6/4/2015H. Schwendicke1 Reinhard Baltrusch, Helga Schwendicke, Gunter Trowitzsch Total Virus Defense Licensing Installation Updates Lovesan/

Slides:

Advertisements

Similar presentations

HEPIX May 2004 Edinburgh Linux/Unix highlights.

Advertisements

The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.

CSS Central: Central Management Utility Screen View Samples Next.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

Content Overview Update Process Additional Tools.

AVG Internet Security 7.5 Product presentation.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Monitoring Your Network Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion.

CT NIKHEF Nov MS NIKHEF (ET special) CT system support.

Web Server Administration

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Kerio Connect 7.1 More Than Just a Mail Server

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows Anti-virus and Security WNUG Meeting

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Norman Endpoint Protection Advanced security made easy.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

1 Computer Security: Protect your PC and Protect Yourself.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

Forefront Security Exchange. Problem Meddelande system och sammarbetsprodukter är underbarar mål för elak kod och “distrubition” av äkta dynga… Viruses.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

12/04/98HEPNT - Windows NT Days1 NT Cluster & MS Dfs Gunter Trowitzsch & DESY WindowsNT Group.

Managing CERN Desktops with Systems Management Server (SMS 2003) Michel Christaller Internet Services Group Department of Information Technology CERN May.

Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.

Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.

ETP Reloaded e-Commission Technological Platform Upgrade to Microsoft Office 2003 DIGIT Adapted to DG SCIC.

Introducing, Installing, and Upgrading Windows 7 Lesson 7.

Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.

Computers Are Your Future Eleventh Edition Chapter 4: System Software Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

CERN’s Computer Security Challenge

Honeypot and Intrusion Detection System

How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

EPolicy Orchestrator WNUG June Meeting 6/6/2002. Presentation Contents What is ePO? What are the requirements? ePO components Demo of ePO Where to get.

PC MANAGER MEETING January 23, Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT THE PAUL SCHERRER INSTITUTE Swiss Light Source (SLS) Particle accelerator.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

BASIC FUNCTIONALITY. Page 2 Agenda Main topics Policy Manager Communication Understanding communication Information flow Communication modules F-Secure.

Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.

Lanxin Ma Institute of High Energy physics (IHEP) Chinese Academy of Sciences September 30, 2004 CHEP 2004, Interlaken The Security Protection System at.

C OMPUTER V IRUSES Julia White. W HAT ARE COMPUTER VIRUSES ? Computer viruses are small software programs that are designed to spread from one computer.

Avira Endpoint Security. Introduction of Avira Management Center (AMC)

Course ILT Routine maintenance Unit objectives Discuss the necessity of applying software patches and fixes Discuss viruses and anti-virus strategy.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.

THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.

NetTech Solutions Protecting the Computer Lesson 10.

Windows Small Business Server 2003 R2 Powering Small Businesses.

Windows NT at DESY Status report HEP NT 4 th -8 th October 1999 SLAC.

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

 Midas PC touch is one of the fastest growing companies that offer 24X7 technical assistance and online computer support services to computer users worldwide.

System Center 2012 Configuration Manager

Microsoft BackOffice Applications

System Management in a Windows based Control Environment

Module 1: Overview of Systems Management Server 2003

Presentation transcript:

6/4/2015H. Schwendicke1 Reinhard Baltrusch, Helga Schwendicke, Gunter Trowitzsch Total Virus Defense Licensing Installation Updates Lovesan/ Mblast incidents

DESY 6/4/2015H. Schwendicke2 Mc Afee System Protection Total Virus Defense includes:File Server Protection (Netshield) Desktop protection (All Windows platforms) protection (Groupshield) Internet Gateway protection (Webshield) also available for Solaris and Linux McAfee Prime support – 24 hours, 7days/week Management tools Licensing:2000 nodes VirusScan 4.03 (NT4) VirusScan 4.51 (WXP, W2K) Enterprise V 7.0 (WXP, W2003) contract for 2 years special contract for German Public Administrative Organizations which includes Governmental and research Centers

DESY 6/4/2015H. Schwendicke3 Total Virus Defense 3 Tools 1. Auto Update Architect n Downloads the updates from McAfee server n Supports distributed repositories 2. Installation Designer – VSE7.0 n Preconfigure VirusScan Enterprise 7 installation package n Creates a new customized.MSI file n Creates and modifies a settings (.CAB) file 3. ePolicy Orchestrator n Management tool for the whole suite n Overview, updates, installation

DESY 6/4/2015H. Schwendicke4 Overview Client Management group specific parameter (alert handling) basic setup scanning / update alerting McAfee installation DESY configuration AVS repository running av-service on the PC Alert Server Auto Update Architect update upgrade WBDM e-Pol. mm-console

DESY 6/4/2015H. Schwendicke5 Installation and Configuration l First installation: n WXP: AVS will be installed together with the OS via RIS (VSE 7.0) or WXP installation CD (VS 4.5x, now VSE 7.0) n NT4: NetInstall (DESYNT – 4.0.x) n all other PCs: native installation procedure l Web Based Domain Management is used to configure message recipients ( , Winpopup) & update and upgrade schedule (only VS 4.0x) l The rollout of VirusScan Enterprise 7 is still in progress allows remote configuration of other PCs

DESY 6/4/2015H. Schwendicke6 AVS repository ß installation repository ß contains the actual dat-xxxx.zip & update.ini ß language dependent SuperDAT’s ß enterprise repository Resides on a Samba Server Allows guest access Read only for everybody

DESY 6/4/2015H. Schwendicke7 W32Lovsan/ W32Nachi l 8/12/03 First infections of WXP PCs in Hamburg (Laptops) l First actions n Closing of IP ports in the firewall to outside n Patching the windows systems : DESYNT: Netinstall package for WXP and NT4 clients or by hand : Win.DESY.de: automatically with SUS n Collecting information about : The status of Antivirus software (installation, signature versions) : Patched/non-patched systems (Microsoft Scanner – KB ) : Infected systems n Providing information for the users l 9/12/03 only few incidents

DESY 6/4/2015H. Schwendicke8 W32Lovsan/ W32Nachi II l Problems n PCs without Antivirus software n VirusScan signatures weren’t Up-to-date on all PCs n Variety of operating systems and service packs n Variety of VirusScan clients NT4 (German + English), W2000, WXP n PCs which were switched off (summer time, school holidays) n Laptops - connected behind the firewall n patching all the systems was very time consuming n Problems ond DCE systems using port 135 l We need rules for n Connecting guest laptops and PCs into the intranet and also DESY laptops n Not centralized managed PCs l mechanism to keep the PCs Up-to-date with hotfixes and SPs

DESY 6/4/2015H. Schwendicke9 Virus statistics Most frequent viruses since June 2002 – viruses found by mailsweeper are not included

DESY 6/4/2015H. Schwendicke10 W32/ Sobig l First infections at the end of August l Sobig was spread via l was detected by Mailsweeper on the mail gateways n Generated an to sender and receiver of the mail n Attachment was deleted n If spam was detected the mail was blocked too l Exchange server blocked infected s

DESY 6/4/2015H. Schwendicke11

DESY 6/4/2015H. Schwendicke12 Outlook and Questions l Next steps n Get rid of both old versions n Completing the management concept for VSE 7.0 (alerting and control of update schedules) n Testing the ePolicy orchestrator n Completing the infrastructure on both sides l Questions n What are your criteria's for choosing antivirus software? Management model: centralized based on tools like ePO or distributed with less interactions? n What to do with guest Laptops and PCs? n PCs from outside (Home PCs)