1 / 17

Windows Anti-virus and Security

Windows Anti-virus and Security WNUG Meeting 2-7-2002 Anti-virus Overview New License information ASU Current Protection Best Practices Wireless Product New Tools for Management Security Overview SANS best Practices Windows NT Windows 2000 Tools to Assist with Securit

libitha
Télécharger la présentation

Windows Anti-virus and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Anti-virus and Security WNUG Meeting 2-7-2002

  2. Anti-virus Overview • New License information • ASU Current Protection • Best Practices • Wireless Product • New Tools for Management

  3. Security Overview • SANS best Practices • Windows NT • Windows 2000 • Tools to Assist with Securit • Information from Microsoft Security Seminar

  4. Anti-virus License Update • A new license with NAI has been signed for another 2 years. • All Current products are again covered. • We need a better idea of the number of clients we have.

  5. ASU Current Protection Plan • ASU Post Office and Exchange servers are running GroupShield from NAI. • Workstations running VirusScan or Virex. • Servers running NetShield (both Netware and Windows) • Addition of new management tools (ePO)

  6. Anti-virus Best Practices • Always have the latest sdat installed. • Use the most current version of the software. • Never EVER open attachments that are not confirmed or expected. • The following settings are recommended: • Install system, email, and download scan. • Scan all files even compressed. • Always have heuristics turned on for both macro and program scanning. • With email scan, scan all attachments even compressed ones.

  7. Wireless Product • Supports Palm OS, Pocket PC, Windows CE, and Symbian EPOC operating systems. • Handheld devices are scanned on synchronization.

  8. Wireless Continued • Use the Configured Auto Update in the software. • On the Advanced Tab select the last two options. There are no defaults on the screen by default. • Also under the Log Activity Tab, select verbose logs. This aids in troubleshooting later.

  9. Anti-virus Management Tools • ePolicy Orchestrator • Installation Designer

  10. ePolicy Orchestrator • Repository for anti-virus software software. • Centralized anti-virus software installation. • Admin be able to view the state of anti-virus software on all computers on the network which have an agent. • Has support for multiple service providers. • Comprehensive reporting on anti-virus software activity. • Default reports that can be customized. • Replaces Management Console.

  11. ePO Default Reports • Agent to Server Connect Interval • DAT deployment Summary • DAT/Engine Coverage • Engine Deployment Summary • Machines with no AV Protection • Machines without ePO Agent Installed • Product Protection Summary • ePO Agent Versions • Infection Reports • Top Ten Reports • Detection Reports

  12. Installation Designer • Utility to pre-configure VirusScan or NetShield for installation on another computer. • GUI utility • Pre-set any install time options. • Select additional files to copy to the system during installation. • Set Registry Keys. • Install other .DAT files other than those shipped with the product.

  13. SANS Documents • Windows NT • Phase 1: Setting up the machine • Phase 2: Safe File system and Creation of ERD • Phase 3: Setting Registry keys • Phase 4: Strong Password controls and Account policies • Phase 5: Auditing • Phase 6: Networking and Internet Security • Phase 7: Monitoring and updating Security

  14. SANS Documents Continued • Windows 2000 • Same general guidelines from the Windows NT document. • Disable any unused services • Secure any remote control programs

  15. Suggested Utilities • Dumpchk.exe – provides dump file validation and analysis • Memsnap.exe – produces a picture of memory usage by all processes and writes a log file. • Poolmon.exe – used to detect memory leaks. • W2000msgs.chm – list of Windows 2000 error and event messages in Help File format. • Acldiag.exe – reads access control lists from AD objects and generates a report. • Filever.exe – Utility to report on the versions of the file structure, executable and DLL files. • Guid2obj.exe – translates a GUID to its distinguished name.

  16. Suggested Utilities Continued • Snort – free Intrustion detection system. • HFNetChk – inventory of security patches. • Qchain.exe – installs mulitple hotfixes together. • IIS Lockdown wizard – wizard used to lockdown IIS 4 & 5.

  17. Microsoft Security Seminar • Security Tool Kit (available from web site) • http://www.microsoft.com/security • Keep up to date on patches/hot fixes. • Have anti-virus software installed and up-to-date. • Use good security techniques, for example those offered by SANS step by step guides. • Audit your systems on a regular interval

More Related