implementing f-secure policy manager. page 2 agenda main topics pre-deployment phase is the...
TRANSCRIPT
![Page 1: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/1.jpg)
IMPLEMENTING F-SECURE POLICY MANAGER
![Page 2: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/2.jpg)
Page 2
Agenda
Main topics
• Pre-deployment phase
• Is the implementation possible?
• Implementation scenarios and examples
• Installing the environment
• Most critical installation steps
• Console configuration tips
• Point application rollout
• Point application rollout planning and piloting
• Most common rollout methods and examples
![Page 3: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/3.jpg)
PRE-DEPLOYMENT PHASE
![Page 4: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/4.jpg)
Page 4
Before you begin...
Checklist
1. Network requirements
• Does the network support the required protocols?
• Is the network fast enough?
2. System requirements
• Does the existing hardware meet the requirements?
• Are the installed operating systems and service packs supported?
3. Policy Manager Implementation
• How many Policy Manager Servers, Consoles and Proxy Servers does the infrastructure require?
• Where to place them for best performance?
![Page 5: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/5.jpg)
Page 5
Network Requirements
Network
• 10Mbit Ethernet or faster
• In installations with more than 5000 managed hosts, 100Mbit networks are recommended
Required Protocols
• UDP
• Used for virus definitions updates directly from F-Secure Root Update Server
• TCP
• Used for F-Secure Intelligent Installations (a.k.a push installations)
• Used for general Apache Web Server traffic
![Page 6: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/6.jpg)
Page 6
System Requirements:Policy Manager Server
Operating system
• Windows 2000 Server and Advanced Server (SP3 or higher), Windows Server 2003 Standard, Web Edition, or Small Business Server
Processor
• Intel Pentium III 450 MHz or faster (1 GHz or more recommended, especially when managing big environments or when Web Reporting is enabled)
Memory
• 256 MB RAM (512 MB or more recommended, especially when Web Reporting is enabled)
Disk space
• 50 MB required (recommended 500 MB or more)
![Page 7: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/7.jpg)
Page 7
System Requirements:Policy Manager Console
Operating system
• Windows 2000 Professional (SP3 or higher), Windows XP Professional (SP2 or higher) or Windows 2003 Small Business Server
Processor
• Intel Pentium III 450 MHz or faster (750 MHz or more recommended)
Memory
• Dedicated computer
• 256 MB RAM (512 or more recommended)
• Single computer (same as PMS)
• 1 GB or more recommended
Disk space
• 50 MB required
![Page 8: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/8.jpg)
Page 8
System Requirements:Anti-Virus Client Security 6.x
Operating system
• Microsoft Windows 2000 Professional (SP4 or higher)
• Microsoft Windows XP Professional and Home Edition (SP1 or higher)
Memory
• 128 MB (Windows 2000), 256 MB (Windows XP)
• 256 MB an more recommended
Disk space
• 120 MB (150 MB required during installation)
![Page 9: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/9.jpg)
Page 9
Policy Manager Implementation
Policy Manager Server and Console can be implemented in two
different ways
• Both components on a single computer (recommended)
• Dedicated computers for each component
Single Computer
Dedicated Computers
![Page 10: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/10.jpg)
Page 10
Policy Manager Implementation
Depending on the size and structure of the company, it might be
necessary to
• Install more than one Policy Manager Console
• Global company with slow internet connection
• Install more than one Policy Manager Server
• Single Policy Manager Server scales up to 10000 hosts
• It can handle significantly more host, but will be difficult to administer (policy distribution time increases)
• Install Policy Manager Proxies for virus definitions updates
• Solves bandwidth bottle-necks
![Page 11: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/11.jpg)
Page 11
Policy Manager Server Location
Location of the Policy Manager Server
• Place it in the internal network (recommended)
• Well protected from external attacks
• Access from external network only possible with authenticated, encrypted connections (e.g. VPN+)
• Place it in a DMZ network
• Server has a public IP address, FSMA can access the server from the external network without using VPN+
• In general, the security in a DMZ is less restricted as it is in an internal network. The Server contains sensitive infomation of your policy domain and policies. There might be a security risk.
![Page 12: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/12.jpg)
Page 12
Implementation in Basic Environment
Managed hosts
Policy Manager Server & Console
Root Update Server
![Page 13: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/13.jpg)
Page 13
Implementation in Global Environment
Root Update Server
Managed Hosts PMC PM Proxy PMC & PMS Managed Hosts
Subsidiary Germany Headquarters Finland
![Page 14: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/14.jpg)
POLICY MANAGER INSTALLATION
![Page 15: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/15.jpg)
Page 15
Starting the Installation
If you have a valid license of any F-Secure product you are entitled to
use F-Secure Policy Manager
You are entitled to use as many Console, Server and Reporting
Option installations as you need
![Page 16: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/16.jpg)
Page 16
Installation Order
1. Policy Manager Server
2. Policy Manager Console
3. Point Applications
![Page 17: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/17.jpg)
Page 17
Critical Steps:Server Installation
Select components to install
• Policy Manager Console
• Don’t forget to deselect in case you want to run it on a dedicated computer
• Policy Manager Update Server & Agent
• Without this components, database updates will not be possible
![Page 18: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/18.jpg)
Page 18
Critical Steps:Server Installation
Configure Apache Modules
• In general, default port settings work fine
• However, in some situations the ports are already taken and need to be changed
• The system will automatically inform
• Already taken ports
• Ports which might cause problems
![Page 19: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/19.jpg)
Page 19
Critical Steps:Console Initialization
Important: In this step you define
the administration module
• The host module address has to be specified separately in the policy
![Page 20: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/20.jpg)
Page 20
Critical Steps:Console Initialization
Management key-pair
generation
• Make sure to backup these keys after console initialization completed!
![Page 21: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/21.jpg)
Page 21
Console Configuration Tips
• Lock most important settings• Prevents problems with IPF overwriting
• Define Policy Manager Server Address• Empty by default!
![Page 22: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/22.jpg)
POINT APPLICATION ROLLOUT
![Page 23: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/23.jpg)
Page 23
Before you Start the Rollout...
Checklist
• Remove all conflicting software from target hosts
• Sidegrade detects and removes certain vendors automatically (AVCS only!)
• Test sidegrade during piloting phase!
• Check target host for third party firewalls (e.g. XP firewalls) and disable them (e.g through AD group policy)
• Start piloting
• Test different rollout methods and choose the one suited best for your environment
• Never rollout without careful testing – or to the whole domain at once!
![Page 24: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/24.jpg)
Page 24
Rollout Methods
Intelligent Installations
• Autodiscover windows hosts (recommended)
• Installation package created with PMC
• Transfers package separately to each host (no multicasting)
• Certain inbound traffic on hosts needs to be allowed
• RPC (TCP 135) and SMB (TCP 445)
• Push install to Windows host
• Advantage: needs no name resolution, if IP addresses are used
• Disadvantage: IP addresses have to be typed manually
![Page 25: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/25.jpg)
Page 25
Rollout Methods
Pre-configured package
• Using PMC to create a pre-configured package
• No inbound traffic on hosts required
• JAR: Installation of exported package by ilaunchr.exe through windows login script
• Make sure to run login sript silent (script includes password in cleartext!)
• MSI: Installation of exported package through windows group policy in active directory
![Page 26: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/26.jpg)
Page 26
Anti-Virus
Centrally Manageable Products
F-Secure Anti-Virus for Citrix Servers (and for Microsoft Terminal Server)
F-Secure Anti-Virus for SAMBA Servers
Anti-Virus
Server Computing
Anti-Virus for HTTP, SMTP, FTP and POPAnti-SpamContent Filtering
Anti-VirusAnti-SpamContent Filtering
Anti-VirusVirus & SpyProtection Intrusion prevention
F-Secure solutions and services provided
Web & DNS
Servers
F-Secure Anti-Virus for MS Exchange
F-Secure Spam Control for Microsoft Exchange
F-Secure Spam Control for Internet Gatekeeper
F-Secure Internet Gatekeeper
F-Secure Anti-Virus for MIMEsweeper
F-Secure Anti-Virus for Windows Servers
F-Secure Anti-Virus for Linux Servers
F-Secure Anti-Virus for Workstations
F-Secure Anti-Virus Client Security
GatewaysEmail Servers
File & Print
Servers
Desktops & laptopsMicrosoft Platforms
Linux Platforms
![Page 27: IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples](https://reader035.vdocument.in/reader035/viewer/2022062217/56649e605503460f94b5b58e/html5/thumbnails/27.jpg)
Page 27
Summary
Main topics
• Pre-deployment phase
• Is the implementation possible?
• Implementation scenarios and examples
• Installing the environment
• Most critical installation steps
• Console configuration tips
• Point application rollout
• Point application rollout planning and piloting
• Most common rollout methods and examples