|
Random distribution of the start time of the update task on client computers |
absent |
within 5 minutes |
within 10 minutes |
within 10 minutes |
Figure: 5.37.
The next step is to select the database server to use (Fig. 5.38). For data storage Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express editions 2005, 2008) or MySQL Enterprise. In fig. 5.38, andthe window for selecting the type of DBMS is shown. If the MySQL server is selected, you will need to specify the name and port number for connection.
If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work we will use the recommended configuration, which implies the installation of MS SQL Server 2005 Express along with the installation of the Security Center (Fig.5.38, b).
Figure: 5.38.
After selecting SQL Server as the DBMS used, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).
To store installation packages and distribute updates, the administration server will use a shared folder. You can specify an existing folder or create a new one. The default share name is KL8NAKE.
Figure: 5.39.
You can also specify the port numbers used to connect to the Security Center Server. TCP port 14000 is used by default, and TCP port 13000 is used for SSL-protected connections. If you cannot connect to the administration server after installation, you should check if these ports are blocked by the Windows firewall. In addition to those mentioned above, UDP port 13000 is used to send information about shutdown of computers to the server.
Next, you will need to specify how the administration server is identified. It can be ip address, DNS names or NetBIOS. In the virtual network used for the laboratory workshop, a Windows domain is organized and a DNS server is present, so we will use domain names (Figure 5.40).
Figure: 5.40.
The next window allows you to select the plug-ins to be installed to manage the anti-virus programs of the PC. Looking ahead, we can say that the product will be deployed Kaspersky Endpoint Security 8 for Windows, the plug-in for which we will need (Fig. 5.41).
Figure: 5.41.
After that, the selected programs and components will be installed on the server. When the installation is complete, the Administration Console will be launched or, if you unchecked the checkbox in the last window of the installation wizard, launch it from the Start menu -\u003e Programs -\u003e Kaspersky Security Center.
Exercise 1.
Install the Administration Server on the AVServ virtual machine as described.
Initial server configuration is performed when the console starts. At the first step, you can specify activation codes or license key files for the LC antivirus products. If you have a "corporate" key for several computers, with the default settings, the key will be automatically distributed by the server to client computers.
Figure: 5.42.
You can also agree or refuse to use Kaspersky Security Network (KSN), a remote service for providing access to the Kaspersky Lab's knowledge base about the reputation of files, Internet resources and software.
The next step is to configure settings for notifying the anti-virus protection administrator by e-mail. You need to specify the mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the lab does not have a suitable mail server, you can skip this step and make the settings later.
If the Internet is accessed through a proxy server, you will need to specify its parameters. After passing this stage, the automatic creation of standard policies, group tasks and administration tasks will be performed. They will be discussed in more detail in the next laboratory work.
Figure: 5.43.
The next step is to automatically start downloading updates. If the download has started successfully, you can, without waiting for the end of the message, click the Next button and after the initial configuration wizard finishes, go to the main Administration Console window (Fig. 5.43). It should show that there is one managed computer on the network (along with the administration server, the administration agent was installed on the AVScrv computer), on which there is no anti-virus protection. This is regarded as a critical event.
Task 2.
Complete the initial server setup.
Separately, the administration console can be installed from the Console folder of the distribution disk by running the Setup program. If you are using a distribution kit downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default, this is the C: KSC9 ussianConsole folder.
Figure: 5.44.
Task 3.
Install the Security Center Administration Console on the Stationl .labs.local virtual machine. Check the connectivity to the AVServ.labs.local server. To do this, in the console window, you must specify its address or name (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).
Figure: 5.45.
Figure: 5.46.
If the connection fails, check if the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through the Control Panel: System and Security -\u003e Windows Firewall -\u003e Allow the program to run through Windows Firewall. The appropriate permissive settings must be present, see fig. 5.46 (the names of the rules remain the same as in the previous version of the product - Kaspersky Administration Kit).
Dear Colleagues! Today I want to tell you about the Administration System of Kaspersky Anti-Virus. The thing, I can tell you, is very interesting.
With it, you can take control of all computers of your organization in terms of allowing / prohibiting the opening of sites, allowing / prohibiting the launch of programs, including in certain categories (for example, you can prohibit the launch of all browsers except for certain ones), allow / deny connection any equipment - flash drives, hard disks, etc. (for example, to prevent users from leaking information), also automate key updates for Kaspersky Anti-Virus, minimize traffic consumption when updating anti-viruses (after installing KSC and configuring anti-viruses installed on workstations, they will be updated from this server, not from the Internet). To install KSC 10 version, according to the technical consultant of the Kaspersky Lab in the Volga Federal District - Pavel Alexandrov, a Windows OS (not necessarily a server one) is suitable with at least 2-4 GB of RAM. Recently, the Smart Solutions company held a Practical Workshop on laptops, where your humble servant could personally get acquainted with this creation of the Kaspersky Lab. Kaspersky Security Center 10, as Pavel said, is provided free of charge for those who own a corporate license for KES (Kaspersky Endpoint Security) 10. Fortunately, our colleagues, programmers / system administrators of budgetary institutions of the Republic of Tatarstan, do not need to buy anything - all the necessary the toolkit is available from the GIST network at kav.tatar.ru. And also, for your convenience, colleagues, I am posting video tutorials kindly provided by Igor Alexandrovich, a specialist of the company NovaInTech -> Link to video tutorials on Youtube ... If after watching the video you still have any questions, I will gladly help you on Skype (lisischko).
P.S. You can make your Kaspersky Anti-Virus management server subordinate to the CIT KSC, I will not say what advantages this gives - I did not do this myself, but this is described on the website kav.tatar.ru
Note1: The list of executable files was not replenished on the server, even with the newly created Inventory task, until the checkbox was ticked in the section “Additional parameters” - “Reports and storages” - Inform the administration server “About running programs” in the Anti-Virus policy.
Note4: From time to time everything starts to freeze on computers controlled by KSC. The task manager showed that the system was loaded by the process "Kaspersky Security Center Vulnerability Assessment & Patch Management Component" (executable file vapm.exe). The analysis of the problem showed that at the time of the system's brakes, the task “Search for vulnerabilities and required updates” was being performed, transferring this task to manual start and stop solved the problem. Also, there is an option with unchecking the "launch missed tasks" checkbox in the task schedule (without switching the launch to manual mode), but I did not try this option, in view of the decision that this function was unnecessary for us. UPD: less than half an hour after the task was stopped and the mode of its launch was switched to manual, as it, again, started some kind of trigger. There is no time to sort it out. Removed the task “Search for vulnerabilities and required updates”, you can always add it later.
The larger the network, the more the system administrator (or IT department) tries to automate the management of software products. Antivirus software is no exception in this regard.
Many antivirus vendors have remote administration tools in their arsenal; today we will talk about a similar solution from Kaspersky Lab.
In general, Kaspersky Security Center is a rather serious application that cannot be described in one article. Therefore, in this article, we will analyze only its deployment.
You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote server administration, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communication between the anti-virus software and the server.
The server itself needs to be deployed only on operating systems of the Windows family. Moreover, the presence of a server edition is optional. Systems from XP and higher are supported, but only in Professional / Enterprise / Ultimate editions. A complete list of supported systems can be found on the website.
In addition, the server needs MS SQL or MySQL for its work (you can also remotely). If there is no ready-made database server at hand, the installer of Kaspersky Security Center will install MS SQL Express itself, which is quite enough for most organizations.
So, to deploy the server, download and run the installation file (I recommend downloading the full distribution kit). As a test bench, we have selected a computer running Windows Server 2012 R2.
You will see a convenient menu in which we are currently interested in the "Install Kaspersky Security Center 10" item.
After starting the installation, you will be prompted to accept the license agreement and select the type of installation. For better control over the installation process, let's note the custom installation.
If there are mobile devices on the network, you can install a separate component to manage their protection.
Indicate the size of your network. This point, however, does not carry any important determining force.
Next, the installation program will ask which user to run the Administration Server service from. You can specify an existing user with admin rights, or you can let the installer create a new one.
The next step is to choose a database server. As already mentioned, there are two options - MS SQL or MySQL. If you do not have a ready-made server, Kaspersky Security Center will carefully deploy MS SQL Express.
At this step in the installation process, you may be in for a small surprise if the .NET Framework 3.5 SP 1 is not installed on your system.
In Windows Server, the .NET Framework 3.5 SP 1 is built in as a component and only needs to be enabled. If you do not have a server operating system, then you need to go to the Microsoft website and download the installer.
Let's consider the option of including the component in Windows Server. To do this, open the Server Manager and select the "Add Roles and Features" item.
A wizard will start, in which we need to indicate that we are going to install roles or components.
Add Roles and Features Wizard in Windows Server We select our server and skip the selection of roles. In the list of components we find Functions of the .NET Framework 3.5 and mark them with a tick.
Adding a Component to Windows Server After that, we will return to installing Kaspersky Security Center directly.
We need to select the SQL authentication mode. It can be either a separate account or a current one.
The Kaspersky Security Center server needs a shared folder that client computers can access to receive updates and installation packages. You can create a new folder or specify an existing one.
We indicate the ports through which we will connect to the administration server.
We indicate the server address on the network. If the server has and will have a static IP address, it can be limited. Still, it is more convenient to define the server by name.
The last step before installing is choosing the required plugins. Plugins allow you to manage various anti-virus products of Kaspersky Lab. This is useful if you have a whole zoo of versions. Plugins can also be installed later additionally.
Now all that remains is to observe the installation process. Sometimes plugins require a separate license agreement.
Installation of Kaspersky Security Center is now complete.
Now let's go over the initial server setup. The Administration Console installed with the server looks like this:
Administration Console of Kaspersky Security Center The console can be installed separately. And you even need not to log into the server every time for routine actions.
Servers are listed in the left column. So far, there is only our newly created server. If you are administering several servers, then just click Add Administration Server.
So, click on the newly created server and the Quick Start Wizard will start. You will be asked to activate the program with a code or key. However, this can be done later.
In addition, the wizard will ask for your consent to participate in the Kaspersky Security Network program. In fact, this is another spy on your computers that sends data to Kaspersky Lab about which resources you visit and where you catch the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for the end user, the meaning of participation in such a program is questionable.
You will also be asked to specify mailboxes for notifications from the Kaspersky Security Center server. You can skip this step.
After all these steps, the server will start downloading the latest updates from the network. In the future, it will be possible to configure as an update source not a Kaspersky Lab server on the Internet, but an upstream server, if there are several of them on your network.
After downloading the updates and polling the network, the wizard will display a successful completion message and offer to launch the Protection Deployment Wizard on Workstations.
We will talk about deploying protection on workstations in.
This material was prepared for specialists involved in the management of antivirus protection and security at the enterprise.
This page describes and analyzes the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the Central Management Console of Kaspersky Security Center 10.
The information was selected based on the experience of communication by NovaInTech specialists, with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also common that IT specialists do not know the most interesting points in the work of new versions of products that really help make life easier for the same IT specialists, and at the same level of safety and reliability.
After reading this article and watching the videos, you can briefly familiarize yourself with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.
1. Installing the Administration Server of Kaspersky Security Center 10.
You can find the required distributions on the official Kaspersky Lab website:
ATTENTION! The distribution package of the full version of Kaspersky Security Center already includes the distribution package of the latest version of Kaspersky Endpoint Security.
First of all, I would like to tell you about where to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from the installation of the administration server and the central management console of Kaspesky Security Center (KSC ). With this console, you can deploy anti-virus protection on all computers of your institution much faster. In this video you will see that after the installation and minimal configuration of the KSC administration server, it becomes possible to create an antivirus solution installer for client computers that even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains everything 2 buttons - "Install" and "Close".
The administration server itself can be installed on any computer that is always turned on or as accessible as possible, this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).
Watch the video, even if you installed the central console before, but in previous versions - you may hear and see something new for yourself ...
LIKE THE VIDEO?
We also do delivery of Kaspersky products... And even more - we provide technical support. We care about our customers.
2. Setting up centralized management on computers with Kaspersky already installed.
It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not need to pay anything for this miracle of civilization.
In order to "connect" already installed client antiviruses with the administration server, you need very little:
- Install the Administration Server (Section 1 of this article).
- Install the Administration Server Agent (NetAgent) on all computers - I will describe the installation options in the attached video below.
- After the installation of the Administration Server agent, computers, depending on your settings, will be either in the "Not distributed computers" section or in the "Managed computers" section. If computers will be in "Not distributed computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.
After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines, and as a result, there will be less infections and less headache for the administrator.
In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.
