1 / 62

ADMINISTRATION HANDS-ON

ADMINISTRATION HANDS-ON. About the Hands-On. This hands-on section is structured in a way that allows you to work independently, but still giving you the possibility to consult step-by-step instructions. Each given task will be divided into two sections Actual Task

edith
Download Presentation

ADMINISTRATION HANDS-ON

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ADMINISTRATION HANDS-ON

  2. About the Hands-On • This hands-on section is structured in a way that allows you to work independently, but still giving you the possibility to consult step-by-step instructions. • Each given task will be divided into two sections • Actual Task • Conditions, goals and short instructions • Allowing you to work independently • Detailed instructions (step-by-step work through) • In case you can not come up with own solutions

  3. Root Update Server F-SecureAVCS 6 F-SecurePMS / PMC Real Infrastructure • Environment • Policy Manager and Console on single computer • One managed host (AVCS 6)

  4. dnssrv01 filesrv01 PMS/PMC wks03 wks04 dnssrv02 filesrv02 wksXX wks02 AVCS 6 Subsidiary Munich Headquarters Helsinki Imaginary Infrastructure • During this hands-on we will create an imaginary infrastructure • 2 offices (Helsinki and Munich) • 3 imaginary workstations (Helsinki: wks02 / Munich: wks03 and wks04) • 1 real workstation in Helsinki (wks01) • 1 file server in each office (Helsinki: filesrv01 / Munich: filesrv02) • 1 DNS server in each office (Helsinki: dnssrv01 / Munich: dnssrv02)

  5. Tasks Overview Task 1: Creating a domain structure Task 2: Updating point applications Task 3: Creating autoregistration import rules Task 4: Managing policies on multiple levels Task 5: Configuring Apache Server Task 6: Working with reports Task 7: Troubleshooting scenario

  6. Task 1: Creating The Domain Structure • Servers • Place DNS Server and File Server in both sites • In which site sub-domain do you place them? • Helsinki • FILESRV01 (IP: 192.168.100.52, Windows 2003 Server) • DNSSRV01 (IP: 192.168.100.53, Windows 2000 Server) • Munich • FILESRV02 (IP: 192.168.160.82, Windows 2003 Server) • DNSSRV02 (IP: 192.168.160.83, Windows 2000 Server) => Task continues on next page

  7. Task 1: Creating The Domain Structure • Workstations • Now create the 3 imaginary hosts and place them into the Development sub-domain of each site • Helsinki • WKS02 (WINS name: wks02, Windows NT 4.0) • Munich • WKS03 (WINS name: wks03, Windows XP Pro) • WKS04 (WINS name: wks04, Windows XP Pro) => After you have completed this task, continue on page 13

  8. Creating the Domain StructureStep-By-Step Walk Through • Create two domains, “Finland” and “Germany” • Select the root domain, F-Secure • Choose Edit/New Policy Domain… from the menu (or right-click the root)

  9. Further Structure The Sub-Domains • Level 2 • Create the “Helsinki” domain • Level 3 • Create domains “Servers/HEL” and “Workstations/HEL” • Level 4 • Servers/HEL: Create domains “FileServers/HEL” and “DirectoryServers/HEL” • Workstations/HEL: Create domains “Accounting/HEL”, “CustomerSupport/HEL” and “Development/HEL” • Apply the same structure to the German domain

  10. Creating The File Servers • Add file servers in both sites in the “FileServers/XX” domain • Helsinki: FILESRV01 (IP address 192.168.100.52) • Munich: FILESRV02 (IP address 192.168.160.82)

  11. Creating The DNS Servers • Add DNS servers in both sites in the “DirectoryServers/XX” domain • Identity type: Primary IP address • Helsinki: DNSSRV01 (IP address 192.168.100.53, Alias: dnssrv01) • Munich: DNSSRV02 (IP address 192.168.160.83, Alias: dnssrv02)

  12. Creating The Workstations • Now create the 3 new hosts and place them into the Development sub-domain of each site • Helsinki • WKS02 (WINS name: wks02, Windows NT 4.0) • Munich • WKS03 (WINS name: wks03, Windows XP Pro) • WKS04 (WINS name: wks04, Windows XP Pro)

  13. Task 2: Point Application Update • During the installation hands-on, you were instructed to install AVCS 6 without HTTP scanning • Now it’s time to update Web Traffic Scanning to your host • What installation method should be used? • Intelligent installation (a.k.a push installation) • Policy based installation => Change to next page, once you decided on the installation method

  14. Task 2: Point Application Update • Since FSMA is already installed on your host, it is best to use a policy based installation to upgrade your host • Configure the policy based installation package as follows • Application Selection: Include Web Traffic Scanning • Autoregistration Properties: Add a custom property • Property Name: Development/HEL • Property Value: 1 => After completing this task, continue on page 28

  15. Policy Based Installation Walk Through • Start by choosing the version to install • Choose “Reinstall 6.x)

  16. Policy Based Installation Walk Through • F-Secure installation wizard opens • Click “Next”

  17. Policy Based Installation Walk Through • Accept the prefilled keycode • Click “Next”

  18. Policy Based Installation Walk Through • Mark Web Traffic Scanning • Click “Next”

  19. Policy Based Installation Walk Through • Accept the default language “English” • Click “Next”

  20. Policy Based Installation Walk Through • Check the prefilled PMS server URL and correct if necessary • Click “Next”

  21. Policy Based Installation Walk Through • Add the following custom property • Property Name: Development/HEL • Property Value: 1

  22. Policy Based Installation Walk Through • Choose “Uninstall conflicting products” (default) • Click “Next”

  23. Policy Based Installation Walk Through • Accept prefilled restart options from last distribution • Click “Finish”

  24. Policy Based Installation Walk Through • Wait while the installation package is created • This step might take some minutes (depending on your system) • Do not press “Cancel” • After completion, distribute the policies!

  25. Policy Based Installation Walk Through • F-Secure Setup will start and reinstall AVCS 6.x to your computer • Wait until the Reboot message appears on your screen • Reboot the computer and change back to the PMC

  26. Installation Checkup • Once the computer is rebooted, the policy based installation progress should show a successful installation • Most common failure reasons are wrong key codes or insufficient disk space on the host (see setup error on screenshot)

  27. Installation Checkup • Open the AVCS advanced user interface and check, if the Web Traffic Scanning is installed • Default setting is “disabled”

  28. Task 3Create An Autoregistration Import Rule • Start by forcing a new host autoregistration by deleting wks01 from the policy domain • After deleting, distribute the policies! • Your task is now to create an autoregistration import rule which places the wks01 to the “Development/HEL” sub-domain • Create a rule using the custom properties as as an import criteria • Test the rule…. did it work? => After completing this task, continue on page 33

  29. Autoregistration Import Rule CreationWalk Through • Start the autoregistration wizard • Click “Import autoregistered hosts”

  30. Autoregistration Import Rule CreationWalk Through • Check if the deleted host has already sent the autoregistration request • If yes, the autoregistration request will be included in the custom property • Do not import the host now, since we first have to create the import rule!

  31. Autoregistration Import Rule CreationWalk Through • Change the active tab to “Import Rules” • Press “Add” to create a new rule • Select the target domain level (Development/HEL) • Press “OK”

  32. Autoregistration Import Rule CreationWalk Through • Add a custom property • Uncheck all other property fields for better understanding • Enter the custom property name (Development/HEL) • Confirm with “OK”

  33. Autoregistration Import Rule CreationWalk Through • Your autoregistration import rule is ready • Press import to apply the rule • Your host should be placed in the “Development/HEL” sub-domain • Rename the host to wks01 to match the course binder examples (Domain/Host properties, WINS Name)

  34. Task 4Managing Policies On Multiple Levels • Change to Anti-Virus Mode (View menu) • Define the following policy settings on different levels • Accounting/HEL • Real-time Scanning/File Scanning/Action on infection: “Disinfect Automatically” • Host level (wks01) • Activate “Scan network drives” => Task continues on the next page

  35. Task 4Managing Policies On Multiple Levels • Now, move host wks01 to the sub-domain “Accounting/HEL” • Check the real-time file scanning settings. Did the setting inheritance from the parent domain (Accounting/HEL) work? • If not, what do you think is the reason? => Change to next page, once you have the answers

  36. Task 4Managing Policies On Multiple Levels • Settings defined on the host level will never be overwritten by parent domain settings • Try to change the policies as follows (as easy as possible) • Disable “Scan network drives” for the whole F-Secure domain • Enable “Scan network drives” only for the sub-domain “Development/HEL” • Move the host wks01 back to sub-domain “Development/HEL” • Check the real-time file scanning settings. Did the inheritance work now and why? • Call the instructor and present your solution => After you completed this task, continue on page 40

  37. Managing Policies On Multiple LevelsWalk Through • After you copied the host wks01 to the domain “Accounting/HEL”, the settings are as follows • “Action on infection” is inherited from the parent domain • Reason: The setting has not been defined on the host level, therefore the inheritance works • “Scan network drives” is not inherited! • Reason: The setting has been defined on the host level, therefore no inheritance

  38. Managing Policies On Multiple LevelsWalk Through • Instructions, how to disable network drive scanning for the whole policy domain • Mark the root domain (F-Secure) • Right-click “Scan network drives” • Choose “Force value” (confirm with “Yes”) • Check the file scanning settings on the host wks01 • All settings should be gray, since they are inherited from the root domain

  39. Managing Policies On Multiple LevelsWalk Through • Finally, activate network drive scanning for the domain “Development/HEL” • Mark “Development/HEL” • Enable “Scan network drives” and force the value • Distribute the policies! • Copy the host wks01 back to sub-domain “Development/HEL” • Now, the inheritance will work, since we have no settings defined on the host level

  40. Task 5: Configuring Apache Server • By default, Policy Manager Server administration connection are limited to the local computer • Web reporting module access is by default not limited! • You will now change the Apache configuration • Remove admin module access limitation (allow connections from everywhere) • Restrict web reporting module to allow connections from the local computer and from your managed host => If you completed the configuration, continue on page 44

  41. Apache Server Configuration Walk Through • Browse to the apache configuration file (httpd.conf) • Open the file with WordPad (open with)

  42. Apache Server Configuration Walk Through • Configure the httpd.conf as follows • Apache Admin Module • Replace “Listen 127.0.0.1:8080” with “Listen 8080” • Web Reporting Module • No access limitation defined (by default) • Create an access list, like shown on the screenshot (replace <host IP address> with your real host IP) • Save the settings and close the file

  43. Apache Server Configuration Walk Through • Close your Policy Manager Console and restart the Policy Manager Server service

  44. Apache ServerConfiguration Checkup • After you finished the Apache configuration, close the Policy Manager Console and inform the instructor to test your solution • Don’t forget to restart the Policy Manager Server service! • After the instructor tested your system and gives you the OK, re-open your console • Is there anything unusual happening?

  45. Apache ServerSigns For Data Integrity Problems • Yes, the instructor has opened your console with a different key-pair, therefore you get a key change notification at console startup • You can reassign the original keys

  46. Apache ServerSigns For Data Integrity Problems • Take a look at the alerts. Are there any unusual entries? • Also check your managed host. Anything strange there?

  47. Apache ServerSigns For Data Integrity Problems • The instructor has resigned your policy domain with a different key and distributed the policies • Changes have not passed the signature verification on the hosts, the policy has been rejected! • Redistribute the policies with your keys, and everything should be back to normal

  48. Working with Reports • Policy Manager provides you both with automatic status reports (e.g. virus alerts) and built in reporting tools • Policy Manager Reporting Tools • Web Reporting • Graphical reporting system (available through web browser) • Embedded reporting • Textual reporting (available only from console)

  49. Task 6Using Web Reporting • Open Web Reporting on your managed host. • Try to answer the following questions • What is the latest alert reported by your host? Can you explain the reason for this alert? • What is the UID (Unique Identifier) of your host? • When did the host last connect to the server? • What version of Automatic Update Agent (AUA) is installed on your host? • What’s the percentage of hosts with real-time protection? => After you have completed this task, continue on page 55

  50. Using Web Reporting Walk Through • Question 1: What is the latest alert reported by your host? • Answer: Failed signature check on host wks01 • Reason: The policy domain has been resigned with different keys

More Related