INSURANCE COMPANY NAME PHONE NUMBER INSURANCE COMPANY TYPE 20/20
National Insurance Company-MCAFEE
-
Upload
api-3759676 -
Category
Documents
-
view
117 -
download
1
Transcript of National Insurance Company-MCAFEE
ePolicy Orchestrator Architecture and Concepts
Indrajit Majumder
Agenda
Define ePolicy Orchestrator.
McAfee Architecture for NIC.
Repository.
Rogue Sensor System.
Installation, Updation and Uninstallation.
User Awareness.
What is ePolicy Orchestrator ?
ePolicy Orchestrator is a management tool from McAfee Antivirus which
provide a tool for centralized anti-virus management , security policy
management and enforcement.
Usage of ePolicy Orchestrator :-
1. Deploy McAfee Products.
2. Updation of the Products.
3. Enforcement and management of policies.
Components
The ePolicy Orchestrator software contain following components :-
1. The ePolicy Orchestrator Server :- It is a management server and a repository for
all data collected from distributed ePolicy Orchestrator agents.
2. The ePolicy Orchestrator Console :- A clear , understandable view of all virus
activity and status, with the ability to manage and deploy agents and products.
3. The ePolicy Orchestrator Agent :- An intelligent link between the ePolicy
Orchestrator Server and the anti-virus and security products that enforces policies
and tasks on client computers.
Communication Port
Different communication Port in ePolicy Orchestrator :-
Agent to Server communication Port : 80
Console to server communication Port : 81
Agent Wake-Up communication Port : 8081
Agent Broadcast communication Port : 8082
Sensor to Server communication Port : 8444
Security Threats HTTP port : 8801
MCAFEE ARCHITECTURE FOR NIC
REPOSITORY
What is Repository ?
Repository is a Place or folder which content all Virus Updates, SuperDAT,
Patches for all McAfee product, Signature, McAfee default Policy, etc.
Component of Repository ?
Source Repository ( McAfee Updates.ini sites).
Master Repository ( NIC-800000-EPO1 placed in Head Office).
Distributed Repository ( in 24 Regional Offices).
Clients Machines ( In all over Operating Offices).
Source Repository
A Source Repository is a location from which Master Repository retrieves Updates.
Scheduled from 8:00 PM onwards.
HTTP:// update.nai.com /Products/ CommonUpdater.
FTP:// ftp.nai.com/ CommonUpdater.
Master Repository
The Master Repository maintain a original copy of Source Repository.
The Master Repository distribute (PUSH) all the packages to the Distributed
Repository. (Schedule from 5:00 AM to 9:00 AM)
The Master Repository is placed in Head Offices that is NIC-800000-EPO1.
Distributed Repository
The Distributed Repository maintain a
duplicate copy of Master Repository.
The DR PULL all the packages from
the Master Repository.
Clients computer retrieves updates
from Distributed Repository.
Clients
Clients present on Operating Offices running with McAfee Antivirus , retrieves
updates from there respective Regional Offices.
Schedule from 11:00 AM to 11:45 AM.
Normally Clients download new policies from ePO Server ( NIC-800000-EPO1) , and
SDAT from Distributed Repository.
Repository Flow Chart
Rogue Sensor System
Rogue system detection means find unmanaged computers in your network or
subnet.
Rogue means “ computers which do not have ePolicy Orchestrator Agent ” or the
computer that is not managed by an ePO agent but should be.
The Rogue System Detection system helps you to monitor all the system on your
network-Not only the once ePO manages already , but also the rogue system
( system without agent) as well.
Rogue system Detection integrates with your ePO Server to provide real-time
detection of rogue system.
The Rogue sensor placed on each network broadcast segment.
Rogue Sensor System ( cont…)
In NIC Rogue Sensor are placed on Genisys Server of each Operating office. It
detect all the rogue machines in there network and send report to ePO Server( NIC-
800000-EPO1) placed in HO.
HOW IT WORKS ?
The Sensor is a small WIN32 native executable application. We deploy at least one
sensor to each broadcast segment. The sensor run on any NT-based Windows
operating system.
To detect system on the network, the sensor utilize WinPCap , an open source
packet capture library. Using WinPCap , the rogue system detection sensor captures
network layer two broadcast packets sent by computers connected to the same
network broadcast segment.
Rogue Sensor System ( cont…)
The sensor listens for Address Resolution Protocol (ARP) , Reverse Address
Resolution Protocol (RARP) , and IP traffic.
The sensor is able to “listen” to the broadcast traffic of all that part of the network.
Like Rogue computers , Printer , router , Switch and all other devices.
The Rogue sensor system gather all information includes DNS name ,IP, MAC
Address, NetBIOS name , Operating system version , and list of currently logged-in
users . And after that send all those information to ePO Server sensor that is
NIC-800000-EPO1 placed in HO.
The Sensor-to-Server communication Port is : 8444
Rogue Sensor System ( cont…)
Rogue Sensor System ( cont…)
Rogue Sensor System ( cont…)
Rogue Sensor System ( cont…)
INSTALLATION
Installation of ePO Agent. (FramePkg.exe)
Installation of VirusScan Enterprise (setupvse.exe)
Updation of ePO Agent and VirusScan Enterprise.
Distributed Repository selection.
Uninstallation.
ePO Agent Installation
In the MacAfee package all these files are available. First we have to install ePO agent then we will install MacAfee virus scan enterprise.
McAfee Package present in ftp://10.80.0.25/ domainjoin/ McAfee Package.
For installation of ePO agent double click on
“ FramePkg.exe ”
ePO Agent Installation
it will start installation.
After ePO agent installation is complete it show msg. “ Setup completed successfully”. Press OK.
VirusScan Enterprise Installation
Double Click on
Setupvse.exe” .
First screen come for McAfee
VirusScan Enterprise Setup.
Click “ NEXT ” .
VirusScan Enterprise Installation
In the License expiry type, we
need to select “ Perpetual”
And Select country where
purchased and used. We
need to select " United States
{default for use in US}”.
Select “ I accept the terms in
the License agreement ”. Click
OK.
VirusScan Enterprise Installation
Select “Typical ”. Click NEXT.
Click “ Install ”. Then it starts
Installation.
VirusScan Enterprise Installation
Deselect “ update Now ” and
“ Run On-Demand Scan ”
Installation is complete now.
Press YES.
VirusScan Enterprise Installation
After we restart the machine the
Following LOGO will come.
First check Symbol of VirusScan
Enterprise in the Right hand side
corner of the Desktop. That means
virus scan installed successfully.
Updation of ePO Agent
If ePO agent symbol not come in the Right hand side corner of the Desktop. Do following steps.
Go to: Start Run cmd.
Type the complete path for enforces Policies. C:\Program Files\Network Associates\Common Framework> cmdagent /P /E /C
Distributed Repository selection.
Right click on VirusScan
Enterprise symbol Select “
VirusScan Console.”.
Go to: Tools Edit
AutoUpdate Repository List
Distributed Repository selection.
If we are installing this package for CRO-1 Operating office. Then select CRO-1 and deselect all other Repositories.
Then click Move up.
Click OK.
Update of VirusScan Enterprise
Right click on VirusScan Enterprise
symbol.
Click Update Now.
Then you can see the VirusScan
Enterprise take update from CRO-1.
Update of ePO Agent
Again Right click on ePO agent
symbol.
Click Update Now.
Then you can see the ePO
agent take update from CRO-1.
Update of ePO Agent
Right click on ePO agent symbol.
Click Status Monitor.
Finally click on Collect and Send Properties.
Then the client collects all update automatically from server.
Uninstallation of ePO agent
Go to: Start Run cmd.
Type the complete path for uninstall ePO agent. C:\Program Files\Network Associates\Common Framework> frminst.exe /remove=agent
Uninstallation of ePO agent
Click OK. Uninstallation is
complete.
And for uninstall Virus Scan
Enterprise click remove from
CONTROL PANAL
ADD/REMOVE program.
USER AWARENESS
ePO Agent and Virus Scan Enterprise Symbol must be shown in the Task bar.
On- Access Scan must be enabled.
Super DAT Of McAfee Virus Scan Enterprise must be updated. User can check latest
Version of Super DAT from FTP:// 10.80.0.25/ domain join/ MacAfee-Package . Or
HTTP://10.X.0.3/epo/Current/VSCANDAT1000/DAT/0000/dat ( Where X = Regional
office code ) .
ePO Agent of client machines must communicate with NIC-800000-EPO1 ( main
server ) Properly. At least once in a day click-on “Collects and send Properties” of
ePO Agent.
ePO Agent and Virus Scan Enterprise must be taking updates from there respective
Regional Office only.
User should scan there computer completely at least once in a week.