Presentation on theme: "Windows Anti-virus and Security WNUG Meeting 2-7-2002."— Presentation transcript:
Windows Anti-virus and Security WNUG Meeting 2-7-2002
Anti-virus Overview New License information ASU Current Protection Best Practices Wireless Product New Tools for Management
Security Overview SANS best Practices Windows NT Windows 2000 Tools to Assist with Securit Information from Microsoft Security Seminar
Anti-virus License Update A new license with NAI has been signed for another 2 years. All Current products are again covered. We need a better idea of the number of clients we have.
ASU Current Protection Plan ASU Post Office and Exchange servers are running GroupShield from NAI. Workstations running VirusScan or Virex. Servers running NetShield (both Netware and Windows) Addition of new management tools (ePO)
Anti-virus Best Practices Always have the latest sdat installed. Use the most current version of the software. Never EVER open attachments that are not confirmed or expected. The following settings are recommended: Install system, email, and download scan. Scan all files even compressed. Always have heuristics turned on for both macro and program scanning. With email scan, scan all attachments even compressed ones.
Wireless Product Supports Palm OS, Pocket PC, Windows CE, and Symbian EPOC operating systems. Handheld devices are scanned on synchronization.
Wireless Continued Use the Configured Auto Update in the software. On the Advanced Tab select the last two options. There are no defaults on the screen by default. Also under the Log Activity Tab, select verbose logs. This aids in troubleshooting later.
ePolicy Orchestrator Repository for anti-virus software software. Centralized anti-virus software installation. Admin be able to view the state of anti-virus software on all computers on the network which have an agent. Has support for multiple service providers. Comprehensive reporting on anti-virus software activity. Default reports that can be customized. Replaces Management Console.
ePO Default Reports Agent to Server Connect Interval DAT deployment Summary DAT/Engine Coverage Engine Deployment Summary Machines with no AV Protection Machines without ePO Agent Installed Product Protection Summary ePO Agent Versions Infection Reports Top Ten Reports Detection Reports
Installation Designer Utility to pre-configure VirusScan or NetShield for installation on another computer. GUI utility Pre-set any install time options. Select additional files to copy to the system during installation. Set Registry Keys. Install other.DAT files other than those shipped with the product.
SANS Documents Windows NT Phase 1: Setting up the machine Phase 2: Safe File system and Creation of ERD Phase 3: Setting Registry keys Phase 4: Strong Password controls and Account policies Phase 5: Auditing Phase 6: Networking and Internet Security Phase 7: Monitoring and updating Security
SANS Documents Continued Windows 2000 Same general guidelines from the Windows NT document. Disable any unused services Secure any remote control programs
Suggested Utilities Dumpchk.exe – provides dump file validation and analysis Memsnap.exe – produces a picture of memory usage by all processes and writes a log file. Poolmon.exe – used to detect memory leaks. W2000msgs.chm – list of Windows 2000 error and event messages in Help File format. Acldiag.exe – reads access control lists from AD objects and generates a report. Filever.exe – Utility to report on the versions of the file structure, executable and DLL files. Guid2obj.exe – translates a GUID to its distinguished name.
Suggested Utilities Continued Snort – free Intrustion detection system. HFNetChk – inventory of security patches. Qchain.exe – installs mulitple hotfixes together. IIS Lockdown wizard – wizard used to lockdown IIS 4 & 5.
Microsoft Security Seminar Security Tool Kit (available from web site) http://www.microsoft.com/security Keep up to date on patches/hot fixes. Have anti-virus software installed and up- to-date. Use good security techniques, for example those offered by SANS step by step guides. Audit your systems on a regular interval