Installing kaspersky security center 10. Installing Kaspersky Security Center

Goal of the work.

This lab is about installing the Security Center anti-virus protection management server.

Preliminary information.

Before proceeding with the installation, you need to decide on the general deployment scenario antivirus protection. The two main scenarios offered by the Security Center developers are:

  • - deployment of anti-virus protection within the organization;
  • - deployment of anti-virus protection of the network of the client organization (used by organizations acting as service providers). The same schema can be used within an organization that has multiple remote locations, computer networks administered independently from the head office network.

In these labs, the first scenario will be implemented. If you plan to use the second one, you will additionally need to install and configure the Web-Console component. And here it is necessary to say about the architecture of the Security Center. It includes the following components:

  • 1. administration server, which performs the functions of centralized storage of information about the LC programs installed in the organization's network and their management.
  • 2. Network Agent interacts between the Administration Server and the LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
  • 3. Administration Console provides a user interface for managing the Server. The administration console is implemented as an extension component to Microsoft Management

Console (MMS). It allows you to connect to the Administration Server both locally and remotely, via a local network or via the Internet.

4. Kaspersky Security Center Web Console is designed to monitor the status of anti-virus protection of a client organization's network managed by Kaspersky Security Center. The use of this component will not be explored in this lab.

  • 1. Installing and configuring the Server and the Administration Console.
  • 2. Creation of administration groups and distribution of client computers among them.
  • 3. Remote installation of the Network Agent and anti-virus programs of the LC on client computers.
  • 4. Updating signature databases of LC programs on client computers.
  • 5. Configuring notifications about anti-virus protection events.
  • 6. Launching the on-demand scan task and checking the operation of event notifications on client computers.
  • 7. Analysis of reports.
  • 8. Customization automatic installation anti-virus programs on new computers on the network.

This lab will cover the first step. On fig. 5.35 shows a diagram of a laboratory bench that simulates a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center Administration Server and Console on the AVServ server.

Rice. 5.35.

Table 5.5

Differences in versions of the Kaspersky Security Center 9.0 distribution kit

Component

Complete

version

version

Administration Server distribution package

Distribution package of Kaspersky Endpoint Security for Windows

Network Agent distribution package

Microsoft SQL 2005 Server Express Edition

Microsoft .NET Framework 2.0 SP1

Microsoft Data Access Component 2.8

Microsoft Windows Installer 3.1

Kaspersky Security Center System Health Validator

The Security Center distribution kit can be downloaded from http://www.kaspersky.com/downloads-security-center. In this case, you can choose the version of the downloaded distribution kit - Lite or full. In table. Table 5.5 lists the distribution version differences for version 9.0, which was used in preparing the lab descriptions. To complete the laboratory, you will need the full version, since the MS DBMS will be installed along with the installation of the administration server SQL Server 2005 Express, which is used to store data on the status of anti-virus protection.

Description of work.

After completing the preparatory steps, run the Security Center installation program on the AVServ server. After the welcome window, you will be asked for a path to save the files required during the installation process, another welcome window will appear and a window with a license agreement that must be accepted to continue the installation process.

When choosing the type of installation, check the "Custom" item, which will allow you to get acquainted with the list of installed components and applied settings in detail.

If you select the "Standard" option, the wizard will install the Administration Server together with the server version of Network Agent, the Administration Console, the application management plug-ins available in the distribution package, and Microsoft SQL Server 2005 Express Edition (if it has not been installed previously).

The next step is to select the server components to be installed (Fig. 5.36). We need to install the Administration Server, and we leave a mark on this item.

Cisco NAC technology, which allows you to check the security of a mobile device or computer connecting to the network, we will not use.

Also, as part of the laboratory workshop, it is not planned to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components now.


The selected network size affects the setting of a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, even after the installation of the server.

You will also need to specify the account under which the administration server will be launched, or agree to the creation new record(Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), this window may have an option called System Account. In any case, this entry must have administrator rights, which will be required both for creating the database and for the subsequent operation of the server.

Table 5.6

Parameters set depending on the size of the network

Parameter / number of computers

100-1000

1000-5000

More

Display in the console tree of the node of subordinates and virtual Servers administration and all parameters related to slave and virtual Servers

absent

absent

present

present

Section display Safety in the properties windows of the Server and administration groups

absent

absent

present

present

Creating a Network Agent policy using the Initial Configuration Wizard

absent

absent

present

present

Random distribution of update task start time on client computers

absent

in the interval of 5 minutes

within 10 minutes

within 10 minutes

Rice. 5.37.

The next step is to select the database server to use (Figure 5.38). Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express 2005, 2008 editions) or MySQL Enterprise to store data. On fig. 5.38, A the DBMS type selection window is shown. If the MySQL server is selected, you will need to specify the name and port number for the connection.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work, we will use the recommended configuration, which implies the installation of MS SQL Server 2005 Express along with the installation of the Security Center (Fig. 5.38, b).


Rice. 5.38.

After selecting SQL Server as the DBMS to use, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

The administration server will use a shared folder to store installation packages and distribute updates. You can specify an existing folder or create a new one. The default share name is KH8NAKE.


Rice. 5.39.

You also have the option to specify the port numbers used to connect to the Security Center Server. By default, TCP port 14000 is used, and for protected using SSL protocol connections - TCP port 13000. If after installation it is not possible to connect to the administration server, it is worth checking whether these ports are blocked firewall Windows. In addition to those mentioned above, UDP port 13000 is used to send information about turning off computers to the server.

Next, you will need to specify the method for identifying the administration server. This can be an ip address, DNS names, or NetBIOS names. In used for laboratory practice virtual network a Windows domain is organized and a DNS server is present, so we will use domain names(Fig. 5.40).


Rice. 5.40.

The next window allows you to select which plugins to install to manage antivirus programs OK. Looking ahead, we can say that Kaspersky Endpoint Security 8 for Windows will be deployed, the plug-in for which we will need (Fig. 5.41).


Rice. 5.41.

After that, the selected programs and components will be installed on the server. Upon completion of the installation, the administration console will be launched or, if you unchecked the box in the last window of the installation wizard, launch it from the menu Start -> Programs-> Kaspersky Security Center.

Exercise 1.

According to the description, install the Administration Server on virtual machine AVServ.

When you launch the console, the initial configuration of the server is performed. At the first step, you can specify activation codes or license key files for anti-virus products of the LC. If you have a "corporate" key for several computers, with the default settings, the key will be automatically distributed by the server to client computers.


Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network (KSN), a remote service that provides access to the Kaspersky Lab knowledge base about the reputation of files, Internet resources, and software.

The next step is to configure settings for notifying the anti-virus protection administrator by e-mail. Must specify mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the lab does not have a suitable mail server, you can skip this step and make the settings later.

If you access the Internet through a proxy server, you will need to specify its settings. After passing through this stage, automatic creation standard policies, group tasks, and administration tasks. These will be discussed in more detail in future labs.


Rice. 5.43.

Next step - automatic start downloading updates. If the download started successfully, you can, without waiting for the end, click the "Next" button and after finishing the initial setup wizard go to the main window of the Administration Console (Fig. 5.43). It should show that there is one managed computer on the network (together with the administration server, the administration agent was installed on the AVScrv computer) on which there is no anti-virus protection. This is regarded as a critical event.

Task 2.

Complete initial setup server.

The administration console can be installed separately from the Console folder on the distribution disk by running the Setup program. If you use a distribution kit downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. The default folder is C:KSC9 ussianConsole.


Rice. 5.44.

Task 3.

Install the Security Center Administration Console on the Stationl .labs.local virtual machine. Check the ability to connect to the AVServ.labs.local server. To do this, you must specify its address or name in the console window (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).


Rice. 5.45.


Rice. 5.46.

If the connection fails, check if the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through the Control Panel: System and Security -> Windows Firewall -> Allow a program to run through windows firewall. Appropriate permission settings must be present, see fig. 5.46 (rule names remain as in previous version product - Kaspersky Administration Kit).

This material was prepared for specialists involved in the management of anti-virus protection and security in the enterprise.

This page describes and analyzes the most interesting features of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was compiled based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are undergoing the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also common for IT specialists not to know the most interesting moments in the operation of new versions of products that really help to make life easier for these same IT specialists, and at the same time increase level of security and reliability.

After reading this article and watching the videos, you will be able to briefly get acquainted with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.

1. Installing the Kaspersky Security Center 10 Administration Server.

You can find the necessary distributions on the official website of Kaspersky Lab:

ATTENTION! The distribution kit of the full version of Kaspersky Security Center already includes the distribution kit of Kaspersky Endpoint Security of the latest version.

First of all, I would like to tell you how to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from installing the administration server and the central management console of Kaspesky Security Center (KSC ). With this console, you can deploy anti-virus protection on all computers in your institution much faster. In this video you will see that after installation and minimum setting administration server KSC, it becomes possible to create an installer antivirus solution for client computers, which even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains only 2 buttons - "Install" and "Close".

The administration server itself can be installed on any computer that is always on or maximum available, this computer must be visible to other computers on the network, and Internet access is very important for it (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but of previous versions - you may hear and see something new for yourself...

LIKE THE VIDEO?
We are doing the same delivery of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab have centralized management at all, and do not know that this miracle of civilization does not have to pay anything.

In order to "link" already installed client antiviruses with the administration server, you need very little:

  • Install the administration server (The first section of this article).
  • Install the administration server agent (NetAgent) on all computers - I will talk about installation options in the attached video below.
  • After the Administration Server Agent is installed, computers, depending on your settings, will be either in the "Unassigned computers" section or in the "Managed computers" section. If the computers are in "Unassigned computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.

After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, fewer infections and less headache for the administrator.

In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.

By choosing Kaspersky Lab products, you get reliable protection IT infrastructures and the ability to control security in the company using a single convenient management console Kaspersky Security Center.

  • System administration

Review

Previously, the IT department had to work simultaneously with multiple management consoles to manage numerous security tools, as well as to perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the administrator's work.

Ease of Management
The main goal of creating Kaspersky Security Center was to simplify and speed up the process of setting up, launching and managing IT security tools and systems in a complex IT environment. A single management console helps you control all the security and system administration tools you use at Kaspersky Lab. With Kaspersky Security Center, you can control every workstation and every device on your network, centrally manage security tasks, and reduce operational costs and increase productivity.

intuitive clear interface
When developing Kaspersky Security Center, our specialists tried to provide the user with the most easy-to-use interface with well-organized dashboards.

Easy Installation
With the installation wizard, you can quickly and easily install and configure Kaspersky Lab security solutions throughout your IT environment.

Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the protection status of the corporate network.

Simple reporting
Kaspersky Security Center allows you to create and configure various protection status reports. Reports can be generated both on demand and according to a specified schedule.

Support for multi-platform environments
Running on the Windows operating system, Kaspersky Security Center supports management of many operating systems and platforms, including servers and workstations running Windows control, Linux and Novell Netware, as well as mobile devices under Android control, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone.

How to get Kaspersky Security Center

Kaspersky Security Center is included in Kaspersky TOTAL Security for Business and in all Kaspersky Endpoint Security for Business products: START, STANDARD, and ADVANCED. Kaspersky Security Center will include only those management tools that are required to work with the Kaspersky Lab product of your choice. If you decide to upgrade to more high level Kaspersky Endpoint Security for Business or up to the most complete Kaspersky TOTAL Security for Business solution, additional management tools will automatically appear in the management console of Kaspersky Security Center.

Workplace Protection Management

Installation, configuration, and management of desktop protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage and protect your business from known and emerging malware, prevent IT security risks, and reduce defense costs.

  • Antivirus protection and firewall
    Allows the administrator to audit the use of applications, allow or block their launch.
  • Whitelists
    Kaspersky Security Center provides flexible options for managing malware protection tools:
    • set and manage security policies for multiple platforms, including Windows, Linux, and Mac;
    • configure protection settings for individual devices, groups of servers and workstations;
    • perform anti-virus scans on demand and on schedule;
    • perform processing of quarantined objects;
    • manage anti-virus database updates;
    • manage cloud protection of Kaspersky Security Network;
    • configure and manage a firewall and intrusion prevention system (HIPS).
  • Application Control, Device Control and Web Control
    Centralized management of IT infrastructure allows you to create security policies and provide additional protection for valuable data. You can set rules for groups and individual users.
    • restrict the launch of unwanted applications on your network using Application Control;
    • create access rules for devices that users connect to the network, based on the type or serial number of the device, as well as on the basis of how the device is connected;
    • track and control Internet access for the entire enterprise or groups of users.
  • File server protection
    A single infected object from the network storage can infect a large number of computers. To avoid this, Kaspersky Security Center makes it possible to configure and manage all protection functions for file servers.
    • Manage malware protection for file servers running:
      • windows;
      • Linux;
      • Novell NetWare.
  • Encryption
    Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.
    • You can create comprehensive policies that control encryption, malware protection, device and software control, and other desktop security features.
    • You can create comprehensive policies that control encryption, malware protection, device and software control, and other desktop security features.
      • hard drives(encryption of files and folders or full disk encryption);
      • removable devices (encryption of files and folders or full disk encryption).

Mobile device management

need for access to corporate systems mobile devices are on the rise, and Kaspersky Security Center helps protect them and ensure the safety of using personal devices for work.

  • Mobile security management
    Kaspersky Security Center helps you deploy and configure protection for mobile devices:
    • configure mobile workspace security, including creating security policies for iOS;
    • install and update software via SMS, messages Email or through users' computers;
    • track whether all users have fully deployed protections on their devices;
    • manage access to the corporate network;
    • set policies for groups or individual users using Active Directory;
    • configure ActiveSync settings.
  • Malware Protection
    Kaspersky Lab technologies provide comprehensive protection mobile devices from malware, and Kaspersky Security Center helps to flexibly manage the functions of this protection:
    • Run on-demand and scheduled malware scans
    • use spam protection to filter out unwanted calls and text messages (except iOS).
  • Mobile Application Management
    Kaspersky Security Center allows you to control which applications can be run on a user's Android mobile device:
    • use the "Default Permission" mode to prevent only blacklisted applications from running;
    • use the "Default Deny" mode to allow only programs from the white list to run;
    • create a policy to control cases of unauthorized flashing of devices
  • Data encryption on mobile devices
    In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:
    • manage full disk encryption on iOS devices;
    • configure file and folder encryption.
  • Containers
    Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:
    • configure containers to completely isolate corporate data from personal data on the user's device;
    • manage container encryption;
    • control the access of programs to certain resources on a mobile device;
    • set restrictions on access to data;
    • use remote troubleshooting tools when you encounter problems with applications or containers.
  • Anti-thief
    Remote management using Kaspersky Security Center allows you to still control some important functions if your mobile device is lost or stolen:
    • remote blocking will prevent unauthorized access to your corporate network;
    • the search function allows you to determine the approximate location of the missing mobile device;
    • The cleanup feature gives you the choice of deleting corporate data or resetting to factory settings.

When you purchase Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Security for Mobile, all mobile device management capabilities will be available in Kaspersky Security Center. Thus, you can use a single console to manage your mobile devices, protect workplaces, and many other Kaspersky Lab technologies.

System administration tools

In addition to detailed control over IT infrastructure security, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and allow you to increase productivity and reduce operational costs.

  • OS and Software Deployment
    Kaspersky Security Center allows you to manage OS and application images: create, quickly copy and deploy.
  • Software installation
    The remote software installation feature in Kaspersky Security Center saves administrators time and helps reduce the amount of traffic transmitted over the corporate network.
    • software deployment on demand or on schedule.
    • Using dedicated update servers
  • License management and inventory of hardware and software tools
    Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:
    • Keep track of all devices on your network with automatic hardware inventory;
    • Monitor application usage and track license update issues using summary reports generated by Kaspersky Security Center.
  • Vulnerability monitoring
    After a hardware and software inventory, you can scan for vulnerabilities in operating systems and applications that have not been patched:
    • generate detailed reports on vulnerabilities;
    • perform vulnerability assessments and prioritize patching.
  • Patch management
    After discovering vulnerabilities, you can effectively organize the distribution of the most important patches using Kaspersky Security Center:
    • manage the download of patches from Kaspersky Lab servers;
    • manage the installation of Microsoft updates and patches on computers on your network.
  • Network access control
    Network access control not only provides automatic discovery of devices in the corporate network, but also simplifies the setting of policies for guest mobile devices:
    • manage policies for granting access to your corporate network from various devices;
    • manage guest access to the Internet and corporate network resources.

All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Systems Management.

Full list of supported applications:

Kaspersky Security Center manages the operation of the following Kaspersky Lab solutions for protection against information threats:

  • mobile device protection:
    • Kaspersky Endpoint Security for Smartphone
  • workstation protection:
    • Kaspersky Endpoint Security for Linux
    • Kaspersky Endpoint Security for Mac
    • Kaspersky Anti-Virus 6.0 for WindowsWorkstationsMP4
    • Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
  • server protection:
    • New! Kaspersky Endpoint Security for Windows
    • Kaspersky Anti-Virus for Windows Servers Enterprise Edition
    • Kaspersky Anti-Virus for Storage Systems
    • Kaspersky Anti-Virus for Linux File Server
    • Kaspersky Anti-Virus 6.0 for Windows Servers MP4
    • Kaspersky Anti-Virus 5.7 for Novell NetWare
  • protection of virtual environments:
    • New! Kaspersky Security for Virtualization

Please note that some versions of security solutions for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations running Linux, are still supported using Kaspersky Administration Kit, the previous version of the centralized protection management tool.

System requirements

Administration Server

Software requirements: Hardware requirements:
  • Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0
  • Microsoft® Windows® Installer 4.5 (for Windows Server® 2008 / Windows Vista®)
    		•
    Database management system:
  • Microsoft® SQL Server Express 2005, 2008
  • Microsoft® SQL Server® 2005, 2008, 2008 R2
  • MySQL Enterprise
    		•
    32-bit OS:
  • 512 MB RAM
    		•
    64-bit OS:
  • Windows Server 2003
    		•
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration Console

    Software requirements: Hardware requirements:
  • Microsoft® Management Console 2.0 or later
  • Microsoft® Internet Explorer® 8.0
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • processor with a frequency of 1 GHz or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • processor with a frequency of 1.4 GHz or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration Web Console Server

    Software requirements: Hardware requirements:
  • Webserver: Apache 2.2
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008 (including Core mode)
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • processor with a frequency of 1 GHz or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008 and Core mode)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011 and Core mode)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • processor with a frequency of 1.4 GHz or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Kaspersky TOTAL Security for Business includes all features of Kaspersky Security Center. When using other Kaspersky Lab products, the set of Kaspersky Security Center features will depend on the functionality of the selected solution.

    New Web Console

    The main advantages of the Web Console compared to MMC:

    Does not require client-side installation, only a web browser is needed

    Since you only need a browser, it does not matter which operating system

    If you work on a mobile device, you can view reports directly from the beach

    The Web Console supports the User-Centric model, that is, the administrator assigns the policy not to the device, but to the user. The user-centric management model works if devices are assigned owners in AD. The KSC will be able to retrieve this information and assign policy profiles to device owners instead of devices. The old Device-Centric management model, where policy profiles were assigned to devices, remains available and applied by default.

    Web Console is a separate distribution. It can be installed both on a computer with KSC and on a separate computer.

    Interaction scheme:

    The Web Console is a web server based on the Node.js platform.

    The server part of the Web Console connects to the KSC using the new KSC Open API protocol based on HTTPs. The client part is a SPA (Single Page Application).

    In its simplest form, a SPA is a web application whose components are loaded once per page, and the content is loaded as needed. Those. when we click on any interface element in the Web Console, JavaScript is launched, which loads the modules and renders what we requested. And everything will look as if we have moved to another page.

    Change in the interface of the MMC administration console

    There are several new nodes in the console tree:

    Multitenant applications - LC applications that have Multitenancy support functionality, for example, KSV, can get here.

    Deleted objects - deleted entities such as tasks, policies, installation packages get here

    Triggering of rules in Smart Training mode - information about triggering rules in training mode for the new AAC component is included here

    Active threats (formerly known as Unprocessed files)

    So, what can get into the Deleted objects node. All entities that have the Revisions section in their properties end up in the Deleted objects node after being deleted.

    Namely: - Policies - Tasks - Installation packages - Virtual Administration Servers - Users - Security groups - Administration groups

    We can say that this is an analogue of the Recycle Bin in Windows.

    Common and through forKSC subnet list

    In KSC, subnets can be used in multiple locations. For example, in the properties of KSC, when we want to limit the transmission of traffic in time. In the Agent's policy, when setting up connection profiles.

    In KSC 10, you had to set subnet parameters separately in each of these places, which was not very convenient.

    In KSC 11, a new section appeared in the Administration Server properties, where you can specify a list of subnets within an organization once, and this list will be available anywhere in KSC where a subnet must be selected as a parameter.

    Installation package: protection level indicator

    The KES 11.1 installation package in KSC 11 no longer has installation options.

    On the other hand, we added a protection indicator to the properties of the installation package; previously, such an indicator was only in the policy. If the administrator decides to disable the installation of an important component of KES 11.1, the indicator will change color. You can also see what influenced the change in the protection level.

    KSC 11 : supportdiff - update files

    Update servers store several sets of databases, complete and so-called diff files (difference (delta) between the current and previous update). Diffs can be daily or weekly. KSC 10 was able to download only the full set of bases, now it can download both sets, full and diffs.

    The paradox is that KES has been able to work with diffs for a long time, but only when updating from the Internet, now KES can use diffs when updating from KSC. This will significantly reduce internal traffic many times over.

    Network Agents: Supportdiff - update files

    The option to download updates in advance (offline update mode) is enabled in the default Agent policy

    Retransmission of Diff files does not work when offline update mode is enabled

    Diff files will not be transferred to older versions of Agents

    BUT! In the properties of the Network Agent, there is an option "Download updates from KSC in advance". So if this option is enabled, and it is enabled by default, then KES will be updated the old fashioned way without using diffs.

    KSC 11 Update Agents

    Update Agents are now also able to distribute DIFF update files.

    In addition, they can now act as a KSN Proxy and can redirect KSN requests from protected devices to the Administration Server or directly to global KSN servers.

    updateAgent: support for 10,000 nodes

    By default, KSC assigns Update Agents automatically.

    In KSC 10, if the administrator wanted to assign an Update Agent manually, then in large networks this caused inconvenience. Why? Because before one Update Agent could support up to 500 hosts. And if there are several thousand hosts in the network, then many Update Agents had to be assigned to cover the entire network. In addition, not every computer can become an Update Agent, it must meet certain system requirements.

    In general, manually assigning an Update Agent in large networks used to be a daunting task.

    Now this problem has disappeared, because. now one Update Agent supports up to 10,000 hosts.

    Since the number of supported hosts has increased, the system requirements to a computer that can be assigned an Update Agent (CPU frequency 3.6GHz or higher, RAM 8GB or more, Free disk space 120GB or more)

    FolderKLSHARE has moved: C:\ProgramData\KasperskyLab\adminkit\1093\.working\share\

    KSC 11: Plugin Backwards Compatibility KES

    KSC11 introduces backwards compatibility of KES plugins.

    Previously, if different versions of KES were used on the network, then the administrator had to maintain separate sets of policies and tasks for each version. Now, the policies and objectives of KES 11.1 will also apply to KES 11.

    KSC 11: remote installation

    A new section has appeared in the remote installation wizard - Behavior for devices managed through other Administration Servers.

    If there are multiple KSC servers on the network, they can see the same devices. This option allows you to avoid installation on a device that is connected to another KSC.

    KSC 11: Improvements inRBAC

    First, RBAC no longer requires a license for the Administration Server.

    Secondly, new roles have appeared: - Auditor - Security Officer - Supervisor. By default, they are not assigned to anyone.

    Thirdly, it became possible to retransmit the list of roles to slave Administration Servers. Previously, you had to work with roles separately on each Server, which was not very convenient. Now you can create and configure roles in one place on the Main Administration Server and move them down the hierarchy.

    KSC 11: new reports

    Report on the status of application components– allows the administrator to visually understand where which components are installed and their current status. This is important information, because an installed but not running component reduces the effectiveness of the protection of the end node. Previously, the administrator did not have the opportunity to view the status of KES components in one place on all devices at once. To find out which components are installed and running, I had to look at each host separately, which was inconvenient and time consuming.

    If necessary, based on this report, you can build detailed reports on individual components, for example, to see where the Endpoint Sensor is installed.

    reportonthreatdetectiondistributedbycomponentanddetectiontechnology- information about which particular protection component detected the threat and with the help of which technology. This allows you to visually show the work of detecting technologies and the usefulness of protection components.

    Integration withSIEM via syslog

    You no longer need a license to send events from the KSC to the SIEM system using the syslog protocol.

    But this only applies to Syslog, integration with ArcSight, QRadar and Splunk still requires a license!

    Update installation diagnosticsWindows

    This option automatically enables Network Agent tracing. Trace files are stored in the folder - %WINDIR%\Temp

    TOTALKSC 11 :

    A full-fledged KSC Web Console has appeared

    Implemented support for DIFF update files

    Implemented support for backward compatibility of KES plugins

    Update Agents can act as a KSN proxy and support up to 10,000 nodes

    Adding new roles to RBAC does not require a KSC license

    New reports added

    Integration with SIEM systems via syslog no longer requires a license

    Extended installation diagnostics Windows updates

    How more network, the more System Administrator(or IT department) is trying to automate the management of software products. Antivirus software is no exception in this regard.

    Many antivirus vendors have tools in their arsenal remote administration, today we will talk about similar decision from Kaspersky Lab.

    In general, Kaspersky Security Center is a rather serious application, which cannot be described in one article. Therefore, in this article we will analyze only its deployment.

    You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote server administration, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communicating anti-virus software with the server.

    The server itself needs to be deployed only on operating systems of the Windows family. Moreover, the presence of the server edition is optional. Systems from XP and above are supported, but only in Professional/Enterprise/Ultimate editions. A complete list of supported systems can be found on the website.

    In addition, the server needs MS SQL or MySQL (remote as well). If there is no ready-made database server at hand, the installer of Kaspersky Security Center will install MS SQL Express which is sufficient for most organizations.

    So, to deploy the server, download and run the installation file (I recommend downloading the full distribution). As a test bench, we have chosen a computer with the Windows Server 2012 R2 operating system.

    You will see a convenient menu in which we are now interested in the "Install Kaspersky Security Center 10" item.

    After starting the installation, you will be prompted to accept the license agreement, as well as select the type of installation. For better control over the installation process, we note the custom installation.

    If there are mobile devices on the network, you can install a separate component to manage their protection.

    Specify the size of your network. This point, however, does not carry any important determining force.

    Next, the installation program will ask which user to run the Administration Server service under. You can specify an existing user with admin rights, or let the installer create a new one.

    The next step is to select a database server. As already mentioned, there are two options here - MS SQL or MySQL. If you do not have a ready server, Kaspersky Security Center will carefully deploy MS SQL Express.

    At this step in the installation process, you may be in for a little surprise if you do not have the .NET Framework 3.5 SP 1 installed on your system.

    In Windows Server .NET Framework 3.5 SP 1 is built in as a feature and only needs to be enabled. If you do not have a server operating system, then you need to go to the Microsoft website and download the installer.

    Consider the option of enabling a feature in Windows Server. To do this, open Server Manager and select "Add Roles and Features".

    A wizard will start in which we need to indicate that we are going to install roles or features.


    Add Roles and Features Wizard in Windows Server

    We select our server and skip the selection of roles. In the list of components we find the Functions of the .NET Framework 3.5 and tick them.


    Adding a Feature to Windows Server

    After that, we will return to installing Kaspersky Security Center directly.

    We need to select the SQL authentication mode. It can be as a separate Account, as well as the current one.

    The Kaspersky Security Center Server needs a shared folder, which could be accessed by client computers to receive updates and installation packages. Can create new folder or specify an existing one.

    Specify the ports through which we will connect to the administration server.

    Specify the address of the server on the network. If the server has and will have a static IP address, you can limit it. But still it is more convenient to determine the server by name.

    The last step before installation is to select the necessary plugins. Plugins allow you to manage various Kaspersky Lab anti-virus products. This is useful if you have a whole "zoo" of versions. Plugins can also be installed later.

    Now it remains only to observe the installation process. Sometimes plugins require you to accept a separate license agreement.

    Installation of Kaspersky Security Center is completed.

    Now let's go over the initial server setup. The administration console installed with the server looks like this:


    Administration Console of Kaspersky Security Center

    The console can also be installed separately. And it is even necessary not to go to the server every time for routine actions.

    Servers are listed in the left column. So far, there is only our newly created server. If you are administering several servers, then simply click Add Administration Server.

    So, click on the server you just created and the First Time Setup Wizard will launch. You will be asked to activate the program using a code or key. However, this can be done later.

    In addition, the master will ask for your consent to participate in Kaspersky security network. In fact, this is another spy on your computers that sends information to Kaspersky Lab about what resources you access and where you catch the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for the end user, the meaning of participation in such a program is doubtful.

    You will also be asked to provide mailboxes for notifications from the Kaspersky Security Center server. This step can be skipped.

    After all these steps, the server will start downloading latest versions updates from the network. In the future, it will be possible to configure not the Kaspersky Lab server on the Internet as the update source, but a higher-level server, if there are several of them in your network.

    After downloading updates and polling the network, the wizard will display a message about successful completion and prompts you to run the protection deployment wizard on workstations.

    We will talk about deploying protection on workstations in.



    Loading...
    Top