PC MANAGER MEETING January 23, 2008. Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.

Slides:

Advertisements

Similar presentations

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

Advertisements

Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.

1 Anti Virus System i-Specific Anti-Virus Product.

Installation and Deployment in Microsoft Dynamics CRM 4.0

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Maintaining and Updating Windows Server 2008

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”

SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –

PC Manager Meeting January 25, Today Updates –Next Meeting –Meeting Maker Upgrade –Windows Policy –Training –Licensing –Security –Tool Of The Month.

Microsoft ® Official Course Module 9 Configuring Applications.

FNAL Configuration Management Jack Schmidt Cyber Security Workshop May th 2006.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Small Business Edition 4 C707 – Technical overview.

Information Technology at Emory Information Technology Division Technical Services IT Briefing Agenda 7/15/04 PS Support Overview June Action Items TS.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

Chapter 7 Microsoft Windows XP. Windows XP Versions XP Home XP Home XP Professional XP Professional XP Professional 64-Bit XP Professional 64-Bit XP Media.

Introducing, Installing, and Upgrading Windows 7 Lesson 7.

Using Microsoft Network Access Protection to test Dr.Web anti-virus software The workstations successfully checked by NAP can be used in a corporate network.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter Fourteen Windows XP Professional Fault Tolerance.

CSI-E Computer Security Investigator – Enterprise.

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

September 29, 2009Computer Security Awareness Day1 Fermilab.

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

PC Manager Meeting January 24, Today Updates –Next Meeting –Listserv Upgrade –Licenses –Security Updates This Month: – Training (Sara Webber) –

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Course ILT Routine maintenance Unit objectives Discuss the necessity of applying software patches and fixes Discuss viruses and anti-virus strategy.

ICT development office ICT research, planning and training dept. Network development and administration dept. System development and operation dept. President.

1 Anti Virus IBM i Anti-Virus Product. 2 Reality of Virus, Worms Malware.

Information Technology at Emory Information Technology Division Technical Services IT Briefing Agenda 5/19/05 Dell Update Manage IT Update Exchange Update.

W2K Migration Status Report W2k Migration Working Group February 21, 2001.

NetTech Solutions Protecting the Computer Lesson 10.

Module 10: Implementing Administrative Templates and Audit Policy.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Mac Fermilab Name: Ben Segbawu Fermi National Accelerator Laboratory Computer Services Specialist May

Maintaining and Updating Windows Server 2008 Lesson 8.

Meeting Maker – Computing Division Scheduling Calendar Jack Schmidt, John Bellendir June 2 nd, 2005.

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

Computing Division Helpdesk Activity Report Rick Thies October 10, 2006.

PC Manager Meeting May 25, Today Updates Next Meeting Security Meeting Maker Update This Month: What SMS Can Do For You – Cele Bruce.

PC Manager Meeting February 23, Today Updates Next Meeting Windows Policy Security This Month: Lessons Learned: Building the Symantec Patch (Andy.

Al Lilianstrom CD/LSC/SOS/ESG  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions.

Anti Virus System i-Specific Anti-Virus Product

System Center 2012 Configuration Manager

Unit 10 NT1330 Client-Server Networking II Date: 8/16/2016

IT Development Initiative: Status and Next Steps

Information Security Session October 24, 2005

IT Development Initiative: Status & Next Steps

Bethesda Cybersecurity Club

Module 1: Overview of Systems Management Server 2003

Microsoft Virtual Academy

SBS 2008 – One year on David Overton

Presentation transcript:

PC MANAGER MEETING January 23, 2008

Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review

Next Meeting  Feb 20 th  Week Early!  Andy Rader – Talk on Networking diagnostic tools

Training  Office 2007 classes?  Pidgin classes

Windows Policy  Exemption Requests  Reviewing Captive and Service account definitions.  Moving to new forms software  Beta Service Packs/OSes and the Fermi Domain  No! Naada! Bad System Admin!

Main Topic  Windows AV Service Review  Why The Review?  Baseline Requirements  Current Implementation  Open Discussion regarding service

Why The Review?  AV Service has been available for over 1 year in present state  AV Baseline states: “All systems connected to the Fermilab network must follow the appropriate FNAL operating system or application baseline requirements for Anti Virus services.” …updating OSX and Linux baselines…

Baseline Requirements  Major Application  The service must be defined in a Moderate level Major Application  Support  99.9% uptime for both server hardware and software  Contingency plan outlining client maintenance for extended outages  24 x7 emergency signature update push and manual scans

Baseline Requirements  Server Updates  Signature/threat updates and program updates from Service Provider minimum 4 times per day  Logging Information  Clients and server must retain logging and history data for 30 days.  AV Service must interface with the Fermi Enterprise Management System  AV System must participate in central logging, alert and notification systems

Baseline Requirements  FNAL Managed Client Settings  Signature and program updates check FNAL AV Service or Service Provider minimum 2 times per day If FNAL Service is unavailable or client cannot access FNAL network, client must automatically check Service Provider  Clients must be configured for a full scan weekly. Cancelled or failed scans must be logged to the central AV Service.  Scans should check for spyware and adware  The software should attempt to clean the infection then quarantine it

Baseline Requirements  Real time protection must be enabled, but exclusions may be defined for special cases  Alerts must be generated to the local client and to the AV service  Clients must report virus scanning activity and alerts to the central AV service in real time.

Current Implementation  Ken Fidler

Antivirus – Central Facility  To support the majority of the Lab we have a Windows Cluster to run the Central AV infrastructure  A Central AV report server with a SQL database is also used to consolidate data from Beams and our servers  Custom code was created to enhance the central reports and alerting

PRT-AV-CLUST

Antivirus – Alert Flow Client Central AV Server CLOGGER Cd-sav-rpt \\prt-av- clust\av_logs Listserv Alerts sql Virus Definitions

Antivirus - Interfaces  Various tools/interfaces are available to Desktop Admins  System Center Console  Central AV Report Server  Client Logs  Alerts  Activity logs

Antivirus – Central Console

Central Report Server

Antivirus – Mail Lists  ---- Warning  '  A VIRUS was reported to our Central anti-virus facility.  '  Alert: Risk Repaired  Computer: Bobs-pc  Date: 1/20/2008  Time: 1:53:50 PM  Severity: Warning  Source: “C:\users\bob\mydocs\Diablo II\diablo2noCD108all\DLoad.exe"  User: bob-admin  Action Taken: "Leave Alone"  Virus that was found: "Backdoor.Graybird"  '

Antivirus – Mail Lists  Allows us to target key desktop support groups for their supported systems  Each major group has an assigned mail list  AV-ALERT-xx  All alerts go to the master list  AV-ALERT-ALL  Mail lists are archived  Mail Lists can be configured for Digest

Antivirus - Log files

Antivirus - Logs

Antivirus - History  CD has been using Symantec (formerly Norton) AV software since 1998  Initially AV software only on Servers  Besides CD, CD also supported Directorate, CDF, ESH, FESS, and LSS (now WDRS)  Individual Dept servers were the AV Parent Servers

Antivirus – SAV version 10  Symantec announces version 10 in Spring 2005  Version 10 had built-in features to report and centralize services  CD began plans to build a centralized AV system  CD worked with CST on our configuration (many DOE audits underway)

Antivirus – Upgrade to Ver. 10  Summer Setup new central cluster  FALL Created central log files, and alert system to accommodate various desktop support groups  Early Migrated CD, Directorate, ESH, FESS, LSS (now WDRS)  March Symantec announces 10.1 – (Central Report Server)

Antivirus – SAV 10.1  Summer 2006 – Began migration to 10.1 and migrated PPD, TD, and Dzero to our central facility  Summer 2006 – Began testing Report Server  Fall 2006 – Migration complete  Early 2007 – Production Report Server activated with Beams AV connected in  Late Symantec announces version 11

Antivirus – Documentation  AV Baseline cd-doc-1460  Major Application  AV Risk Assessment cd-doc-1529  AV Contingency Plan cd-doc-1531  AV Security Plan cd-doc-1530  Central AV Website 

Open Discussion  Some Thoughts  Apply policies based on Active Directory structure  Delegation of console interface  Small footprint  One package/console for all supported OS  Likes  Dislikes  Suggestions?