Windows anti virus and security l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Windows Anti-virus and Security PowerPoint PPT Presentation

Windows Anti-virus and Security WNUG Meeting 2-7-2002 Anti-virus Overview New License information ASU Current Protection Best Practices Wireless Product New Tools for Management Security Overview SANS best Practices Windows NT Windows 2000 Tools to Assist with Securit

Download Presentation

Windows Anti-virus and Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Windows anti virus and security l.jpg

Windows Anti-virus and Security

WNUG Meeting 2-7-2002


Anti virus overview l.jpg

Anti-virus Overview

  • New License information

  • ASU Current Protection

  • Best Practices

  • Wireless Product

  • New Tools for Management


Security overview l.jpg

Security Overview

  • SANS best Practices

    • Windows NT

    • Windows 2000

  • Tools to Assist with Securit

  • Information from Microsoft Security Seminar


Anti virus license update l.jpg

Anti-virus License Update

  • A new license with NAI has been signed for another 2 years.

  • All Current products are again covered.

  • We need a better idea of the number of clients we have.


Asu current protection plan l.jpg

ASU Current Protection Plan

  • ASU Post Office and Exchange servers are running GroupShield from NAI.

  • Workstations running VirusScan or Virex.

  • Servers running NetShield (both Netware and Windows)

  • Addition of new management tools (ePO)


Anti virus best practices l.jpg

Anti-virus Best Practices

  • Always have the latest sdat installed.

  • Use the most current version of the software.

  • Never EVER open attachments that are not confirmed or expected.

  • The following settings are recommended:

    • Install system, email, and download scan.

    • Scan all files even compressed.

    • Always have heuristics turned on for both macro and program scanning.

    • With email scan, scan all attachments even compressed ones.


Wireless product l.jpg

Wireless Product

  • Supports Palm OS, Pocket PC, Windows CE, and Symbian EPOC operating systems.

  • Handheld devices are scanned on synchronization.


Wireless continued l.jpg

Wireless Continued

  • Use the Configured Auto Update in the software.

  • On the Advanced Tab select the last two options. There are no defaults on the screen by default.

  • Also under the Log Activity Tab, select verbose logs. This aids in troubleshooting later.


Anti virus management tools l.jpg

Anti-virus Management Tools

  • ePolicy Orchestrator

  • Installation Designer


Epolicy orchestrator l.jpg

ePolicy Orchestrator

  • Repository for anti-virus software software.

  • Centralized anti-virus software installation.

  • Admin be able to view the state of anti-virus software on all computers on the network which have an agent.

  • Has support for multiple service providers.

  • Comprehensive reporting on anti-virus software activity.

  • Default reports that can be customized.

  • Replaces Management Console.


Epo default reports l.jpg

ePO Default Reports

  • Agent to Server Connect Interval

  • DAT deployment Summary

  • DAT/Engine Coverage

  • Engine Deployment Summary

  • Machines with no AV Protection

  • Machines without ePO Agent Installed

  • Product Protection Summary

  • ePO Agent Versions

  • Infection Reports

  • Top Ten Reports

  • Detection Reports


Installation designer l.jpg

Installation Designer

  • Utility to pre-configure VirusScan or NetShield for installation on another computer.

  • GUI utility

  • Pre-set any install time options.

  • Select additional files to copy to the system during installation.

  • Set Registry Keys.

  • Install other .DAT files other than those shipped with the product.


Sans documents l.jpg

SANS Documents

  • Windows NT

    • Phase 1: Setting up the machine

    • Phase 2: Safe File system and Creation of ERD

    • Phase 3: Setting Registry keys

    • Phase 4: Strong Password controls and Account policies

    • Phase 5: Auditing

    • Phase 6: Networking and Internet Security

    • Phase 7: Monitoring and updating Security


Sans documents continued l.jpg

SANS Documents Continued

  • Windows 2000

    • Same general guidelines from the Windows NT document.

      • Disable any unused services

      • Secure any remote control programs


Suggested utilities l.jpg

Suggested Utilities

  • Dumpchk.exe – provides dump file validation and analysis

  • Memsnap.exe – produces a picture of memory usage by all processes and writes a log file.

  • Poolmon.exe – used to detect memory leaks.

  • W2000msgs.chm – list of Windows 2000 error and event messages in Help File format.

  • Acldiag.exe – reads access control lists from AD objects and generates a report.

  • Filever.exe – Utility to report on the versions of the file structure, executable and DLL files.

  • Guid2obj.exe – translates a GUID to its distinguished name.


Suggested utilities continued l.jpg

Suggested Utilities Continued

  • Snort – free Intrustion detection system.

  • HFNetChk – inventory of security patches.

  • Qchain.exe – installs mulitple hotfixes together.

  • IIS Lockdown wizard – wizard used to lockdown IIS 4 & 5.


Microsoft security seminar l.jpg

Microsoft Security Seminar

  • Security Tool Kit (available from web site)

  • http://www.microsoft.com/security

  • Keep up to date on patches/hot fixes.

  • Have anti-virus software installed and up-to-date.

  • Use good security techniques, for example those offered by SANS step by step guides.

  • Audit your systems on a regular interval


  • Login