Windows Anti-virus and Security - PowerPoint PPT Presentation

Windows anti virus and security l.jpg
Download
1 / 17

Windows Anti-virus and Security WNUG Meeting 2-7-2002 Anti-virus Overview New License information ASU Current Protection Best Practices Wireless Product New Tools for Management Security Overview SANS best Practices Windows NT Windows 2000 Tools to Assist with Securit

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Windows Anti-virus and Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Windows anti virus and security l.jpg

Windows Anti-virus and Security

WNUG Meeting 2-7-2002


Anti virus overview l.jpg

Anti-virus Overview

  • New License information

  • ASU Current Protection

  • Best Practices

  • Wireless Product

  • New Tools for Management


Security overview l.jpg

Security Overview

  • SANS best Practices

    • Windows NT

    • Windows 2000

  • Tools to Assist with Securit

  • Information from Microsoft Security Seminar


Anti virus license update l.jpg

Anti-virus License Update

  • A new license with NAI has been signed for another 2 years.

  • All Current products are again covered.

  • We need a better idea of the number of clients we have.


Asu current protection plan l.jpg

ASU Current Protection Plan

  • ASU Post Office and Exchange servers are running GroupShield from NAI.

  • Workstations running VirusScan or Virex.

  • Servers running NetShield (both Netware and Windows)

  • Addition of new management tools (ePO)


Anti virus best practices l.jpg

Anti-virus Best Practices

  • Always have the latest sdat installed.

  • Use the most current version of the software.

  • Never EVER open attachments that are not confirmed or expected.

  • The following settings are recommended:

    • Install system, email, and download scan.

    • Scan all files even compressed.

    • Always have heuristics turned on for both macro and program scanning.

    • With email scan, scan all attachments even compressed ones.


Wireless product l.jpg

Wireless Product

  • Supports Palm OS, Pocket PC, Windows CE, and Symbian EPOC operating systems.

  • Handheld devices are scanned on synchronization.


Wireless continued l.jpg

Wireless Continued

  • Use the Configured Auto Update in the software.

  • On the Advanced Tab select the last two options. There are no defaults on the screen by default.

  • Also under the Log Activity Tab, select verbose logs. This aids in troubleshooting later.


Anti virus management tools l.jpg

Anti-virus Management Tools

  • ePolicy Orchestrator

  • Installation Designer


Epolicy orchestrator l.jpg

ePolicy Orchestrator

  • Repository for anti-virus software software.

  • Centralized anti-virus software installation.

  • Admin be able to view the state of anti-virus software on all computers on the network which have an agent.

  • Has support for multiple service providers.

  • Comprehensive reporting on anti-virus software activity.

  • Default reports that can be customized.

  • Replaces Management Console.


Epo default reports l.jpg

ePO Default Reports

  • Agent to Server Connect Interval

  • DAT deployment Summary

  • DAT/Engine Coverage

  • Engine Deployment Summary

  • Machines with no AV Protection

  • Machines without ePO Agent Installed

  • Product Protection Summary

  • ePO Agent Versions

  • Infection Reports

  • Top Ten Reports

  • Detection Reports


Installation designer l.jpg

Installation Designer

  • Utility to pre-configure VirusScan or NetShield for installation on another computer.

  • GUI utility

  • Pre-set any install time options.

  • Select additional files to copy to the system during installation.

  • Set Registry Keys.

  • Install other .DAT files other than those shipped with the product.


Sans documents l.jpg

SANS Documents

  • Windows NT

    • Phase 1: Setting up the machine

    • Phase 2: Safe File system and Creation of ERD

    • Phase 3: Setting Registry keys

    • Phase 4: Strong Password controls and Account policies

    • Phase 5: Auditing

    • Phase 6: Networking and Internet Security

    • Phase 7: Monitoring and updating Security


Sans documents continued l.jpg

SANS Documents Continued

  • Windows 2000

    • Same general guidelines from the Windows NT document.

      • Disable any unused services

      • Secure any remote control programs


Suggested utilities l.jpg

Suggested Utilities

  • Dumpchk.exe – provides dump file validation and analysis

  • Memsnap.exe – produces a picture of memory usage by all processes and writes a log file.

  • Poolmon.exe – used to detect memory leaks.

  • W2000msgs.chm – list of Windows 2000 error and event messages in Help File format.

  • Acldiag.exe – reads access control lists from AD objects and generates a report.

  • Filever.exe – Utility to report on the versions of the file structure, executable and DLL files.

  • Guid2obj.exe – translates a GUID to its distinguished name.


Suggested utilities continued l.jpg

Suggested Utilities Continued

  • Snort – free Intrustion detection system.

  • HFNetChk – inventory of security patches.

  • Qchain.exe – installs mulitple hotfixes together.

  • IIS Lockdown wizard – wizard used to lockdown IIS 4 & 5.


Microsoft security seminar l.jpg

Microsoft Security Seminar

  • Security Tool Kit (available from web site)

  • http://www.microsoft.com/security

  • Keep up to date on patches/hot fixes.

  • Have anti-virus software installed and up-to-date.

  • Use good security techniques, for example those offered by SANS step by step guides.

  • Audit your systems on a regular interval


  • Login