Anti-Virus Presentation
Robin Manke-Cassidy presented an overview of the current anti-virus
software. A copy of the slide presentation can be found at:
Presentations
Licensing
A new 2 year license has been signed with NAI. All current products
are being covered again. Home users are still being covered under the new
licenses.
Current Protection
Post office (running Solaris version) and Exchange running GroupShield
for all e-mail servers. All IMAP servers are covered since they go
through the post office first.
Workstations - VirusScan and Virex (MACs)
Servers - NetShield
New management tools available - EPO
Best Practices
- Always have the latest SDAT installed
- Use the most current version of the software (Ver. 4.0.3 will not
be supported after March 2002)
- Never open attachments that are not confirmed or expected.
- Recommended settings
- Install system, email and download scan
- Scan all files even compressed files (Robin will check to see
if there's a setting that can be adjusted to permit longer
scanning times; some people are experiencing timeout
problems)
- Always have heuristics turned on for both macro and program
scanning
- Scan all email attachments, even compressed ones.
Wireless Product
Supports Palm OS, Pocket PC, Windows CE and Symbian EPOC operating
systems (see slide presentation for a grid of supported operating
systems and devices)
- Software is installed on the synching PC and then does the scan
when the device is connected to the synching PC
- Configure wireless devices to use the NAI default site for
updates
Management Tools
ePolicy Orchestrator
- replaces the management console
- repository for anti-virus software
- Administrator can view the state of anti-virus software on all
computers on the network which do or do not have the agent
(any anti-virus software, not just NAI)
- Comprehensive reporting on anti-virus software
- Discovers clients through SNMP or through the agent installed
on the workstation. Can search by IP addresses.
- Must run a Windows NT 4.0 SP5 or higher, and Windows 2000
Server or Windows 2000 Advanced Server
- Complete new install, not just an upgrade from the previous
management software; remove all old agents from workstations
and install the new agents
- Multiple reports available (see slide show for a list of all
the default reports)
- Reports on the top 10 viruses detected on campus
- Reports on whether or not a workstation has anti-virus
software installed on it
Installation Designer
- Utility to pre-configure VirusScan or NetShield for
installation on another computer
- GUI utility
- Pre-set any install time options
- Select additional files to copy to the system during
installation
- Set Registry Keys
- Install other .DAT files other than those shipped with the
product
- Can be installed on a workstation with the package created
being stored on the server for pushing to the workstation
Set a community string in SNMP to define your area so it doesn't
appear that workstations are being hacked when it is being remotely
installed.
SANS Documents
These documents are located at
www.asu.edu/security
The new documents for Windows NT/2000 and other operating systems have
been posted to this site.
Some of the topics in the Windows document include:
- physical security
- setting up registry keys (listing of those they recommend
having set or turned off); be very careful in changing these as
some of them may lock you out of the system completely
- strong password controls and administrator account policies
- auditing
- network and internet security
- monitoring and updating security
- keeping track of domain file and print users
- secure any remote control programs (Windows 2000 specific)
- disable any unused services (Windows 2000 specific)
Suggested utilities
There are several utilities that can be used to secure your
workstations and/or audit workstations for potential security issues
(see slide show for list of recommended utilities). These utilities
can be found in the Windows 2000 Resource Kit or on Microsoft's
security web site -
www.microsoft.com/security
Security Recommendations
- Security tool kit available from
www.microsoft.com/security
- Keep up-to-date on patches/hot fixes
- Have anti-virus software installed an up-to-date
- Use good security techniques (for example, those offered by
SANS step by step guides
- Audit your systems on regular interval
ASU Security Web Page
The ASU security web page can be found at
www.asu.edu/security.
This page contains information on recommendations on securing a
workstation, especially home users. It also contains the latest
SANS step-by-step security papers, SSH Secure Shell,
SecureRemote/Secure client VPN, anti0virus and a security FAQ.
MEETING ANNOUNCEMENTS
March meeting will be on "where are we" with Windows 2000
implementation. Main, East, and West campuses will report on where
they are in getting the Windows 2000 environment implemented.
April meeting will be a "show and tell". Russ encourages everyone
to participate in showing off his/her favorite tool to the rest of
the group.