Kl 010.10 mdm_eng_labs_v.1.02
-
Upload
business-softwares-solutions -
Category
Technology
-
view
179 -
download
7
description
Transcript of Kl 010.10 mdm_eng_labs_v.1.02
Lab Guide
Mobile Device Management Kaspersky Endpoint Security and Management
Technical Training KL 010.10
Version 1.02
Kaspersky Lab www.kaspersky.com FO
R IN
TERN
AL U
SE O
NLY
L10.1–1
Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server
Lab 10.1
Adding Exchange ActiveSync Mobile Devices Server
Lab objective. Install Exchange ActiveSync mobile devices server and connect it to Kaspersky Security Center.
Scenario. The decision to apply the corporate security policy to employees’ mobile devices (smartphones and tablets) has been made in the company. Exchange ActiveSync is selected for connecting Android devices. Being responsible for the network security, you would like to manage the profiles via KSC Administration Console. For this purpose, it is necessary to install the Mobile Devices Server from KSC distribution on the Exchange server.
Contents. The following computers are used in this lab:
— DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server)
In this lab, we will:
1. Install management plug-in of MDM for Exchange ActiveSync 2. Connect Exchange to KSC 3. Prepare KSC and Exchange for the installation of the Mobile Devices Server 4. Install Exchange ActiveSync mobile devices server
Preparation
Turn on the DC domain controller and Exchange mail server.
Security-Center
Exchange
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Exchange
4. Log on to the abc\Administrator account. Password—Ka5per5Ky
FOR
INTE
RNAL
USE
ON
LY
L10.1–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 1 Install management plug-in of MDM for Exchange
To be able to manage MDM for Exchange, you need to install the corresponding plug-in. This can be achieved during initial installation of the Server or Administration Console. In this task we will manually install the plug-in.
Security-Center
Exchange
1. Close the Administration Console if already open
2. In the Administration Server distribution folder, find and run the \Plugins\MDM4Exchange\klcfginst.msi file
3. Wait until the MSI completes
●
Task 2 Connect Exchange to KSC
MDM for Exchange can only be installed on a computer where Microsoft Exchange Server 2007 or 2010 and KSC Network Agent are installed already.
In this task we will install the Network Agent.
Security-Center
Exchange
1. Open KSC Administration Console
FOR
INTE
RNAL
USE
ON
LY
L10.1–3
Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server
Security-Center
Exchange
2. Select the Remote installation / Installation
packages node
3. Open the properties of the Network Agent
package created by default and make sure that the correct Administration Server address is specified there
4. Close the package properties
5. Install the Network Agent package on the Exchange computer using a task for specific computers:
Select the computer among Unassigned computers / ABC
Select to move the computer after the installation to Managed computers / Servers
Account: abc\administrator, password—Ka5per5Ky
FOR
INTE
RNAL
USE
ON
LY
L10.1–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Exchange
6. Wait for the installation to complete and make
sure that Exchange has appeared in the Managed computers / Servers node
●
Task 3 Prepare KSC and Exchange for the installation of the Mobile Devices Server
Make sure that there is a key that allows managing Mobile Devices Servers on the Administration Server and enable Windows authentication for the standard PowerShell web site on Exchange. It is disabled by default. FO
R IN
TERN
AL U
SE O
NLY
L10.1–5
Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server
Security-Center
Exchange
1. Open the Administration Server properties and
switch to the Keys section
2. Add the MDM license key from the handout USB
flash drive
3. Click View restrictions to make sure that the key
enables management of mobile device servers
FOR
INTE
RNAL
USE
ON
LY
L10.1–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Exchange
4. Close the properties of the Administration Server
5. Open the Start menu
6. In the search filed, type inetmgr and press ENTER
7. Open the Exchange / Sites / Default Web Site /
PowerShell node
8. In the IIS area, double-click the Authentication
component to open its properties
FOR
INTE
RNAL
USE
ON
LY
L10.1–7
Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server
Security-Center
Exchange
9. Select Windows Authentication and click
Enable in the task pane on the right
10. Close the Internet Information Services (IIS)
Manager window
●
FOR
INTE
RNAL
USE
ON
LY
L10.1–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 4 Install Exchange ActiveSync mobile devices server
In this task, we will install MDM for Exchange.
Security-Center
Exchange
1. Find the installer of MDM for Exchange on
the handout USB flash drive and start it
2. On the welcome page of the wizard, click Next
3. Accept the license agreement and click Next
4. Leave Standard mode (default) and click Next
FOR
INTE
RNAL
USE
ON
LY
L10.1–9
Lab 10.1. Adding Exchange ActiveSync Mobile Devices Server
Security-Center
Exchange
5. Specify the domain administrator account,
password—Ka5per5Ky, and click Next
6. On the following page, click Next
7. On the following page, click Install and wait for
the installation to complete
8. Click Finish
FOR
INTE
RNAL
USE
ON
LY
L10.1–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Exchange
9. In KSC Administration Console, select
the Mobile devices / Mobile devices servers node and find Exchange ActiveSync mobile devices server there
10. Open its properties, switch to the Mailboxes
section and make sure that [email protected] is there
●
Conclusion
In this lab we installed a mobile device server for Exchange, which acts as a connection gateway between the mobile devices and the Administration Server. It supports all devices that can work with Exchange ActiveSync, and enable the administrator to manage Exchange ActiveSync policies directly from KSC Administration Console.
In the next lab we will study how to change and apply the corporate password policy for mobile devices.
FOR
INTE
RNAL
USE
ON
LY
L10.2–1
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Lab 10.2
Applying Corporate Security Policy via Exchange ActiveSync
Lab objective. Create and apply the corporate security policy to a mobile device connected to the network via Exchange ActiveSync.
Scenario. The decision was made that smartphones and tablets can connect to the corporate resource via ActiveSync. Now it is necessary to create a security policy for them and apply it. Firstly, password protection for all employees should be enforced whilst configuring automatic deletion of the information if an incorrect password is entered several times.
Contents. The following computers are used in this lab:
— DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. Create a profile for the Sales department 2. Apply it to the Alex account 3. Make sure that it is fully applied
Preparation
Turn on the DC domain controller and Exchange mail server.
Security-Center
Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
6. From Eclipse system menu, run Windows | Android Virtual Device Manager
FOR
INTE
RNAL
USE
ON
LY
L10.2–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
7. On the Android Virtual Devices tab, select
the Android virtual device and click Start
8. In the window that opens, click Launch
9. Drag the button to the right to unlock
the phone
FOR
INTE
RNAL
USE
ON
LY
L10.2–3
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Desktop
10. Click to display the applications
11. Run the Email application
FOR
INTE
RNAL
USE
ON
LY
L10.2–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
12. In the window that opens, type Alex credentials:
[email protected], Ka5per5Ky password and click Manual setup
13. Select Exchange
FOR
INTE
RNAL
USE
ON
LY
L10.2–5
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
14. Make the following changes:
Domain name: abc\alex Server name: exchange.abc.lab Select the Accept all SSL certificates
checkbox
15. Scroll the page down (click in the lower part of
the virtual smartphone screen and drag up) and click Next
FOR
INTE
RNAL
USE
ON
LY
L10.2–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
16. Click OK to allow the Exchange Server to
control security features of the device
17. On the following page, scroll the page down and
click Next
FOR
INTE
RNAL
USE
ON
LY
L10.2–7
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
18. Click Activate to confirm the decision
19. Click Next and complete the account setup
FOR
INTE
RNAL
USE
ON
LY
L10.2–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
20. Make sure that the synchronization is completed
successfully—there are no error messages
Task 1 Create a profile for the Sales department
In this task you will create a profile that will be applied to the devices of employees working in the Sales department. Specify the requirement to use passwords on the devices, which must contain both characters and digits, and prohibit simple passwords.
Security-Center
Desktop
1. Open KSC Administration Console
FOR
INTE
RNAL
USE
ON
LY
L10.2–9
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Desktop
2. Select the Mobile devices / Mobile devices
servers node and open the properties of Exchange ActiveSync mobile devices server
3. Open the Mailboxes section
4. Click Change profiles…
5. Click Add
FOR
INTE
RNAL
USE
ON
LY
L10.2–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
6. In the profile name field, type Sales and switch to
the Passwords section
7. Edit the settings as follows:
Select the Alphanumeric password checkbox
Decrease the Minimum number of character sets to two
Clear the Allow simple password checkbox
8. View the other settings and click OK to save
the profile
FOR
INTE
RNAL
USE
ON
LY
L10.2–11
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Desktop
9. Apply the profile: select the [email protected]
account and click Assign profile…
10. Select Sales and click OK
11. Click OK to apply the changes and close
the mobile devices server properties window
●
Task 2 Apply the policy to the mobile device
Synchronize the smartphone with Exchange ActiveSync, receive and apply the new policy.
FOR
INTE
RNAL
USE
ON
LY
L10.2–12 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
1. Click to start synchronization
2. Read the Couldn’t open connection to server due
to security reasons message
FOR
INTE
RNAL
USE
ON
LY
L10.2–13
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Exchange
3. Wait for the message with new settings— icon
will appear in the upper-left corner of the window. This may take several minutes
4. Pull down the Notifications panel (click the black
bar in the upper part of the screen and drag it down)
5. Click the Security update required notification
FOR
INTE
RNAL
USE
ON
LY
L10.2–14 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Exchange
6. In the Security update window, click OK
7. Click Password
FOR
INTE
RNAL
USE
ON
LY
L10.2–15
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Exchange
8. Type a password that meets the policy settings
(for example, 111q) and click Continue
9. On the subsequent page, re-type the password and
click OK
●
Task 3 Check whether the policy is applied
See how smartphone reacts to an incorrect password.
FOR
INTE
RNAL
USE
ON
LY
L10.2–16 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
1. Start the synchronization and wait for its
successful completion
2. Click twice to lock and unlock the phone
3. Type an incorrect password several times until the error message appears
FOR
INTE
RNAL
USE
ON
LY
L10.2–17
Lab 10.2. Applying Corporate Security Policy via Exchange ActiveSync
Security-Center
Desktop
4. Click OK
5. Type the correct password and unlock the smartphone
6. Click to go to the home screen
●
Conclusion
In this lab we studied the procedure of applying the corporate security policy to a smartphone connected to the computer via ActiveSync. You can also control iOS security settings similarly, via the Apple Push Notification Service. This is covered in more detail in the theoretical part of the course.
In the following lab, we will install Kaspersky Security for Mobile on the smartphone of the Alex user.
FOR
INTE
RNAL
USE
ON
LY
L10.2–18 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
FOR
INTE
RNAL
USE
ON
LY
L10.3–1
Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile
Lab 10.3
Preparing Deployment of Kaspersky Security 10 for Mobile
Lab objective. Prepare KSC Administration Server for deploying Kaspersky Security for Mobile.
Scenario. The company management decided to allow employees connecting corporate mobile devices to the local network. In the near future, Kaspersky Security 10 for Mobile will be installed on them. The administrator should prepare for it: create groups, relocation rules and policies.
Contents. The following computers are used in this lab:
— DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. Modify configuration of the Administration Server and Administration Console 2. Create a subgroup for mobile devices in Managed computers 3. Create a policy for Kaspersky Security for Mobile 4. Create and publish a standalone installation package for Kaspersky Security for Mobile
Preparation
Turn on the DC domain controller and Exchange mail server.
Security-Center
Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
6. From Eclipse system menu, run Windows | Android Virtual Device Manager
7. On the Android Virtual Devices tab, select the Android virtual device and click Start
8. In the window that opens, click Launch
FOR
INTE
RNAL
USE
ON
LY
L10.3–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 1 Modify Administration Server configuration
To be able to manage mobile devices, the following steps are required:
Install the Administration Console plug-in for Kaspersky Security 10 for Mobile Add the Mobile devices support component to the Administration Server In the configuration of the Administration Server, open the ports to be used for mobile device management
Security-Center
Desktop
1. Close the Administration Console if it is open
2. On the handout USB flash drive, find the distribution of Kaspersky Security 10 for Mobile and run klcfginst.exe
3. Accept the license agreement and click Install
4. Wait until the MSI completes
5. Click Start
6. In the Search programs and files field, type appwiz.cpl and press ENTER
FOR
INTE
RNAL
USE
ON
LY
L10.3–3
Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile
Security-Center
Desktop
7. Select Kaspersky Security Center Administration
Server and click Uninstall/Change
8. On the welcome page of the wizard, click Next
9. Select Modify
FOR
INTE
RNAL
USE
ON
LY
L10.3–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
10. Select Mobile devices support and click Next
11. In the Administration Server address field, type
10.28.0.20 and click Next
12. Click Modify
13. On the following page, click Finish
FOR
INTE
RNAL
USE
ON
LY
L10.3–5
Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile
Security-Center
Desktop
14. On the shortcut menu of the server node, select
Properties to open the Administration Server properties
15. Switch to the Settings tab
16. Select the Open port for mobile devices checkbox and click OK
●
Task 2 Create a subgroup for mobile devices
Create a subgroup Managed computers / Mobile devices.
FOR
INTE
RNAL
USE
ON
LY
L10.3–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
1. Select the Managed computers node and open
the Groups tab
2. Click Create a subgroup
3. Type Mobile devices for the subgroup name
4. Make sure that the Mobile devices subgroup has
appeared in the Managed computers group
● FOR
INTE
RNAL
USE
ON
LY
L10.3–7
Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile
Task 3 Create a policy for Kaspersky Security 10 for Mobile
Prepare a policy for Kaspersky Security 10 for Mobile.
Security-Center
Desktop
1. Open the Managed computers / Mobile devices
group and switch to the Policies tab
2. Create a policy for Kaspersky Security 10 for
Mobile. Name it Policy – Kaspersky Security 10 for Mobile, and leave the default values for all parameters. Do not forget to add a license key. Ask the instructor about its location
FOR
INTE
RNAL
USE
ON
LY
L10.3–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
3. This is the last step
●
Task 4 Create and publish a standalone installation package for Kaspersky Security 10 for Mobile
Create a standalone package for Kaspersky Security 10 for Mobile. It will be automatically published on the KSC web server.
Security-Center
Desktop
1. Select the Remote installation / Installation
packages node
FOR
INTE
RNAL
USE
ON
LY
L10.3–9
Lab 10.3. Preparing Deployment of Kaspersky Security 10 for Mobile
Security-Center
Desktop
2. Create a new installation package:
Installation package for a Kaspersky Lab application
Name: Kaspersky Security 10 for Mobile The distribution file can be found on
the handout USB flash drive
3. Select the created package and click Create
stand-alone installation package
4. Create a standalone package with the Install
Network Agent along with this application option disabled
5. Click View the list of stand-alone packages to open the list of standalone packages available on the server
FOR
INTE
RNAL
USE
ON
LY
L10.3–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
6. Make sure that the Kaspersky Security 10 for
Mobile package is displayed on the list
7. Close the list of standalone packages
●
Conclusion
In this lab we prepared the Administration Server for deploying Kaspersky Security 10 for Mobile. The only required step is modifying the configuration of the Administration Server (to provide Mobile Devices support); as far as the other actions are concerned, they are optional but very useful. For example, the policy is the only way to remotely install a license key on a mobile device. By default, synchronization with the Administration Server takes place every six hours. Therefore, it is recommended to prepare the policy beforehand in order for the license key to be installed on the device at the next available synchronization.
In the next lab, we will deploy Kaspersky Security for Mobile.
FOR
INTE
RNAL
USE
ON
LY
L10.4–1
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Lab 10.4
Deploying Kaspersky Security 10 for Mobile
Lab objective. Install Kaspersky Security for Mobile.
Scenario. Deployment of Anti-Virus protection on mobile devices continues. Now, we will install Kaspersky Security 10 for Mobile on all employees’ smartphones and tablets that are allowed to connect to the corporate network.
Contents. The following computers are used in this lab:
— DC domain controller — Exchange corporate e-mail server — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. E-mail Alex a link to the Kaspersky Security 10 for Mobile installation package published on the Administration Server
2. Receive the message on the smartphone, download and install the application
3. Find the smartphone of the Alex user in the Administration Console and move it to Managed computers / Mobile devices
4. Test Kaspersky Security for Mobile with the EICAR test file
5. Test synchronization of the smartphone with the Administration Server
Preparation
Turn on the DC domain controller and Exchange mail server.
Security-Center Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
FOR
INTE
RNAL
USE
ON
LY
L10.4–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
6. From the Eclipse system menu, run Windows |
Android Virtual Device Manager
7. On the Android Virtual Devices tab, select the Android virtual device and click Start
8. In the window that opens, click Launch
Task 1 Send a link to Kaspersky Security 10 for Mobile installation package to Alex
Send a message with a request to install Kaspersky Security 10 for Mobile and a link to the installation package to the [email protected] user.
Security-Center
Desktop
1. In the Administration Console, select the Remote
installation / Installation packages node
2. Click View the list of stand-alone packages
FOR
INTE
RNAL
USE
ON
LY
L10.4–3
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
3. Find Kaspersky Security 10 for Mobile on the list
and copy the link from the URL field
4. Close the list of standalone packages
5. Open Internet Explorer and go to
https://exchange.abc.lab/owa/
6. Select Continue to this website (not recommended)
FOR
INTE
RNAL
USE
ON
LY
L10.4–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
7. Log on to the ABC\Administrator account,
password—Ka5per5Ky, and click Sign in
8. Click New
FOR
INTE
RNAL
USE
ON
LY
L10.4–5
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
9. Compose and send a message:
Addressee—[email protected] In the message body, specify the link to
the installation package published on the web site (see step 3 of this task) http://10.28.0.20:8060/dlpkg?id=19387187
Click Send
10. Close the Internet Explorer window
●
Task 2 Download and install Kaspersky Security for Mobile
Turn on the smartphone and receive the message from the administrator in the [email protected] inbox configured there, download and install Kaspersky Security for Mobile.
Security-Center
Desktop
1. Open the smartphone
2. Open the Email application
FOR
INTE
RNAL
USE
ON
LY
L10.4–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
3. Click to start synchronization
4. Receive a message from the administrator and
click it
FOR
INTE
RNAL
USE
ON
LY
L10.4–7
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
5. Click the link and download the installation
package. This may take several minutes
6. Click to return to the home screen
7. Click to open the list of installed
applications
8. Run Downloads
FOR
INTE
RNAL
USE
ON
LY
L10.4–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
9. Click the downloaded package (dlpkg.apk)
10. Click Install to install the application
FOR
INTE
RNAL
USE
ON
LY
L10.4–9
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
11. Wait for the installation to finish
12. Click Open to open the application
FOR
INTE
RNAL
USE
ON
LY
L10.4–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
13. Click Next on the welcome page of the wizard
14. Click Disable
FOR
INTE
RNAL
USE
ON
LY
L10.4–11
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
15. Select Deactivate
16. Click OK
FOR
INTE
RNAL
USE
ON
LY
L10.4–12 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
17. Click Next
18. Click Activate
FOR
INTE
RNAL
USE
ON
LY
L10.4–13
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
19. Click Start app
20. Study the interface of Kaspersky Security for
Mobile
● FOR
INTE
RNAL
USE
ON
LY
L10.4–14 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 3 Apply the KSC policy to the smartphone
After the first connection to the Administration Server, the smartphone will be displayed in the Unassigned computers / Domains / KMS10 node by default. The name of the last folder can be changed in the properties of the installation package.
Move the smartphone to the Managed computers / Mobile devices group created during the previous lab.
Security-Center
Desktop
1. In the administration console, open
the Unassigned computers / Domains node
2. In the KSM10 folder, find the smartphone icon
3. Drag the smartphone to the Managed computers
/ Mobile devices node
FOR
INTE
RNAL
USE
ON
LY
L10.4–15
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
4. Click Additional
5. Click Synchronization
FOR
INTE
RNAL
USE
ON
LY
L10.4–16 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
6. Wait for the synchronization to complete and
click Close
7. Wait for the message informing that the password
is not in compliance with the policy and click OK
FOR
INTE
RNAL
USE
ON
LY
L10.4–17
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
8. If prompted for a password, type the old
password (111q) and click Next
9. Click Password
FOR
INTE
RNAL
USE
ON
LY
L10.4–18 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
10. Type a new password, for example, 1111111q,
and click Continue
11. Confirm the new password and click OK
FOR
INTE
RNAL
USE
ON
LY
L10.4–19
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
12. Click to return to the home screen
●
Task 4 Test health of Kaspersky Security for Mobile
Try to download the EICAR test virus and receive a message about the detected virus.
To immediately send information about this event to the Administration Server, start synchronization manually (according to the schedule specified in the policy, automatic synchronization is performed every 6 hours.)
Security-Center
Desktop
1. Click to start the browser
2. Type eicar.org/download/eicar.com in the address bar and press ENTER
FOR
INTE
RNAL
USE
ON
LY
L10.4–20 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
3. Read the message about detected virus
4. Click to return to the home screen
5. Click
to open the list of installed
applications
6. Open Downloads
FOR
INTE
RNAL
USE
ON
LY
L10.4–21
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
7. Click eicar.com
8. Read the error message
9. Click to return to the home screen FOR
INTE
RNAL
USE
ON
LY
L10.4–22 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
10. Click
to open the list of installed
applications
11. Find and click Security 10 for Mobile
12. Click Additional
13. Scroll down and click Synchronization
FOR
INTE
RNAL
USE
ON
LY
L10.4–23
Lab 10.4. Deploying Kaspersky Security 10 for Mobile
Security-Center
Desktop
14. Wait for the synchronization to finish and click Close
● Task 5 Test smartphone connection to the KSC Administration Server
Find the Alex’s smartphone in the Administration Console. Pay attention to the virus counter.
Security-Center
Desktop
1. Go to Managed computers / Mobile devices
2. Find the Alex’s smartphone there
FOR
INTE
RNAL
USE
ON
LY
L10.4–24 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
3. Select the smartphone. Look through
the connection statistics, pay attention to the virus counter
4. Double-click the smartphone to open its
properties and look through the available fields
5. Close the properties window
●
Conclusion
In this lab we studied deployment of Kaspersky Security 10 for Mobile explained through the example of an Android smartphone.
In the following labs, we will study protection settings including Anti-Virus protection, encryption, blocking of lost devices and blocking specified programs from starting.
FOR
INTE
RNAL
USE
ON
LY
L10.5–1
Lab 10.5. Managing Applications by Other Manufacturers
Lab 10.5
Managing Applications by Other Manufacturers
Lab objective. Oblige employees to use Nitrodesk TouchDown for reading corporate e-mail from their mobile devices and to set a password for it.
Scenario. The corporate policy allows employees reading corporate e-mail on their devices using Nitrodesk TouchDown. That is why you will enforce installation of TouchDown, and make password protection required for TouchDown to decrease the probability of unauthorized access to confidential information (for example, in case the smartphone is lost).
Contents. The following computers are used in this lab:
— DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. Publish a container with the Nitrodesk TouchDown installation package on the KSC Administration Server 2. Enforce its installation in the Kaspersky Security for Mobile policy 3. Require protecting TouchDown with a password in the container properties 4. Test how it works
Preparation
Turn on the DC domain controller.
Security-Center
Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
6. From the Eclipse system menu, run Windows | Android Virtual Device Manager
7. On the Android Virtual Devices tab, select the Android virtual device and click Start
8. In the window that opens, click Launch
FOR
INTE
RNAL
USE
ON
LY
L10.5–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 1 Create a container for Nitrodesk TouchDown
Download the installation package of Nitrodesk TouchDown for Android to the Administration Server. To create a container, select the Create container with the selected app check box in the package adding wizard.
Security-Center
Desktop
1. In the Administration Console, select Remote
installation / Installation packages
2. Click Manage packages of mobile applications to open the list of applications for mobile devices
3. Click New
FOR
INTE
RNAL
USE
ON
LY
L10.5–3
Lab 10.5. Managing Applications by Other Manufacturers
Security-Center
Desktop
4. Type the name of the new package—Nitrodesk
TouchDown and click Next
5. Find the installation file of Nitrodesk TouchDown
for Android—nitroid-droid.apk—on the handout USB flash drive
6. Specify the path to the installation file, select the Create container with the selected app checkbox and click Next
7. Wait for the wizard to complete and click Finish
FOR
INTE
RNAL
USE
ON
LY
L10.5–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
8. TouchDown will appear in the list of applications
in Mobile applications packages management
9. Close Mobile applications packages
management
●
Task 2 Make TouchDown required and password-protected
In the policy of Kaspersky Security for Mobile, enforce installation of TouchDown, and in the properties of its container configure the password protection requirement.
FOR
INTE
RNAL
USE
ON
LY
L10.5–5
Lab 10.5. Managing Applications by Other Manufacturers
Security-Center
Desktop
1. In the Administration Console, switch to
the Policies tab of the Managed computers / Mobile devices node
2. Open the policy of Kaspersky Security for Mobile
3. Switch to the App Control section and click Add
FOR
INTE
RNAL
USE
ON
LY
L10.5–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
4. Add TouchDown:
Select Required on the drop-down list Click the Select button to specify
the TouchDown package in the Application package field
5. Click OK
6. In the policy of Kaspersky Security for Mobile,
switch to the Containers section
FOR
INTE
RNAL
USE
ON
LY
L10.5–7
Lab 10.5. Managing Applications by Other Manufacturers
Security-Center
Desktop
7. Double-click the TouchDown container to open
its properties
8. On the Authorization drop-down list, select User sets a password, select the Require repeated authorization after (minutes) check box, and type 10 minutes. Then click OK
9. To activate container management, close the lock
in the upper-right corner of the window, and select the Encrypt saved data check box
10. Click OK to close the policy
●
Task 3 Make sure that the policy is applied correctly
Synchronize the smartphone with the Administration Server. Download the new policy requiring to install TouchDown, install it, read the message requesting for a password, set a password.
FOR
INTE
RNAL
USE
ON
LY
L10.5–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
1. Open Kaspersky Security for Mobile: pull down the
Notifications panel (click the black bar in the upper part of the screen and drag it down) and then click Kaspersky Security 10 for Mobile
2. Click Additional
FOR
INTE
RNAL
USE
ON
LY
L10.5–9
Lab 10.5. Managing Applications by Other Manufacturers
Security-Center
Desktop
3. Click Synchronization to synchronize
4. Wait for the synchronization to complete and click
Close
FOR
INTE
RNAL
USE
ON
LY
L10.5–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
5. Wait for the message requiring to install TouchDown
(it may take several minutes) and click Download
6. Wait until the application is downloaded: another icon
of Kaspersky Security will appear in the taskbar
7. Pull down the Notifications panel and click Nitrodesk TouchDown: download complete
FOR
INTE
RNAL
USE
ON
LY
L10.5–11
Lab 10.5. Managing Applications by Other Manufacturers
Security-Center
Desktop
8. Click Install
9. Wait for the installation to complete and click Open
FOR
INTE
RNAL
USE
ON
LY
L10.5–12 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
10. Type a password (for example, Ka5per5Ky), then
confirm it and click OK
●
Conclusion
In this lab, we studied how to manage applications on Android devices. Containers are convenient tools for corporate applications dealing with confidential information that are run on personal smartphones or tablets of the employees. For example, the administrator can configure a password to be required only for accessing such an application, and select to encrypt its data only. Aside from that, the smartphone will work as usually.
In the next lab, we will learn how to remotely lock a phone.
FOR
INTE
RNAL
USE
ON
LY
L10.6–1
Lab 10.6. Remote Locking of Mobile Device
Lab 10.6
Remote Locking of Mobile Device
Lab objective. Remotely lock a smartphone, communicate the unlock code to the user, and unlock the smartphone.
Scenario. The user has left the smartphone at a public location. As an administrator, you can remotely lock it and display a contact phone number on the screen. When the user gets the smartphone back, you will communicate them the unlock code.
Contents. The following computers are used in this lab:
— DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. Configure the message to be displayed on the screen if the smartphone is locked remotely 2. Lock the smartphone 3. Unlock the smartphone
Preparation
Turn on DC domain controller.
Security-Center
Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
6. From the Eclipse system menu, run Windows | Android Virtual Device Manager
7. On the Android Virtual Devices tab, select the Android virtual device and click Start
8. In the window that opens, click Launch FOR
INTE
RNAL
USE
ON
LY
L10.6–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 1 Configure the message to be displayed on the screen if the smartphone is locked remotely
Configure a message to be displayed on the smartphone when locked remotely. For example, type the phone number to be dialed by the person who will find the smartphone and want to restore it.
Security-Center
Desktop
1. In the Administration Console, open the Policies
tab of the Managed computers / Mobile devices node
2. Find the Kaspersky Security for Mobile policy
and double-click it to open
3. Switch to the Anti-Theft section
4. Click Settings in the Device Lock area to open
the lock settings
FOR
INTE
RNAL
USE
ON
LY
L10.6–3
Lab 10.6. Remote Locking of Mobile Device
Security-Center
Desktop
5. Edit the message: add a phone number, an email,
and click OK
6. Click OK to close the policy
●
Task 2 Lock the smartphone
In the Administration Console, open the smartphone properties and send the locking command.
Security-Center
Desktop
1. In the Administration Console, open
the Computers tab of the Managed computers / Mobile devices container
2. Find the smartphone icon and double-click it to
open its properties
FOR
INTE
RNAL
USE
ON
LY
L10.6–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
3. Switch to the Applications section
4. Click Properties to open the properties of
Kaspersky Security 10 for Mobile application
FOR
INTE
RNAL
USE
ON
LY
L10.6–5
Lab 10.6. Remote Locking of Mobile Device
Security-Center
Desktop
5. Switch to the Anti-Theft section
6. Select the Device Lock check box and click Apply
7. Pull down the Notifications panel (click the black
bar in the upper part of the screen and drag it down)
8. Click Kaspersky Security 10 for Mobile FO
R IN
TERN
AL U
SE O
NLY
L10.6–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
9. Click Additional
10. Click Synchronization to start synchronization FO
R IN
TERN
AL U
SE O
NLY
L10.6–7
Lab 10.6. Remote Locking of Mobile Device
Security-Center
Desktop
11. After the synchronization, the screen will go
blank. Click to turn on the smartphone
12. Read the message informing that the device is
locked
●
FOR
INTE
RNAL
USE
ON
LY
L10.6–8 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 3 Unlock the smartphone
Find the unlocking code in the Administration Console and enter it to unlock the smartphone.
Security-Center
Desktop
1. Find the unlock code (a 16-digit number) in
the properties of Kaspersky Security 10 for Mobile running on the smartphone, at the bottom of the Anti-Theft section
FOR
INTE
RNAL
USE
ON
LY
L10.6–9
Lab 10.6. Remote Locking of Mobile Device
Security-Center
Desktop
2. On the smartphone, click Enter secret code
3. Type the unlock code found on
the Administration Server and press ENTER
FOR
INTE
RNAL
USE
ON
LY
L10.6–10 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
4. In the following window, click OK
5. Click to go to the home screen
●
Conclusion
This lab demonstrates the actions that can be taken if a mobile device is lost. A significant drawback of this scenario is that the device is locked only after a synchronization, which by default takes place only once every 6 hours.
In the next lab, we will remotely reset the smartphone to the factory settings to delete all user’s content from it.
FOR
INTE
RNAL
USE
ON
LY
L10.7–1
Lab 10.7. Remote Reset of Mobile Device (Optional)
Lab 10.7
Remote Reset of Mobile Device (Optional)
Lab objective. Remotely wipe out information from the smartphone.
Scenario. The smartphone where confidential information is stored has been stolen from the user. You decide to preventively delete all data from it instead of trying to find the device.
Contents. The following computers are used in this lab:
— DC domain controller — Security-Center (KSC Administration Server) — Desktop (workstation of the Alex user) with a smartphone connected to it
During the lab, you will:
1. Send the command to reset the smartphone 2. Initiate synchronization on the smartphone 3. Make sure that the smartphone is reset to the factory settings
Preparation
Turn on DC domain controller.
Security-Center
Desktop
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account. Password—Ka5per5Ky
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—Ka5per5Ky
5. Double-click the Eclipse shortcut (either on the Quick Launch toolbar or on the desktop) to run it
6. From the Eclipse system menu, run Windows | Android Virtual Device Manager
7. On the Android Virtual Devices tab, select the Android virtual device and click Start
8. In the window that opens, click Launch FOR
INTE
RNAL
USE
ON
LY
L10.7–2 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Task 1 Send the command to reset the smartphone
In the Administration Console, open the smartphone properties and send the command that wipes out information.
Security-Center
Desktop
1. In the Administration Console, open
the Managed computers / Mobile devices container and select the Computers tab
2. Double-click the smartphone icon to open its
properties
FOR
INTE
RNAL
USE
ON
LY
L10.7–3
Lab 10.7. Remote Reset of Mobile Device (Optional)
Security-Center
Desktop
3. Switch to the Applications section
4. Click Properties to open the properties of
the Kaspersky Security 10 for Mobile application
FOR
INTE
RNAL
USE
ON
LY
L10.7–4 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
5. Switch to the Anti-Theft section
6. Select the Full Reset check box and click Apply
7. Open Kaspersky Security for Mobile: pull down
the Notifications panel (click the black bar in the upper part of the screen and drag it down) and click Kaspersky Security 10 for Mobile
FOR
INTE
RNAL
USE
ON
LY
L10.7–5
Lab 10.7. Remote Reset of Mobile Device (Optional)
Security-Center
Desktop
8. Click Additional
9. Click Synchronization to synchronize
FOR
INTE
RNAL
USE
ON
LY
L10.7–6 KASPERSKY LAB™
KL 010.10: Mobile Device Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
10. When synchronization is completed,
the smartphone will power off
●
Conclusion
This is the last lab. We reset the smartphone to the factory settings to wipe the information from it. It should be noted that in real life, the reset command should be sent by SMS, because it will then be carried out immediately, while planned synchronization with the Administration Server is performed only once every 6 hours by default.
1.02 FOR
INTE
RNAL
USE
ON
LY