620 likes | 805 Views
ADMINISTRATION HANDS-ON. About the Hands-On. This hands-on section is structured in a way that allows you to work independently, but still giving you the possibility to consult step-by-step instructions. Each given task will be divided into two sections Actual Task
E N D
About the Hands-On • This hands-on section is structured in a way that allows you to work independently, but still giving you the possibility to consult step-by-step instructions. • Each given task will be divided into two sections • Actual Task • Conditions, goals and short instructions • Allowing you to work independently • Detailed instructions (step-by-step work through) • In case you can not come up with own solutions
Root Update Server F-SecureAVCS 6 F-SecurePMS / PMC Real Infrastructure • Environment • Policy Manager and Console on single computer • One managed host (AVCS 6)
dnssrv01 filesrv01 PMS/PMC wks03 wks04 dnssrv02 filesrv02 wksXX wks02 AVCS 6 Subsidiary Munich Headquarters Helsinki Imaginary Infrastructure • During this hands-on we will create an imaginary infrastructure • 2 offices (Helsinki and Munich) • 3 imaginary workstations (Helsinki: wks02 / Munich: wks03 and wks04) • 1 real workstation in Helsinki (wks01) • 1 file server in each office (Helsinki: filesrv01 / Munich: filesrv02) • 1 DNS server in each office (Helsinki: dnssrv01 / Munich: dnssrv02)
Tasks Overview Task 1: Creating a domain structure Task 2: Updating point applications Task 3: Creating autoregistration import rules Task 4: Managing policies on multiple levels Task 5: Configuring Apache Server Task 6: Working with reports Task 7: Troubleshooting scenario
Task 1: Creating The Domain Structure • Servers • Place DNS Server and File Server in both sites • In which site sub-domain do you place them? • Helsinki • FILESRV01 (IP: 192.168.100.52, Windows 2003 Server) • DNSSRV01 (IP: 192.168.100.53, Windows 2000 Server) • Munich • FILESRV02 (IP: 192.168.160.82, Windows 2003 Server) • DNSSRV02 (IP: 192.168.160.83, Windows 2000 Server) => Task continues on next page
Task 1: Creating The Domain Structure • Workstations • Now create the 3 imaginary hosts and place them into the Development sub-domain of each site • Helsinki • WKS02 (WINS name: wks02, Windows NT 4.0) • Munich • WKS03 (WINS name: wks03, Windows XP Pro) • WKS04 (WINS name: wks04, Windows XP Pro) => After you have completed this task, continue on page 13
Creating the Domain StructureStep-By-Step Walk Through • Create two domains, “Finland” and “Germany” • Select the root domain, F-Secure • Choose Edit/New Policy Domain… from the menu (or right-click the root)
Further Structure The Sub-Domains • Level 2 • Create the “Helsinki” domain • Level 3 • Create domains “Servers/HEL” and “Workstations/HEL” • Level 4 • Servers/HEL: Create domains “FileServers/HEL” and “DirectoryServers/HEL” • Workstations/HEL: Create domains “Accounting/HEL”, “CustomerSupport/HEL” and “Development/HEL” • Apply the same structure to the German domain
Creating The File Servers • Add file servers in both sites in the “FileServers/XX” domain • Helsinki: FILESRV01 (IP address 192.168.100.52) • Munich: FILESRV02 (IP address 192.168.160.82)
Creating The DNS Servers • Add DNS servers in both sites in the “DirectoryServers/XX” domain • Identity type: Primary IP address • Helsinki: DNSSRV01 (IP address 192.168.100.53, Alias: dnssrv01) • Munich: DNSSRV02 (IP address 192.168.160.83, Alias: dnssrv02)
Creating The Workstations • Now create the 3 new hosts and place them into the Development sub-domain of each site • Helsinki • WKS02 (WINS name: wks02, Windows NT 4.0) • Munich • WKS03 (WINS name: wks03, Windows XP Pro) • WKS04 (WINS name: wks04, Windows XP Pro)
Task 2: Point Application Update • During the installation hands-on, you were instructed to install AVCS 6 without HTTP scanning • Now it’s time to update Web Traffic Scanning to your host • What installation method should be used? • Intelligent installation (a.k.a push installation) • Policy based installation => Change to next page, once you decided on the installation method
Task 2: Point Application Update • Since FSMA is already installed on your host, it is best to use a policy based installation to upgrade your host • Configure the policy based installation package as follows • Application Selection: Include Web Traffic Scanning • Autoregistration Properties: Add a custom property • Property Name: Development/HEL • Property Value: 1 => After completing this task, continue on page 28
Policy Based Installation Walk Through • Start by choosing the version to install • Choose “Reinstall 6.x)
Policy Based Installation Walk Through • F-Secure installation wizard opens • Click “Next”
Policy Based Installation Walk Through • Accept the prefilled keycode • Click “Next”
Policy Based Installation Walk Through • Mark Web Traffic Scanning • Click “Next”
Policy Based Installation Walk Through • Accept the default language “English” • Click “Next”
Policy Based Installation Walk Through • Check the prefilled PMS server URL and correct if necessary • Click “Next”
Policy Based Installation Walk Through • Add the following custom property • Property Name: Development/HEL • Property Value: 1
Policy Based Installation Walk Through • Choose “Uninstall conflicting products” (default) • Click “Next”
Policy Based Installation Walk Through • Accept prefilled restart options from last distribution • Click “Finish”
Policy Based Installation Walk Through • Wait while the installation package is created • This step might take some minutes (depending on your system) • Do not press “Cancel” • After completion, distribute the policies!
Policy Based Installation Walk Through • F-Secure Setup will start and reinstall AVCS 6.x to your computer • Wait until the Reboot message appears on your screen • Reboot the computer and change back to the PMC
Installation Checkup • Once the computer is rebooted, the policy based installation progress should show a successful installation • Most common failure reasons are wrong key codes or insufficient disk space on the host (see setup error on screenshot)
Installation Checkup • Open the AVCS advanced user interface and check, if the Web Traffic Scanning is installed • Default setting is “disabled”
Task 3Create An Autoregistration Import Rule • Start by forcing a new host autoregistration by deleting wks01 from the policy domain • After deleting, distribute the policies! • Your task is now to create an autoregistration import rule which places the wks01 to the “Development/HEL” sub-domain • Create a rule using the custom properties as as an import criteria • Test the rule…. did it work? => After completing this task, continue on page 33
Autoregistration Import Rule CreationWalk Through • Start the autoregistration wizard • Click “Import autoregistered hosts”
Autoregistration Import Rule CreationWalk Through • Check if the deleted host has already sent the autoregistration request • If yes, the autoregistration request will be included in the custom property • Do not import the host now, since we first have to create the import rule!
Autoregistration Import Rule CreationWalk Through • Change the active tab to “Import Rules” • Press “Add” to create a new rule • Select the target domain level (Development/HEL) • Press “OK”
Autoregistration Import Rule CreationWalk Through • Add a custom property • Uncheck all other property fields for better understanding • Enter the custom property name (Development/HEL) • Confirm with “OK”
Autoregistration Import Rule CreationWalk Through • Your autoregistration import rule is ready • Press import to apply the rule • Your host should be placed in the “Development/HEL” sub-domain • Rename the host to wks01 to match the course binder examples (Domain/Host properties, WINS Name)
Task 4Managing Policies On Multiple Levels • Change to Anti-Virus Mode (View menu) • Define the following policy settings on different levels • Accounting/HEL • Real-time Scanning/File Scanning/Action on infection: “Disinfect Automatically” • Host level (wks01) • Activate “Scan network drives” => Task continues on the next page
Task 4Managing Policies On Multiple Levels • Now, move host wks01 to the sub-domain “Accounting/HEL” • Check the real-time file scanning settings. Did the setting inheritance from the parent domain (Accounting/HEL) work? • If not, what do you think is the reason? => Change to next page, once you have the answers
Task 4Managing Policies On Multiple Levels • Settings defined on the host level will never be overwritten by parent domain settings • Try to change the policies as follows (as easy as possible) • Disable “Scan network drives” for the whole F-Secure domain • Enable “Scan network drives” only for the sub-domain “Development/HEL” • Move the host wks01 back to sub-domain “Development/HEL” • Check the real-time file scanning settings. Did the inheritance work now and why? • Call the instructor and present your solution => After you completed this task, continue on page 40
Managing Policies On Multiple LevelsWalk Through • After you copied the host wks01 to the domain “Accounting/HEL”, the settings are as follows • “Action on infection” is inherited from the parent domain • Reason: The setting has not been defined on the host level, therefore the inheritance works • “Scan network drives” is not inherited! • Reason: The setting has been defined on the host level, therefore no inheritance
Managing Policies On Multiple LevelsWalk Through • Instructions, how to disable network drive scanning for the whole policy domain • Mark the root domain (F-Secure) • Right-click “Scan network drives” • Choose “Force value” (confirm with “Yes”) • Check the file scanning settings on the host wks01 • All settings should be gray, since they are inherited from the root domain
Managing Policies On Multiple LevelsWalk Through • Finally, activate network drive scanning for the domain “Development/HEL” • Mark “Development/HEL” • Enable “Scan network drives” and force the value • Distribute the policies! • Copy the host wks01 back to sub-domain “Development/HEL” • Now, the inheritance will work, since we have no settings defined on the host level
Task 5: Configuring Apache Server • By default, Policy Manager Server administration connection are limited to the local computer • Web reporting module access is by default not limited! • You will now change the Apache configuration • Remove admin module access limitation (allow connections from everywhere) • Restrict web reporting module to allow connections from the local computer and from your managed host => If you completed the configuration, continue on page 44
Apache Server Configuration Walk Through • Browse to the apache configuration file (httpd.conf) • Open the file with WordPad (open with)
Apache Server Configuration Walk Through • Configure the httpd.conf as follows • Apache Admin Module • Replace “Listen 127.0.0.1:8080” with “Listen 8080” • Web Reporting Module • No access limitation defined (by default) • Create an access list, like shown on the screenshot (replace <host IP address> with your real host IP) • Save the settings and close the file
Apache Server Configuration Walk Through • Close your Policy Manager Console and restart the Policy Manager Server service
Apache ServerConfiguration Checkup • After you finished the Apache configuration, close the Policy Manager Console and inform the instructor to test your solution • Don’t forget to restart the Policy Manager Server service! • After the instructor tested your system and gives you the OK, re-open your console • Is there anything unusual happening?
Apache ServerSigns For Data Integrity Problems • Yes, the instructor has opened your console with a different key-pair, therefore you get a key change notification at console startup • You can reassign the original keys
Apache ServerSigns For Data Integrity Problems • Take a look at the alerts. Are there any unusual entries? • Also check your managed host. Anything strange there?
Apache ServerSigns For Data Integrity Problems • The instructor has resigned your policy domain with a different key and distributed the policies • Changes have not passed the signature verification on the hosts, the policy has been rejected! • Redistribute the policies with your keys, and everything should be back to normal
Working with Reports • Policy Manager provides you both with automatic status reports (e.g. virus alerts) and built in reporting tools • Policy Manager Reporting Tools • Web Reporting • Graphical reporting system (available through web browser) • Embedded reporting • Textual reporting (available only from console)
Task 6Using Web Reporting • Open Web Reporting on your managed host. • Try to answer the following questions • What is the latest alert reported by your host? Can you explain the reason for this alert? • What is the UID (Unique Identifier) of your host? • When did the host last connect to the server? • What version of Automatic Update Agent (AUA) is installed on your host? • What’s the percentage of hosts with real-time protection? => After you have completed this task, continue on page 55
Using Web Reporting Walk Through • Question 1: What is the latest alert reported by your host? • Answer: Failed signature check on host wks01 • Reason: The policy domain has been resigned with different keys