Licensing
A new 2 year license has been signed with NAI. All current products are being covered again. Home users are still being covered under the new licenses.

Current Protection
Post office (running Solaris version) and Exchange running GroupShield for all e-mail servers. All IMAP servers are covered since they go through the post office first.

Workstations - VirusScan and Virex (MACs)
Servers - NetShield
New management tools available - EPO

Best Practices

• Always have the latest SDAT installed
• Use the most current version of the software (Ver. 4.0.3 will not be supported after March 2002)
• Never open attachments that are not confirmed or expected.
• Recommended settings
• Install system, email and download scan
• Scan all files even compressed files (Robin will check to see if there's a setting that can be adjusted to permit longer scanning times; some people are experiencing timeout problems)
• Always have heuristics turned on for both macro and program scanning
• Scan all email attachments, even compressed ones.

Wireless Product
Supports Palm OS, Pocket PC, Windows CE and Symbian EPOC operating systems (see slide presentation for a grid of supported operating systems and devices)

• Software is installed on the synching PC and then does the scan when the device is connected to the synching PC
• Configure wireless devices to use the NAI default site for updates

Management Tools

ePolicy Orchestrator

• replaces the management console
• repository for anti-virus software
• Administrator can view the state of anti-virus software on all computers on the network which do or do not have the agent (any anti-virus software, not just NAI)
• Comprehensive reporting on anti-virus software
• Discovers clients through SNMP or through the agent installed on the workstation. Can search by IP addresses.
• Must run a Windows NT 4.0 SP5 or higher, and Windows 2000 Server or Windows 2000 Advanced Server
• Complete new install, not just an upgrade from the previous management software; remove all old agents from workstations and install the new agents
• Multiple reports available (see slide show for a list of all the default reports)
• Reports on the top 10 viruses detected on campus
• Reports on whether or not a workstation has anti-virus software installed on it

Installation Designer

• Utility to pre-configure VirusScan or NetShield for installation on another computer
• GUI utility
• Pre-set any install time options
• Select additional files to copy to the system during installation
• Set Registry Keys
• Install other .DAT files other than those shipped with the product
• Can be installed on a workstation with the package created being stored on the server for pushing to the workstation

SANS Documents
These documents are located at www.asu.edu/security

The new documents for Windows NT/2000 and other operating systems have been posted to this site.

Some of the topics in the Windows document include:

• physical security
• setting up registry keys (listing of those they recommend having set or turned off); be very careful in changing these as some of them may lock you out of the system completely
• strong password controls and administrator account policies
• auditing
• network and internet security
• monitoring and updating security
• keeping track of domain file and print users
• secure any remote control programs (Windows 2000 specific)
• disable any unused services (Windows 2000 specific)

Suggested utilities
There are several utilities that can be used to secure your workstations and/or audit workstations for potential security issues (see slide show for list of recommended utilities). These utilities can be found in the Windows 2000 Resource Kit or on Microsoft's security web site - www.microsoft.com/security

Security Recommendations

• Security tool kit available from www.microsoft.com/security
• Keep up-to-date on patches/hot fixes
• Have anti-virus software installed an up-to-date
• Use good security techniques (for example, those offered by SANS step by step guides
• Audit your systems on regular interval

ASU Security Web Page
The ASU security web page can be found at www.asu.edu/security. This page contains information on recommendations on securing a workstation, especially home users. It also contains the latest SANS step-by-step security papers, SSH Secure Shell, SecureRemote/Secure client VPN, anti0virus and a security FAQ.

MEETING ANNOUNCEMENTS
March meeting will be on "where are we" with Windows 2000 implementation. Main, East, and West campuses will report on where they are in getting the Windows 2000 environment implemented.

April meeting will be a "show and tell". Russ encourages everyone to participate in showing off his/her favorite tool to the rest of the group.