Windows Anti-virus and Security

1
Windows Anti-virus and Security

• WNUG Meeting 2-7-2002

2
Anti-virus Overview

• New License information
• ASU Current Protection
• Best Practices
• Wireless Product
• New Tools for Management

3
Security Overview

• SANS best Practices
• Windows NT
• Windows 2000
• Tools to Assist with Securit
• Information from Microsoft Security Seminar

4
Anti-virus License Update

• A new license with NAI has been signed for
  another 2 years.
• All Current products are again covered.
• We need a better idea of the number of clients we
  have.

5
ASU Current Protection Plan

• ASU Post Office and Exchange servers are running
  GroupShield from NAI.
• Workstations running VirusScan or Virex.
• Servers running NetShield (both Netware and
  Windows)
• Addition of new management tools (ePO)

6
Anti-virus Best Practices

• Always have the latest sdat installed.
• Use the most current version of the software.
• Never EVER open attachments that are not
  confirmed or expected.
• The following settings are recommended
• Install system, email, and download scan.
• Scan all files even compressed.
• Always have heuristics turned on for both macro
  and program scanning.
• With email scan, scan all attachments even
  compressed ones.

7
Wireless Product

• Supports Palm OS, Pocket PC, Windows CE, and
  Symbian EPOC operating systems.
• Handheld devices are scanned on synchronization.

8
Wireless Continued

• Use the Configured Auto Update in the software.
• On the Advanced Tab select the last two options.
  There are no defaults on the screen by default.
• Also under the Log Activity Tab, select verbose
  logs. This aids in troubleshooting later.

9
Anti-virus Management Tools

• ePolicy Orchestrator
• Installation Designer

10
ePolicy Orchestrator

• Repository for anti-virus software software.
• Centralized anti-virus software installation.
• Admin be able to view the state of anti-virus
  software on all computers on the network which
  have an agent.
• Has support for multiple service providers.
• Comprehensive reporting on anti-virus software
  activity.
• Default reports that can be customized.
• Replaces Management Console.

11
ePO Default Reports

• Agent to Server Connect Interval
• DAT deployment Summary
• DAT/Engine Coverage
• Engine Deployment Summary
• Machines with no AV Protection
• Machines without ePO Agent Installed
• Product Protection Summary
• ePO Agent Versions
• Infection Reports
• Top Ten Reports
• Detection Reports

12
Installation Designer

• Utility to pre-configure VirusScan or NetShield
  for installation on another computer.
• GUI utility
• Pre-set any install time options.
• Select additional files to copy to the system
  during installation.
• Set Registry Keys.
• Install other .DAT files other than those shipped
  with the product.

13
SANS Documents

• Windows NT
• Phase 1 Setting up the machine
• Phase 2 Safe File system and Creation of ERD
• Phase 3 Setting Registry keys
• Phase 4 Strong Password controls and Account
  policies
• Phase 5 Auditing
• Phase 6 Networking and Internet Security
• Phase 7 Monitoring and updating Security

14
SANS Documents Continued

• Windows 2000
• Same general guidelines from the Windows NT
  document.
• Disable any unused services
• Secure any remote control programs

15
Suggested Utilities

• Dumpchk.exe provides dump file validation and
  analysis
• Memsnap.exe produces a picture of memory usage
  by all processes and writes a log file.
• Poolmon.exe used to detect memory leaks.
• W2000msgs.chm list of Windows 2000 error and
  event messages in Help File format.
• Acldiag.exe reads access control lists from AD
  objects and generates a report.
• Filever.exe Utility to report on the versions
  of the file structure, executable and DLL files.
• Guid2obj.exe translates a GUID to its
  distinguished name.

16
Suggested Utilities Continued

• Snort free Intrustion detection system.
• HFNetChk inventory of security patches.
• Qchain.exe installs mulitple hotfixes together.
• IIS Lockdown wizard wizard used to lockdown IIS
  4 5.

17
Microsoft Security Seminar

• Security Tool Kit (available from web site)
• http//www.microsoft.com/security
• Keep up to date on patches/hot fixes.
• Have anti-virus software installed and
  up-to-date.
• Use good security techniques, for example those
  offered by SANS step by step guides.
• Audit your systems on a regular interval