User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherICS DISSOLVABLE AGENT FOR SAFEGUARD

PART NUMBER: 005-0030 REV A1

UBLISHED: MARCH 2007

LCATEL-LUCENT

26801 WEST AGOURA ROAD

CALABASAS, CA 91301 USA

(818) 880-3500

WWW.ALCATEL-LUCENT.COM

ICS Dissolvable Agent

for SafeGuard

Alcatel-Lucent Release 2.2

ICS Release 4.0

Administration Guide

Summary of content (44 pages)

PAGE 1
ICS Dissolvable Agent for SafeGuard Alcatel-Lucent Release 2.2 ICS Release 4.0 Administration Guide PART NUMBER: 005-0030 REV A1 PUBLISHED: MARCH 2007 ALCATEL-LUCENT 26801 WEST AGOURA ROAD CALABASAS, CA 91301 USA (818) 880-3500 WWW.ALCATEL-LUCENT.
PAGE 2
Alcatel-Lucent Proprietary Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the AlcatelLucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
PAGE 3
Contents Preface About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Related Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 1: Introduction Integrity Clientless Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
Contents Chapter 4: Administering Security Scanner Policies Understanding Integrity Clientless Security Scanner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Implementing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Understanding Enforcement Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Enforcement Rule Types . . . . . . . .
PAGE 5
Preface In this preface: ■ ■ About this Guide Related Publications
PAGE 6
Preface About this Guide This preface provides an overview of Integrity Clientless Security (ICS) documentation as implemented and integrated into the Alcatel-Lucent OmniAccess SafeGuard OS solution.
PAGE 7
Preface This guide uses the following formats to highlight special messages in the text: NOTE: This format highlights information that is important or that has special interest.
PAGE 8
Preface 8 ICS Dissolvable Agent for SafeGuard Administration Guide
PAGE 9
chapter 1 Introduction In this chapter: ■ ■ ■ ■ Integrity Clientless Security Features Reports ICSInfo Utility Unsupported Features
PAGE 10
Chapter 1: Introduction Check Point Integrity™ Clientless Security (ICS) protects your network by scanning end point computers.
PAGE 11
Chapter 1: Introduction Supported Features The ICS Dissolvable Agent has the following features: ■ Enforces software compliance ■ Detects browser plugins for adware ■ Tool for dialer hacking ■ Detects keystroke Logging ■ Detects undesirable software ■ Remote administration tool ■ Screen logging ■ Cookie tracking ■ Detects Trojans ■ Detects worms ■ Enforces anti-virus compliance for these vendors: — Computer Associates VET — Computer Associates eTrust InnoculateIT — Kaspersky Antivirus
PAGE 12
Chapter 1: Introduction 12 ICS Dissolvable Agent for SafeGuard Administration Guide
PAGE 13
chapter 2 Prerequisites In this chapter: ■ End Point Prerequisites
PAGE 14
Chapter 2: Prerequisites End Point Prerequisites Use this chapter to plan your ICS implementation by ensuring that you meet the requirements listed. For end point computers to be successfully serviced by Integrity Clientless Security, they must meet the end point requirements outlined in this section. When a user tries to access your network without the proper browser or settings, an error message is displayed detailing the browser requirements.
PAGE 15
chapter 3 General Administration Tasks In this chapter: ■ ■ ■ ■ Planning for Security Logging In Configuration Workflow General Administration Tasks
PAGE 16
Chapter 3: General Administration Tasks Planning for Security This chapter provides information about the general administration of ICS. Before you start to configure and administer ICS, you should consider which security features you want to use and how they will affect your users. You should balance security with the ability of your users to access your network.
PAGE 17
Chapter 3: General Administration Tasks ■ User accounts ■ End point computers Your security goals are to provide data protection, session confidentiality, and protection from network infection. Risks In this scenario, your organization’s intellectual property is threatened by: ■ Viruses ■ Trojans ■ Worms ■ Hackers End Point Users and Disruption Tolerance Your end point users are usually employees but they can also be guests and contractors.
PAGE 18
Chapter 3: General Administration Tasks ■ Minimizing security features—Using only one or two features. To make these features less disruptive, allow end point computers to connect, even if the operating systems are not supported by the feature. ■ Minimizing enforcement rules—Only using enforcement rules for the most important security requirements, such as requiring an antivirus application. To make these enforcement rules even less disruptive, set them to ‘warn’ or ‘observe’.
PAGE 19
Chapter 3: General Administration Tasks Figure 1 Security Lifecycle Supporting the End Point User In order to ensure that your users will be able to have the access they need and are not needlessly inconvenienced by your security policies, you should plan how to provide support and education for them. One of the most important things you can do to make your ICS implementation run smoothly, is provide information to your users.
PAGE 20
Chapter 3: General Administration Tasks The default username and password is ‘icsadm/icsadm’. To add additional users and passwords to the Alcatel-Lucent system, use the optional EPV configuration commands described in the OmniAccess SafeGuard OS Administration Guide. Configuration Workflow After you plan your security configuration, you can begin to configure ICS.
PAGE 21
Chapter 3: General Administration Tasks Configuring ICS to Fail Open If you want to minimize disruption to your users, you should configure ICS to ‘fail open.’ This means that end point users that are not running a supported operating systems can still access your network, without being serviced by ICS. 1 Log into the ICS Administrator Console. 2 Go to the Gateway Configuration tab.
PAGE 22
Chapter 3: General Administration Tasks 2 Click Update Client Components at the bottom of the page. If an update is available, a new window opens and displays the latest package. 3 Click the box, Proceed to Update. A message appears to show the status of your update. 4 22 When the update is complete, click Finish to continue.
PAGE 23
chapter 4 Administering Security Scanner Policies In this chapter ■ ■ ■ ■ Understanding Integrity Clientless Security Scanner Implementing Policies Understanding Enforcement Rules Activating Policies
PAGE 24
Chapter 4: Administering Security Scanner Policies This chapter contains information about how to administer your policies using the ICS Administrator Console. Policies control what the Integrity Clientless Security Scanner checks for on your end point computers. Policies consist of collections of enforcement rules, which specify whether to prohibit or require certain applications, and what action to take if the end point computer is out of compliance with the rule.
PAGE 25
Chapter 4: Administering Security Scanner Policies ■ Conditions—Use the conditions area to indicate the criteria that the end point computer must meet. For instance, that it must have a certain file running. ■ Action—Use the action area to indicate what ICS should do when the end point computer is out of compliance with the rule. Actions affect the user experience as described in Table 1. Table 1 Action behaviors Option Behavior Restrict Prevents the users from logging on.
PAGE 26
Chapter 4: Administering Security Scanner Policies ■ Firewall Application — Use firewall application rules to require a certain firewall application. See Firewall Application Rules on page 26. ■ Anti-Virus Application — Use anti-virus application rules to require a supported anti-virus application. If you want to require an anti-virus application that is not supported, use the custom application rule. See Anti-virus Application Rules on page 27.
PAGE 27
Chapter 4: Administering Security Scanner Policies 6 Click Save Rule. Anti-virus Application Rules It is important to protect your network from viruses. Every time an end point user logs in, your network is exposed to any viruses that the end point computer is infected with. Users who access your network through a gateway are particularly likely to be infected, since they are more likely to use their computers for personal uses, which put them at risk for viruses.
PAGE 28
Chapter 4: Administering Security Scanner Policies 3 Select the anti-virus applications you want to require. The end point computer must have at least one of these anti-virus applications to be in compliance with the rule. 4 You can optionally edit the conditions for each application. For each anti-virus application you can specify more detailed criteria and remediation information that is specific to the application. A Click Edit. The Anti-Virus Application Details page appears.
PAGE 29
Chapter 4: Administering Security Scanner Policies Anti-Spyware Scan Rules The term ‘spyware’ refers to applications that collect user data on host computers for either commercial or malicious purposes. Spyware may do any of the following: ■ Aid hackers in circumventing your security and spreading malicious code. Spyware can introduce worms, dial out to toll lines, and introduce other serious security breaches.
PAGE 30
Chapter 4: Administering Security Scanner Policies 3 Enter a Name and Description for the rule. 4 For each screened software type, choose the action you want ICS to take when it detects this kind of spyware. If you warn or restrict the end point computer, it is recommended that you include a Remedy Message, informing the user of what they need to do to treat the spyware. 5 If you want ICS to ignore certain spyware applications, add them to the exclusions list.
PAGE 31
Chapter 4: Administering Security Scanner Policies If you are creating a rule requiring an anti-virus application, it is recommended that you require that the application be running, to prevent users from disabling the application. You should also require that it be modified no more than a week ago, to ensure that end point computers are getting virus definition updates regularly. During a virus outbreak, you will want to require that the file be modified no more than 24 hours ago.
PAGE 32
Chapter 4: Administering Security Scanner Policies 6 Use the remediation area to specify any information or resources you want to provide to end point users to help them to become compliant with this rule. This remediation information is for all the enforcement rules in the group and should be more generic than the remediation information you provided for specific enforcement rules. 7 Click Save Rule. Creating Policies Policies are made up of Enforcement rules.
PAGE 33
Chapter 4: Administering Security Scanner Policies 2 Select your policy in the Integrity Security Scanner Policy drop down list. 3 Optionally, you can select to enforce a scan interval. Use a scan interval to require that the end point computers be re-scanned while they are connected to your network. If a user is connected to your network, and then directs a browser to another location, they may become infected with spyware after the original scan.
PAGE 34
Chapter 4: Administering Security Scanner Policies 34 ICS Dissolvable Agent for SafeGuard Administration Guide
PAGE 35
chapter 5 Reports In this chapter: ■ Reports
PAGE 36
Chapter 5: Reports Use this chapter to understand how to use reports to enhance your implementation. Reports Use the ICS reports to monitor security events occurring on your network. Use the information in these reports to improve your policies, provide better remediation for users, and observe how ICS is protecting your network.
PAGE 37
Chapter 5: Reports Access Statistics Use the Access Statistics report to see what the results were for all the users who attempted to connect to your gateway. Attempted user connections are counted per session, with the session determined by the persistence of the cookie. If a user connects to your gateway, disconnects and reconnects again, that is counted as one connection attempt, unless the cookie has expired.
PAGE 38
Chapter 5: Reports Errors Use the Errors report to view the ICS errors that end point users are experiencing when they attempt to connect to your gateway. This report only shows errors when the user connects to the ICS server. To diagnose connection issues due to end point configuration, use the ICSInfo utility. See Troubleshooting End Point User Issues on page 40.
PAGE 39
chapter 6 The ICSInfo Utility In this chapter: ■ Troubleshooting End Point User Issues
PAGE 40
Chapter 6: The ICSInfo Utility The ICSInfo utility collects program and other information from end point computers that you can use when creating your policies or troubleshooting user issues. Troubleshooting End Point User Issues If your users are unable to connect to your network, you may need to help them to become compliant. Have your users run the ICSInfo utility to determine what is wrong.
PAGE 41
Chapter 6: The ICSInfo Utility C Click Run. The ICSInfo utility runs and the file is saved to the specified location. 4 Have the end point user send the icsinfo.xml file to you for analysis. Obtaining Anti-virus Application Information When creating anti-virus enforcement rules, you need to use the correct format for your anti-virus provider information. This format varies from provider to provider.
PAGE 42
Chapter 6: The ICSInfo Utility The ICSInfo utility is available at: http://myIP:31862/ics/components/icsinfo.exe 3 Run the ICSInfo.exe file Using a command prompt run ICSInfo.exe -fileinfo. When you run the ICSInfo.exe file using this parameter the ICSInfo utility produces an icsinfo.xml file that contains the version, size, checksum and vendor information for each dll and exe file in the folder. 4 42 Open the icsinfo.
PAGE 43
Index A Access Statistics report . . . 37 Activating Policies . . . 32 Admin console logging in to . . . 19 Anti-Keylogger report . . . 37 application information obtaining application checksums . . . 41 obtaining for anti-virus application . . . 41 C checksums obtaining for applications . . . 41 Enforcement rules defined . . . 24 definition of types . . . 25 Errors report, overview . . . 38 F Fail open configuration ICS . . . 21 G Generating Reports . . .
PAGE 44
Index Policies activating . . . 32 creating . . . 32 instructions for implementing . . . 24 prerequisites, installation . . . 14 Providing information to end point users . . . 19 R Reports Access Statistics . . . 37 Anti-keylogger . . . 37 errors, overview . . . 38 instructions for generating . . . 36 overview . . . 10 Rules Broken . . . 37 Security Scan Results . . . 37 Spyware Found . . . 37 Rules creating Custom Group . . . 31 definition of enforcement types . . . 25 enforcement, defined . . .