310 likes | 328 Vues
Learn about the latest updates and features of Symantec Enterprise Security Architecture (SESA) including Managed AV, SESA Event Manager, and real-world experiences. Get insights on antivirus solutions and campus server management.
E N D
iCommand & Remedy Update SESA Overview & Demo Win ’98 Support OID Update & Demo Security Scan Demo NetCom (Wireless) Update IT Briefing Agenda 1/20/05 • Karen Jenkins • Craig Myers • Stu Lipkin • Mark Parten • Andy Efting • Paul Petersen
Symantec Enterprise Security Architecture Craig Myers ITD, Client Services Development
Desktop Antivirus Managed Antivirus SESA Event Manager for AV SESA and Event Manager Diagrams and Demo Real-world Experiences by Derek Spransy Symantec Enterprise Security ArchitecturePresentation Outline
AntiVirusSpring 2005 Symantec Antivirus Corporate Edition version 9.0.2.1000 Norton Antivirus for Macintosh (with “nonag”) version 9.0.3 (6)
Managed AV • Support thousands of PCs • PCs get Virus Definitions from Server and/or via LiveUpdate • Events are logged by the Parent Server • Quick display of current versions, which definitions are in use, last scan performed and virus alerts. • Can schedule scans without user being logged in. • Can configure client settings per machine or by group. • With Alert Management Service (AMS), can get email when a machine gets a virus. • Lacks reporting ….
Managed AV • Managed AV • Campus parent server available to departmental servers for updates • Virus definitions updated hourly via Intelligent Updates. • Investigating installing a managed faculty/staff server and/or student server to provide management to campus entities without a local managed AV server … thoughts?
SESA • Scalable solution that integrates multiple Symantec Security and third party products. • Provides granular alerting of events. • Query, filter and sort data for charting and reporting. • Relatively new, still growing.
Event Manager for Antivirus • SESA integration product. • Enables centralized, cross-tier logging, alerting and reporting between the SESA event management system and Symantec Antivirus.
SESA with Event Manager • Collector on each parent AV server passes logged data to the SESA Manager via an Agent. • The Manager stores the event data into the Data store. • The Manager uses a directory to manage the devices, users and permissions. • Access to the Manager is through a SESA console, which is java based. • All SESA components are Java based except the Data store and Directory (Oracle and DB2).
SESA Requirements • Prerequisites • Department must be running Symantec AV Server version 9 or better. • Must allow Java SDK 1.3.1_09 to be installed. • Departmental server must be win32-based (ie. Win2K, XP, 2003). • Must have a designated contact. • ITD Responsibilities • Create an OU and an access account. • Provide on-site installation assistance. • Provide on-site training at the time of installation. Install and training take about 1 hour and does not require a server reboot.
SESA Procedure • ESR Form Method • Go to the Electronic Support Request (ESR) form. http://help.emory.edu • Login using your campus id and password. • Select the General Emory Helpdesk. • Select the Request Type of General / Other. • Use "Please add my managed AV server to SESA. in the Additional Details box.
SESA Procedure (cont.) • Magic Method • Create a new incident using your name. • Set Subject to Software. • Enter "Please add my managed AV server to SESA." in the incident description. • Assign the call to EU_ITD_CLIENT_SERVICES_TIER_2 queue. • Someone from CSD will respond to your request within three business days. • We will verify the prerequisites and setup an installation time.
Client Services Update Stu Lipkin
Discontinuing Support For Windows 98 and Mac OS 9 • Mainstream support from MS ceased for these products June 30, 2002 and December 31, 2003. Fee-for-service extended support is available but no future development is planned for these products. Microsoft will only provide critical security updates for above products posted on the Windows Update web site. Hotfixes for non-critical updates will be available on request only. • No further development and support for Mac OS 9.x is indicated from Apple. Mac OS 10.2 is the recommended platform for Apple computers.
OPERATING SYSTEM Windows 98 Windows 98 SE Windows ME END OF SUPPORT June 30, 2002 June 30, 2002 December 31, 2003 Windows 98 Support from Microsoft Only paid incident support is available until December 31 2006. http://support.microsoft.com/default.aspx?scid=fh;[ln];LifeWin http://support.microsoft.com/gp/lifean1
Proposed End of Support • We propose to end support for Mac OS 9.x, Windows 98, 98 SE and Windows ME on May 31st, 2005.
Impact of discontinuation of stated OS support • No phone or desktop support from ITD would be provided for customers running Win 98, Win 98 2nd ed., ME, Mac OS 9.x • No support provided for ITD applications running on stated OS • Development of installers would not be written for above OS • Enterprise applications and continuing development would not need to consider the above OSes as included in the technical specifications
Impact • There should be no immediate effect on users. There is no immediate plan to change services so that they are incompatible with these Windows and Macintosh Operating Systems. • Users should expect that newer applications introduced in the preceding months may not operate on older systems and may require Windows 2000 or Mac OS 10.2 or higher.
Proposed Communication Plan • present at IT Briefing January 2005 • present at Desknet in January 2005 • prepare announcement to end users mid-February • post announcement in ER/Wheel February/March • email to Local-l, All-emory, various Learnlink conferences (LL Demigods, SCC Technology, and Emory Announcements) last business day of Jan, Feb, Mar, Apr • post on defined page on it.emory.edu/Desktop Computing
Oracle Names to Oracle Internet Directory Mark Parten
Self-Service Vulnerability Scanning A new service from your ITD Security Team
Introduction • Utilizes the Nessus Vulnerability Scanning Tool • Specifically for use by System Administrators and Local Support Personnel • Can scan both desktop and server machines • Reports vulnerabilities and gives possible solutions / fixes
Getting Started • For more information on requesting the ability to do a Self-Service Scan, go to the following URL: http://it.emory.edu/showdoc.cfm?docid=4248 • The ITD Security Team will work with System Administrators and Local Support Personnel to get them set up and scanning once a request has been received
Overview Network Vulnerability Scanning Self-Service Overview :: FAQ ITD Security offers Network Vulnerability Scanning Self-Service using Nessus from a centralized scanning server in the DMZ. To request the ability to scan your network, please send the following information to the security team at SecurityTeam-L@listserv.emory.edu: 1. Name and organization you support2. The IP address range on your network that you would like to scan3. Phone number and e-mail address4. Your network ID We will confirm this information, send a link for the latest Nessus scanning client, and provide a password to use when you connect to the system.
How to • Use GUI to connect to the Scanning Server • Use network ID and Nessus password to authenticate • Create scan session (which nodes, options, etc) • Run scan, view results, create report
Documentation Can be found at: http://www.nessus.org/documentation/