1 / 32

BASIC FUNCTIONALITY

BASIC FUNCTIONALITY. Agenda. Main topics Policy Manager Communication Understanding communication Information flow Communication modules F-Secure Policy Concept Policy file structure Data integrity Software distribution process. COMMUNICATION. Policy Manager Communication.

amato
Télécharger la présentation

BASIC FUNCTIONALITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. BASIC FUNCTIONALITY

  2. Agenda • Main topics • Policy Manager Communication • Understanding communication • Information flow • Communication modules • F-Secure Policy Concept • Policy file structure • Data integrity • Software distribution process

  3. COMMUNICATION

  4. Policy Manager Communication • Understanding how communication is working in Policy Manager is one of the key issues • Software distributions => How does the installation reach the host? • Connection troubleshooting => What component is causing the problem? • Most important components are • Policy Manager Console • Policy Manager Server • Managed Hosts PMS ? PMC Host

  5. Policy Manager Console • Policy Manager Console is used to • Set up corporate, departmental or individual policies • Deploy and distribute policies, updates and installation files to PMS • Receive alarms and alerts when policies are in danger and when security breaches were attempted but thwarted • Generated reports on configurations, statistics, alerts, etc. for policy domains or individual managed devices • Policy Manager console needs access to both Managed Hosts (Push Installations) and Policy Manager Server PMS PMC Host

  6. Policy Manager Server • Policy Manager Server hosts • Data repository which includes all policy related information (a.k.a. commdir) • Automatic Update System (virus and spyware updates) • Apache Server which manages the connection requests • Policy Manager Web Reporting module including SQL backend • Policy Manager Server has to be accessible by Policy Manager Console and Managed Hosts PMS PMC Host

  7. Managed Host • Provides the platform for different centrally managed applications • Workstation, Server and Gateway applications • All managed hosts need access to the Policy Manager Server in order to be able to fetch policies and software packages and send back status information (e.g. alerts) PMS PMC Host

  8. Information Flow • From the Policy Manager Console to the Policy Manager Server • Settings (in the policy) • Software distributions • From Management Agent to the Policy Manager Server • Status information • Alerts

  9. Information Flow Example • Host reports • Alerts and status information • Software Distribution • Policy based installation PMS PMC Host

  10. Introducing Communication Modules • Policy Manager Server • Apache Server • Handles all connections coming from managed hosts and Policy Manager Console • Managed host • F-Secure Management Agent (FSMA) • Handles all policy related connections to the Policy Manager Server • F-Secure Automatic Update Agent (AUA) • Handles all database update related connections to the Policy Manager Server

  11. F-Secure Management Agent (FSMA) • Local communication module used by managed hosts • Fetches policy data from the server’s data repository (commdir) • Posts alerts and status information to the commdir • Interprets and enforces the base policy issued by PMC • Instructs the installation of point applications • Restricts/regulates point application settings • Each FSMA has a UID (Unique Identifier) • Differentiates hosts from each other even if IP-address or WINS-name is identical

  12. Apache Server • F-Secure Policy Manager Server uses a stripped down version of Apache Server which manages the communication request coming from the console and managed hosts • Apache Server modules • F-Secure Management Server Host Module (FSMSH) • F-Secure Management Server Admin Module (FSMSA) • F-Secure Web Reporting Module

  13. Host Module (FSMSH) • Handles FSMA connection requests • E.g. policy file or software package download • Listens on HTTP (by default port 80) Admin Module (FSMSA) • Handles PMC connection request • E.g. software distribution by administrators • Listens on HTTP (by default port 8080) Web Reporting Module • Handles Web Reporting connection request • Listens on HTTP (by default port 8081) Apache Server Modules

  14. Apache Communication PMS Communication Directory Apache Server Admin Module Web Reporting Module Host Module HTTP (Port 80) HTTP (Port 8080) HTTP (Port 8081) PMC FSMA

  15. What are Virus Definitions? • Virus definitions are file signatures used for malware detection and removal • Updates include • Virus definitions • Spyware definitions • Virus news updates • F-Secure has an automated virus definitions update mechanism, so administrators do not have to update databases manually

  16. Update channels Primary Secondary 1. UDP (Port 370)2. HTTP (Port 80) Root Update Server F-Secure Automatic Update System (AUSYS) PMS Communication Directory FSAUSYS Automatic Update Agent (AUA) Automatic Update Server (AUS) HTTP (Port 80) AUA

  17. Update channels Primary Secondary 1. UDP (Port 370)2. HTTP (Port 80) Root Update Server Policy Manager Proxy Server (AUP) Subsidiary PM Proxy Headquarter PMS Communication Directory FSAUSYS FSAUSYS Automatic Update Agent (AUA) Automatic Update Proxy (AUP) Automatic Update Server (AUS) HTTP (Port 80) HTTP (Port 80) AUA AUA

  18. POLICY FILE CONCEPT

  19. F-Secure Policy File Concept • F-Secure policies are a set of well defined rules that regulate how sensitive information and other resources are managed, protected and distributed • Policy files are centrally configured by the administrator and distributed to the managed hosts via Policy Manager Server • A Policy is a host oriented file, it is not a product oriented file • It contains configurations/settings for all point applications installed on a host

  20. BPF (Base Policy File) Created on the PMC, holds administrators settings for a host Signed with admin.prv IPF (Incremental Policy File) Created on host, includes local changes and status information, statistics DPF (Default Policy File) Used after installation by default until BPF arrives on host APF (Anonymous Policy File) Created on PMC, included in an installation package Policy Files

  21. Policy Hierarchy • IPF is the primary source of settings • BPF is secondary source of settings, unless a setting is marked ”final”, in which case it is primary • DPF is used if IPF and BPF and APF aremissing AVCS FSMA IPF BPF DPF DPF

  22. Policy Manager Data Integrity • The integrity of the policy domain is secured by an asymmetric key pairPrivate key (admin.prv) • Private part of the key system • Used for digitally signing policy data (creating the encrypted hash) • Only available to Policy Manager Administrators • Public key (admin.pub) • Public part of the key system • Distributed to all managed hosts (publicly available, not kept secure) • Used for hash decryption and signature verification

  23. SOFTWARE DISTRIBUTION

  24. Installation Types • Remote installation • Push Installation • Auto discover Windows hosts • Push install based on IP-address or WINS name • Policy-based installation • Local installation • From CD-ROM • With pre-configured package

  25. PMC creates a package PMC pushes the package FSMA and point apllication are installed PMC issues a policy for the new host FSMA fetches the policy FSMA Anti-Virus Client Security Installing Point Applications:F-Secure Intelligent Installation Policy Manager Server Apache Server CommDir Policy Policy Manager Console Managed Host Policy Policy JAR Package JAR Installation Package

  26. Installing Point Applications:Remotely • Push install to Windows Hosts feature is used to push installation to hosts based on their IP address or host name • Works in the same manner as if host was autodiscovered

  27. Installing Point Applications:Locally • From cd, using login script or through some EMS (SMS,Tivoli etc), followed by the Autoregistartion process • Using a login script: ILaunchr utility and JAR package on a fileserver

  28. Installing Point Applications:ILaunchr Utility PMC generates a package, xyz.jar Copy iLaunchr.exe and the xyz.jar to a shared folder on a file server Edit your login script with new command lines

  29. PMC creates a package PMC pushes the package FSMA and point apllication are installed PMC issues a policy for the new host FSMA fetches the policy FSMA Anti-Virus Client Security Auto registration Process Policy Manager Server Apache Server CommDir ARR Policy Policy Manager Console Managed Host Policy ARR Policy ARR JAR Package

  30. PMC creates a package PMC pushes the package FSMA and point apllication are installed PMC issues a policy for the new host FSMA fetches the policy FSMA Anti-Virus Client Security Policy Distribution Process Policy Manager Server Apache Server CommDir New Policy Old Policy Policy Manager Console Managed Host New Policy Old Policy New Policy

  31. Policy Based Installation • Once the Management Agent has been installed, it is possible to do installations based on the policy • Make an installation package and distribute a policy where a workstation is instructed to install the product

  32. Summary • Main topics • Policy Manager Communication? • Understanding communication • Information flow • Communication modules • F-Secure Policy Concept • Policy file structure • Data integrity • Software Distribution Process

More Related