Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Kaspersky Security center 10 documentation
1. 1 | P a g e
Contents
Introduction................................................................................................................................2
Licensing and Activation ...........................................................................................................2
Architecture................................................................................................................................3
A. Network Agents...........................................................................................................3
B. Administration Console...............................................................................................3
C. Administration Server .................................................................................................3
D. Database ......................................................................................................................3
Management Tools.....................................................................................................................4
A. Tasks............................................................................................................................4
B. Commands...................................................................................................................4
C. Policies ........................................................................................................................5
D. Groups and selections..................................................................................................5
System Requirements for Administration Server ......................................................................5
Software requirements ...........................................................................................................5
Ports used by Kaspersky Security Centre 10 .........................................................................6
Hardware requirements..........................................................................................................7
Security Center Initial Deployment ...........................................................................................8
Installation process.................................................................................................................8
Remote Deployment of Kaspersky Endpoint Security for Business .......................................24
Phase 1: Creating Groups.....................................................................................................25
Phase 2: Discovering and adding client computers to groups .............................................29
Phase 3: Automatic Installation of KSC Network Agent +KSE..........................................32
Creating Polices .......................................................................................................................36
Creating a Task:........................................................................................................................62
1- Update antivirus definitions.............................................................................................62
2- Virus scanning .................................................................................................................67
2. 2 | P a g e
Introduction
Kaspersky Security Center 10 Service Pack 1 Maintenance Release 2 offers the ability to manage
multiple operating systems and device types in one integrated platform. The security administrator can
manage the all Windows Desktops and Servers,OSx, Linux, Novell, VMware,iOS, Android, Symbian
and Windows Mobile devices from a single unified console.
This document is intended to provide guidance to successfully test Kaspersky Security Center 10 SP1
MR 2 and its managed components successfully in a controlled manner.
Licensing and Activation
The new licensing scheme offers the following options:
A. Kaspersky Endpoint Security for Business Core allows using all protection components of
Kaspersky Endpoint Security 10 for Windows, except for encryption and control components.
It covers the components installed as part of Basic installation on workstations. In Kaspersky
Security Center 10, the Core option provides the protection functionality, except for new
features - system management and mobile device management.
B. Kaspersky Endpoint Security for Business Select allows using all protection components of
Kaspersky Endpoint Security 10 for Windows, except for encryption. It covers the components
installed as part of Standard installation, both on workstations and file servers. Kaspersky
Security 10 for Mobile is also supported. In Kaspersky Security Center 10, the Select option
provides the standard protection features and mobile device management.
C. Kaspersky Endpoint Security for Business Advanced in Kaspersky Endpoint Security 10 for
Windows allows using all protection components, including encryption. It covers the
components installed as part of Full installation, both on workstations and file servers.
KasperskySecurity 10 for Mobile is also supported. In KasperskySecurity Center10 SP1MR2,
the Advanced option provides encryption and system management, in addition to features
covered by the Select option.
3. 3 | P a g e
Architecture
A. Network Agents
An agent is a link between the central point (Administration Server) and anti-virus installed on a
workstation. It receives settings and commands for the anti-virus and is responsible for their execution.
It is also responsible for receiving the data necessary for the anti-virus, in particular, for updates.
In the opposite direction, from the anti-virus to the central point (Administration Server), the agent
relays the current anti-virus status, command execution results and other information that may interest
the administrator.
B. Administration Console
Console is the interface of the management system. The administrator uses the console to examine
managed computers’ status,modify their settings, and run commands. The administrator communicates
with Kaspersky Security Center via the console.
C. Administration Server
Server is the core component of the management system that provides data storing and routing. The
server stores the settings specified by the administrator for all anti-viruses, receives from the agents’
information on computers’ protection status, and transmits administrator’s commands. The server also
processes information. If the administrator needs a report, not just list of events,Administration Server
operates data and transfers the report to be displayed in the console.
D. Database
Administration Server stores some information in the database. In particular, all events received from
the computers, and management system events. The database stores not all system information. For
example, anti-virus settings are stored asfiles in the Administration Serverfolder of KasperskySecurity
Center.
E. All together
All Kaspersky Security Center components are connected and work via the Administration Server. The
Serverimplements all centralized management functions. The administrator usesthese Serverfunctions
via the Console. Network Agents perform these functions at network computers.
4. 4 | P a g e
Management Tools
A. Tasks
Tasksare used for performing actions that have a clear startand logical finish. For example, on-demand
scanning. It has a list of objects to be scanned; when started,scans these objects one by one and finishes
when all objects are scanned. According to the same principle, updating is a task: when started,
connection to the update source is established, the list of available updates and the updates are
downloaded. The operation finishes when the downloaded updates are deployed. As a tool for managing
actions that have a distinct start,a task has a schedule. As a tool for managing computer groups, a task
has its scope—the list of computers where it is to be run.
B. Commands
Unlike a task that is finished sometime after it starts, a command is an action that is performed virtually
instantly and whose result is important immediately. Running a command can be delayed for the time
5. 5 | P a g e
necessaryfordelivering the command to the computer, but whenthe command is received,it is executed
immediately. For example, computer connection check is a command. Immediate result—the
connection is either established or not. Running a task manually is also a command. Result—the task is
either running or returns an error. As a command’s result is important immediately, commands have no
schedule, they are always run manually. As a centralized management tool, a command has a scope just
like a task.
C. Policies
A policy defines permanent anti-virus properties: for example, rules for processing network
connections, report storing time, heuristics level. A policy is, in a sense, the main tool for protection
management, as it is in policy where permanent computer protection parameters are specified. A policy
hasno schedule. Anti-virus properties defined by a policy are valid until the policy is changed.A policy,
as a task, has a scope.
D. Groupsand selections
A group is a permanent set of computers. Groups are mainly used for defining policy scope: a collection
of computers sharing a common policy is a group. As only one policy can be applied to a computer, a
computer cannot be included in two groups. Not only a policy, but also tasks may be applied to a group.
In addition to groups, Kaspersky Security Center features selections—situational sets of computers
having common characteristics. For example, computers running Windows XP or computers where
threats were detected over the last 24 hours. A selection can be used as a task or command scope.
Policies do not apply to selections.
System Requirements for AdministrationServer
Softwarerequirements
The supported operating systems and requirements for them are listed below:
Windows Server 2003
Windows Server 2003 x64
Windows Server 2008
Windows Server 2008 (kernel-mode )
Windows Server 2008 x64 Service Pack 1 (Windows Installer 4.5 is necessary)
Windows Server 2008 R2
Windows Server 2008 R2 (kernel-mode )
Windows XP Professional Service Pack 2
Windows XP Professional x64
Windows Vista Service Pack 1
Windows Vista x64 Service Pack 1 (Windows Installer 4.5 is necessary)
Windows 7
Windows 7 x64
In addition to the operating system, the following software is necessary:
6. 6 | P a g e
Microsoft.NET Framework 2.0 (is included in the distribution kit)
Microsoft Data AccessComponents 2.8 (is included in the distribution kit)
Ports used by Kaspersky Security Centre10
To ensure that Kaspersky Security Center 10 SP1 MR2 components are functioning correctly,
following ports, described in table below, should be open. These are default ports and most of them
could be changed.
7. 7 | P a g e
Notice: In case of externalSQL server TCP 1433 and UDP 1434 ports will be used.
Hardwarerequirements
Minimum hardware requirements are as follows:
CPU:Intel Pentium® 1 GHz or higher (1.4 GHz is the minimum for a 64-bit OS)
RAM: 4 GB
Free disk space:10 GB (When using the Systems Management functionality, at least 100 GB
of free disk space should be available).
8. 8 | P a g e
Security Center Initial Deployment
Installation process
Installation can be either custom or typical. During the typical installation, the administrator is
prompted to:
Accept the license agreement for Kaspersky Security Center
Select installation type (Typical)
Specify network size
Accept the license agreement for Kaspersky Endpoint Security (is necessary to install its
plug-in)
Four options are represented for the network size:
Less than 100 computers on network
From 100 to 1000 computers in the network
From 1000 to 5000 computers on network
More than 5000 computers on network
10. 10 | P a g e
2- Accept the End User License Agreement
11. 11 | P a g e
3- Select the custom installation
12. 12 | P a g e
4- If you plan to manage mobile devices or integrate with Cisco NAC,select the
relevant modules:
13. 13 | P a g e
5- Choose the size of your environment:
14. 14 | P a g e
6- Allow Security Center setup to create an administrative account or select an existing
administrator from Active Directory:
15. 15 | P a g e
7- Specify an account for Kaspersky Security Center services :
16. 16 | P a g e
8- Select the type of database to be used - We choose SQL database:
17. 17 | P a g e
9- Select SQL authentication mode:
18. 18 | P a g e
Kaspersky Security Center will create a networked shared folder for things like standalone
installation packages; you can modify the location of that folder here:
19. 19 | P a g e
By default, the Kaspersky Network Agent will communicate over ports 13,000 and 14,000
you have the options of changing this default:
20. 20 | P a g e
Select how you wish the server to be identified. It is recommended to use a static IP address to
avoid DNS resolution issues, handle split domain environments, and deploy Kaspersky Security
for Virtualization and Mobile Device Management most effectively:
21. 21 | P a g e
10- Select application plug-ins to manage Kaspersky applications for the operating
system you want to protect:
23. 23 | P a g e
Wait till the installation complete:
24. 24 | P a g e
Finalize the installation:
Launch Kaspersky Security Center from the Start Menu, and follow the prompts of the Quick Start
Wizard. During this process, the initial virus definition database download will begin and will take
severalminutes to complete, depending on your internet connection speed. At this point, the initial
installation of the management is considered to be complete.
Remote Deployment ofKaspersky Endpoint Security for Business
Requirements for Client Computers:
Necessary Firewall Ports are open: TCP: 139, 445 UDP: 137, 138 orFirewall is turned off.
25. 25 | P a g e
Phase 1: Creating Groups
Step 1: Go to the “Tasks” tab in the “Managed Computers” group or to the desired sub-group
and create a new task. In our situation, we created nine groups, one for each school:
- Yasmina School
- Al Bateen,School
- Al Mamoura School
- Al Mushrif School
- Al muna Primary School
- PearlPrimary School
- West Yas School
- Al ain International School
- HQ Site
And we created desired sub-groups inside each one of them - staffs,student and
servers.
36. 36 | P a g e
Creating Polices
A policy applies to a group of managed computers. Each group has the Policies node which contains
all policies applied to the group.
37. 37 | P a g e
Select the application for which you want to create a group policy
39. 39 | P a g e
1- Application Startup Control:
Application Startup Control allows the administrator to restrict the program start on the client
computer. Program start permissions are specified in special rules. When a program starts,the
following conditions are checked:
1- The category to which the program belongs
2- The account that starts the program
3- The rules regulating the start of this program category for this account
If at least one rule that allows starting the program is met, and there are no matching blocking
rules, the start is allowed. If there are no allowing rules, or there are both allowing and blocking
rules for this account to start a program of this category, the start is prohibited.
The list of rules is specified in the KES policy, in the Application Startup Control section.
Initially, the list contains two standard rules that cannot be deleted:
40. 40 | P a g e
Allow all—a rule allowing start of all programs. The rule is enabled by default. Disabling it is
dangerous, it can result in operating system failure on the client computers if alternative
allowing rules are not configured
Trusted updaters—if this rule is enabled, the applications installed by trusted updaters will
not be blocked even if there are no allowing rules for them. It is a special KL category that
includes programs that download and install module updates, for example, Adobe Updater.
The rule is disabled by default—it is used only in a special mode of Application Startup
Control.
2- Application privilege Control
This component keeps track of application activities in the system and regulates the activity
of applications depending on their status.
41. 41 | P a g e
3- Device control
The component allows controlling the connection of removable drives.
42. 42 | P a g e
4- Web Control:
The component allows controlling access to web resources depending on their content
and location.
43. 43 | P a g e
Configuration ofprotection settings:
48. 48 | P a g e
2- File Antivirus:
This component resides in RAM, scanning all opened, saved, and active files to ensure
maximum protection at all times
50. 50 | P a g e
3- Mail Antivirus
This component scans incoming and outgoing messages for dangerous objects. The
following protocols are supported: POP3, SMTP, IMAP, MAPI, and NNTP.
51. 51 | P a g e
4- Web Antivirus
This component scans inbound traffic on your computer
54. 54 | P a g e
5- IM Anti-virus
This component protects traffic for the following instant messaged: ICQ,MSN, AIM,
Mail.Ru Agent, and IRC.
55. 55 | P a g e
6- Network Attack blocker
KasperskyEndpoint Security for windows detects anddefends your computer against network
activity and attacks that could dangerous.
58. 58 | P a g e
Kaspersky Security Network (KSN) is a specialsecurity network which allows users to get:
additional protection level; applications reputation data; websites reputation data; quick
reaction on new threats