How it Works
Alcatel-Lucent
Loading...
ICS DISSOLVABLE AGENT FOR SAFEGUARD
User Manual
44 pgs677.53 Kb0
Table of contents
Loading...

Alcatel-Lucent ICS DISSOLVABLE AGENT FOR SAFEGUARD User Manual

ICS Dissolvable Agent for SafeGuard
Alcatel-Lucent Release 2.2 ICS Release 4.0
Administration Guide
PART NUMBER: 005-0030 REV A1
UBLISHED: MARCH 2007
P
A
LCATEL-LUCENT
26801 WEST AGOURA ROAD CALABASAS, CA 91301 USA (818) 880-3500
Alcatel-Lucent Proprietary
Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the Alcatel­Lucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
2
ICS Dissolvable Agent for SafeGuard Administration Guide

Contents

Preface
About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Related Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Chapter 1: Introduction
Integrity Clientless Security Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Integrity Clientless Security Scanner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
ICSInfo Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Unsupported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Chapter 2: Prerequisites
End Point Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Supported Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Java Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Chapter 3: General Administration Tasks
Planning for Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Security Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
End Point Users and Disruption Tolerance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Sample Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Understanding Security Lifecycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Supporting the End Point User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Configuration Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
General Administration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring ICS to Fail Open. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Configuring Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
ICS Dissolvable Agent for SafeGuard Administration Guide
3
Contents
Chapter 4: Administering Security Scanner Policies
Understanding Integrity Clientless Security Scanner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Implementing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding Enforcement Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Enforcement Rule Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Firewall Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Creating a Firewall Application Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Anti-virus Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Creating an Anti-virus Application Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Anti-Spyware Scan Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Creating an Anti-spyware Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Custom Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Custom Group Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Creating Custom Group Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Creating Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Activating Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Chapter 5: Reports
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Generating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Access Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Security Scan Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Spyware Found. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Rules Broken . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Anti-Keylogger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Chapter 6: The ICSInfo Utility
Troubleshooting End Point User Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Obtaining Anti-virus Application Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Obtaining Application Checksums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4
ICS Dissolvable Agent for SafeGuard Administration Guide

Preface

In this preface:
About this Guide
Related Publications
Preface

About this Guide

This preface provides an overview of Integrity Clientless Security (ICS) documentation as
implemented and integrated into the Alcatel-Lucent OmniAccess SafeGuard OS solution.
The ICS Dissolvable Agent for SafeGuard Administration Guide provides:
Prerequisites
Administration information, including background and task-oriented
administrative procedures
Information about using the various utilities included with Integrity Clientless
Security
This guide is tailored for running ICS only under OmniAccess SafeGuard OS. If you are
using a version of ICS available directly from Check Point Technologies, you should use
the documentation available from their Web site.

Related Publications

For additional ICS information, see the Online Help. The online help provides the field-
level information you need to understand the UI elements in the ICS Administrator
Console. The online help includes detailed information about what each element does
and what entries are valid. Use the online help after reading the procedural information
in the ICS for SafeGuard Administrator Guide. You can access the help from any page in
the ICS Administrator Console by clicking the help link.
For information about configuring and managing the OmniAccess SafeGuard Controller,
refer to the following guides:
OmniAccess SafeGuard Controller Installation Guide
Describes the OmniAccess SafeGuard Controller. The guide provides detailed installation instructions and technical specifications for the OmniAccess SafeGuard Controller.
OmniVista SafeGuard Manager Administration Guide
Describes how to manage the OmniAccess SafeGuard Controller using the OmniVista SafeGuard Manager software.
OmniAccess SafeGuard OS Administration Guide
Provides concepts and configuration instructions for the major features of OmniAccess SafeGuard OS and its supported products, which includes End Point Validation (EPV) the integral component for using ICS.
6
ICS Dissolvable Agent for SafeGuard Administration Guide
This guide uses the following formats to highlight special messages in the text:
NOTE: This format highlights information that is important or that has special interest.
Preface
ICS Dissolvable Agent for SafeGuard Administration Guide
7
Preface
8
ICS Dissolvable Agent for SafeGuard Administration Guide
chapter

Introduction

1
In this chapter:
Integrity Clientless Security Features
Reports
ICSInfo Utility
Unsupported Features
Chapter 1: Introduction
Check Point Integrity™ Clientless Security (ICS) protects your network by scanning end
point computers. Use it to do the following:
Check end point computers for known spyware, worms, and other potential
threats
Check that end point computers are compliant with your anti-virus, firewall, and
other software policies
Protect data on end point computers from keyloggers

Integrity Clientless Security Features

ICS consists of several features, each providing a unique type of security protection. You
can choose which features to implement. This section provides an overview of these
features.

Integrity Clientless Security Scanner

Use the Integrity Clientless Security Scanner policies to make sure that end point
computers connecting to your network meet your security requirements. The Integrity
Clientless Security Scanner checks end point computers for applications according to the
enforcement rules you create. Enforcement rules either prohibit or require certain
applications. If the end point computer does not meet the requirements of the
enforcement rule, it is considered to be ‘non-compliant’. You can choose to restrict or
warn non-compliant users or simply log the event. For more detailed information about
enforcement rules, see Understanding Enforcement Rules on page 24.

Reports

Use reports to monitor how ICS is protecting your network and to plan new policies. For
more information about reports, see Reports on page 36.

ICSInfo Utility

ICS includes the ICSInfo Utility. The ICSInfo utility collects program and other
information from end point computers that you can use when creating your policies or
troubleshooting user issues. See Troubleshooting End Point User Issues on page 40.
10
ICS Dissolvable Agent for SafeGuard Administration Guide

Supported Features

The ICS Dissolvable Agent has the following features:
Enforces software compliance
Detects browser plugins for adware
Tool for dialer hacking
Detects keystroke Logging
Detects undesirable software
Remote administration tool
Screen logging
Cookie tracking
Detects Trojans
Detects worms
Chapter 1: Introduction
Enforces anti-virus compliance for these vendors:
Computer Associates VET
Computer Associates eTrust InnoculateIT
Kaspersky Antivirus
McAfee VirusScan
Trend Micro PC-cillin/OfficeScan
Sophos AV
Symantec Norton Antivirus

Unsupported Features

The following ICS features display in the product, but are not supported in the ICS
Dissolvable Agent for OmniAccess SafeGuard OS solution:
While the spyware module does detect key-logging, the Advanced Anti-
KeyLogger feature of ICS is not supported.
Integrity Secure Workspace
ICS Dissolvable Agent for SafeGuard Administration Guide
11
Chapter 1: Introduction
12
ICS Dissolvable Agent for SafeGuard Administration Guide
chapter

Prerequisites

2
In this chapter:
End Point Prerequisites
Chapter 2: Prerequisites

End Point Prerequisites

Use this chapter to plan your ICS implementation by ensuring that you meet the
requirements listed.
For end point computers to be successfully serviced by Integrity Clientless Security, they
must meet the end point requirements outlined in this section. When a user tries to access
your network without the proper browser or settings, an error message is displayed
detailing the browser requirements. You can choose to allow access for end point
computers that do not meet your requirements, however, those computers will not be
serviced by ICS.

Supported Operating Systems

For information about allowing access for end point computers that are running
unsupported operating systems see Configuring ICS to Fail Open on page 21.
For Integrity Security Scanner:
Windows 98/ME
Windows NT4 SP6
Windows 2000
Windows XP

Supported Browsers

Internet Explorer 5.01 or later configured to allow cookies, run ActiveX
components or Sun Java applets enabled or Microsoft Java VM enabled
Mozilla Firefox 1.0 or later configured to allow cookies and Sun Java applets
support enabled
Netscape Navigator 8.0 or later configured to allow cookies and Sun Java applets
support enabled

Java Requirements

ICS supports two Java implementations. End point computers must have one of the
following to be serviced by ICS:
14
Sun JRE version 1.4.2 or higher.
Microsoft JVM version 5.5.3810.0 or higher.
ICS Dissolvable Agent for SafeGuard Administration Guide
Loading...
+ 30 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use