Sophos Enterprise Solutions - University of Oxfordusers.ox.ac.uk/~bridget/sophos/sophos1.pdf ·...
77
Sophos Enterprise Solutions
Transcript of Sophos Enterprise Solutions - University of Oxfordusers.ox.ac.uk/~bridget/sophos/sophos1.pdf ·...
Sophos Enterprise Solutions
This Seminar…
¢ Overviewl Components — EM Library, Enterprise
Console, Clientsl OS requirements and product functionality
¢ EM Libraryl In depth
¢ Enterprise Consolel In depth
¢ Clientsl In brief
Overview
Components
¢ EM Library (essential)lManages downloading of software
from Sophos
¢ Enterprise Console (optional — sort of)lManages clients
¢ Sophos Anti-Virus Clients (essential)l Client software for virus detection and
disinfection
Requirements — EM Library
¢ WindowslWindows NT SP6alWindows 2000 Professional or Server
(SP3+)lWindows XP Professional (SP1+)lWindows 2003 Server
¢ Requires MMC 1.2¢ IE 5.5 SP2 or above
Requirements — Enterprise Console
¢ Windows 2000 (SP3+) or 2003 Serverl If managing more than 10 PCs
¢ Windows 2000 (SP3+) or XP (SP1+) Professional l If managing up to 10 PCslMay be used to define and export
policies, regardless of PCs managed
Function — EM Library
¢ Downloads package updates from Sophos to a library according to a schedulel Default is c:\program files\sophos
enterprise manager\library shared as SophosEM
l Library can be remote or local
¢ Optionally publishes packages to make them available to child libraries
Function — EM Library
¢ Pushes updates to Central Installation Directories (CIDs)l CIDs can be on remote servers (e.g.
unix)l CIDs can be published via a web
server
¢ Clients check CIDs for updates and download as required
Function — Enterprise Console
¢ Deploy software to clients¢ Monitor status of client installations¢ Organise clients into groups¢ Define and apply updating and anti-
virus polices to groups of PCs¢ Report on alerts etc.
Library maintained by
EM Library
SophosDatabank at sophos.com
1. EM Library pulls updates from Sophos according to schedule
2000/XP/2003 CID on Windows
share
95/98/Me CID on Windows share
Mac OS X 10.2+ CID on AppleShare compatible share
2000/XP/2003 CID on IIS
2000/XP/2003 CID on samba
share
2000/XP/2003 CID on Apache
2. EM Library pushes updates to central
installation directories (CIDs)
OS XOS X
OS X
XP
20002003
9598
ME
XP 2000
2003
3. Clients check CIDS according to their
schedule and pull updates from CIDs
XP 2000
2003
XP
20002003
Clients
How does Enterprise Console fit in?
¢ Not required to provide updates to clients
¢ May be used to manage clients
Documentation
¢ Sophos enterprise solutions installation advisor¢ Sophos Anti-Virus Startup Guide¢ Knowledgebasel Ignore docs with references to Remote Updates,
SAVAdminl Look for EM Library v1.2, Enterprise Console 1.0,
Clients 4.5 or 5.0
¢ http://www.oucs.ox.ac.uk/viruses/sophos/antivirus as a starting point
Questions?
EM Library
Installation¢ Download required network installer from
micros.oucs¢ Before installation on Domain Controllerl Optionally create domain a/c with admin privileges
• http://www.sophos.com/support/knowledgebase/article/2522.html
• Global credentials used to access and update CIDs (Can be altered for individual CIDS)
¢ Run installerl Server: es10sfx.exe (unpacks to \sec10)l Workstation: run es10wssfx.exe – if you run setup.exe
from unpacked files it will fail (tells you only server supported!)
Installation
¢ To install EM Library onlyl \sec10\Serverinstaller\EMConsole\setup.exe
¢ Post Installationl Patch MSDE 2000 engine (use MBSA to
determine appropriate patches)l Not required if only installing EM Library
(MSDE installed by Enterprise Console only)l Note EM Library creates share for EM
Library installation files• Default is C:\Program Files\Sophos Enterprise
Manager\console\bin\inst shared as EMLibInstaller
Configuring EM Library
Create Library
¢ Location for downloaded files from Sophos¢ Local or remote¢ Prompts for installation path and library
share namel Defaults are C:\Program Files\Sophos
Enterprise Manager and SophosEM¢ Prompts for path and share name for
Central Installation Directoriesl Default C:\Program Files\Sophos Sweep for
NT shared as Interchk
Create Library
Create network account
¢ Used to update library files¢ May need to use pre-created domain
account on a domain controller¢ Unclear whether you need to pre-create
account if installing on member server in a domainl http://www.sophos.com/support/knowledgeb
ase/article/2522.html¢ On standalone server you can choose
option to create account
Create Network Account
Select Parent
Select Parent
¢ Source of files to download to library¢ Can be Sophos databank or another libraryl Will generally be the Sophos databank
¢ Credentials available from ITSS restricted facilities web pagel https://register.oucs.ox.ac.uk:6123/cgi
-bin/diagonalley/indexl Under Sophos EM Library Update
Servicel Do not divulge these to anyone except
ITSS!
Select Parent
Schedule Downloads
Schedule Downloads
¢ Sets up schedule for downloading from Sophos or parent library
¢ Generally set up new schedule and accept defaults
¢ Downloads updates once every hour (random offset)
¢ Downloads can also be triggered manually via EM Library
Schedule Downloads
Schedule Downloads
Select Packages
Select Packages
¢ Default view shows only the current versions of the new Sophos clients
Select Packages
¢ Uncheck options to see more packages
Download Packages
Download packages
¢ Triggers initial download of packages to populate both library and central installation folders (CIDs)l Default CID already set up for each
package
¢ If you want to move CIDs (e.g. to linuxbox) you can do this before downloadingl…or later
Download Packages
¢ Can also be used at any time to trigger manual update of packages
Configuring Packages
Configuring Packages
¢ SubscribedlWill be downloaded according to
schedule
¢ UnsubscribedlWill not be downloadedl Right-click to subscribe
¢ Publishedl Available to child librariesl Right-click to publish
Configuring Central Installations
Configuring Existing CIDs
¢ Can alter location of CID (e.g. to a different server)
¢ Can alter credentials to access CID¢ Can change updating schedule
(default is to update immediately after library is updated)
¢ Can locate CIDs on other servers, so long as the location is accessible from Windows box (e.g. via Samba)
Configuring Central Installations
¢ Right-click to configure existing CIDs
Add additional CIDs
¢ Packages/subscribed and right-click on chosen package
¢ Configure options as per configuring existing CIDs
CIDs — Additional Information
¢ Note special requirements for CIDs for the following clients (see manuals)l Mac OS Xl Netwarel Unix
¢ We will cover some of these points in more detail in future seminars
¢ Manually update a CID via right-click/Update CID
CID Anatomy
Used to check synchronisation statuscidsync.upd
Optional file to configure updating policysauconf.xml
Used to check synchronisation statuscidsync.upd
Optional file to configure A-V policysavconf.xml
Used to check synchronisation statuscidsync.upd
Sophos Anti-virus filessavxp\
Remote Management System filesrms\
AutoUpdate filessau\
Used to check synchronisation statuscidsync.upd
Main setup filesetup.exe
cid\
PurposeTop Level
CID Anatomy
¢ cidsync.updl Clients use this to check synchronisation
statusl Includes details of all files (including ides)l Binary file, generally updated by EM Library
¢ rms folder is optionall Remote management components used by
Enterprise Consolel Need to tell installer not to use it (default is to
install rms)l More on this in the next seminar…
EM Library — Tools/Options
¢ Console Optionsl Display, refresh etc.
¢ Securityl Who can run EM Libraryl Effectively adds and removes users or
groups from the EMLibrary Users group¢ Notificationsl Method (Email, Event Log, Network
Messaging)l What is notified
EM Library — Scripts
¢ \\server\SophosEM\bin\EMLexp.exe(C:\Program Files\Sophos Enterprise Manager\Library\bin\EMLexp.exe)l Export library settings to XML filel Import library settings from XML filel Trigger manual update of a libraryl NB File may require editing before import to
different server (see http://www.sophos.com/sophos/docs/eng/manuals/eml_men.pdf)
EM Library — Scripts
¢ Manual update of child library via batch filel http://www.sophos.com/sophos/docs/e
ng/manuals/eml_men.pdf)l Page 48
Questions?
Sophos Enterprise Console
Enterprise Console
¢ Install using network installers as per EM Library
¢ Manage clients in a controlled environment, e.g. college or departmentl Remote installation and updating of Sophosl Status of Sophos on machinesl Reporting
¢ Apply Policies for updating and A-V enginel Apply via Enterprise Consolel Or export to files for inclusion in CIDs
Console View
Viewing Computers
¢ Actions/Find Computersl Relies on Microsoft networking (browse
masters etc.)l Windows XP firewall likely to cause
problems¢ File/Import computers from filel File format (text file)
[]||name1||name2
l Netbios or DNS namesl See help for full information (testing shows that you
may need to include OS)
Organising Computers —Groups
¢ Need at least one group in order to define policies
¢ Move PCs from Unassigned into groups
Configuring Policies
¢ Updating and Anti-virus policies¢ Policies may be different for each
group¢ Updating policy has different sections
for each OSl At least one section must be
configured
¢ Updating policy must be set before protecting PCs via Enterprise Console
¢ Use Comply with… to enforce policies
Updating Policy
¢ Need to specify at leastl Primary source (for updates)l Credentials (if required)
¢ Can specify other itemsl How often client checks for updates
Updating Policy
Anti-virus policy¢ E.g. scheduled and on-access scanning
Protect Computers — Prerequisites
¢ Need access to clients via file sharel XP or other personal firewalll May prefer to install from client
¢ Need account with admin credentials on clients¢ Need same account credentials to exist on server
(does not need to be admin)l Don’t have to be logged in as this accountl Suspect non-domain issue
¢ Must configure Updating Policy on group before protecting
Protect Computers —Wizard
Enterprise Console and Firewalls
¢ 3 services on client (see Appendix B)¢ Using TCP 8192-8194¢ Connections may be initiated by
server or clients¢ Be wary of firewalls at both ends¢ Only applies for management of
machinesl Scheduled client updates are always
initiated from the client end
Policies
¢ Can be applied via Enterprise Console
¢ Can also be applied using filesl Sauconf.xml (Updating policy) in sau
folderl Savconf.xml (A-V policy) in savxp
folder
¢ Useful for clients not managed by Enterprise ConsolelWeb-based CIDs
Policies
¢ Export group policies from Enterprise Console using exportconfig.exel \sec10\tools or \sec10ws\tools
¢ More detail in next seminar
Questions?
Sophos Clients
Client Installation
¢ Sophos AutoUpdate installed firstl Configured with source of Sophos filesl Credentials to access files
¢ Sophos AutoUpdatel Fetches and installs other components using
source and credentials¢ Management Componentsl Optional (default install from CID includes
these)l Enterprise Console will install them; can be
turned off using other installation methods
Client Components on Windows XP
Enterprise Console Management
Virus Detection
Updating Sophos
Purpose
1. Sophos Agent2. Sophos AutoUpdate Agent3. Sophos Message Router
Sophos Remote Management System
1. Sophos Anti-Virus2. Sophos Anti-Virus status reporter
Sophos Anti-Virus
1. Sophos AutoUpdate ServiceSophosAutoUpdate
ServicesComponent
Client Configuration
¢ Groups createdl SophosAdministratorl SophosPowerUserl SophosUser
¢ Automatically puts members of Administrators into SophosAdministrator, etc.
¢ Restricts access to configuration options
Group Restrictions
¢ Member of SophosAdministratorgroup
Group Restrictions
¢ Member of SophosUser group
Client Installation and Configuration
¢ To be continued…
Questions?
Appendix A — EM Library
¢ Default Sharesl C:\Program Files\Sophos\Enterprise
Manager\console\bin\inst (EMLibInstaller)• Installation files for EM Library
l C:\Program Files\Sophos Enterprise Manager\Library (SophosEM)
• Library
l C:\Program Files\Sophos Sweep for NT (Interchk)
• Client software Central Installation Directories
Appendix A — EM Library
¢ Services created when Library is createdl Sophos EMLibUpdate Agent l Sophos Enterprise Manager
Scheduler
Appendix A — EM Library
¢ Users created (optional)l EMLibUser1 (can specify alternative
account)lMember of Administrators
¢ Groups createdl EMLibrary UserslMembers of existing Administrators
group are made members automatically
Appendix B — Enterprise Console
¢ Shares createdl None known
¢ Services createdl Sophos Agentl Sophos AutoUpdate Agentl Sophos Certification Managerl Sophos Management Servicel Sophos Message Router
Appendix B — Enterprise Console
¢ Groups createdl Sophos Console AdministratorslMembers of existing Administrators
group are made members automatically
lMust be a member of this group in order to run Enterprise Console
References
¢ Sophos enterprise solutions installation advisor l http://www.sophos.com/misc/sophos_es_su
pport_pack.chm¢ Sophos Anti-Virus Startup Guidel http://www.sophos.com/sophos/docs/eng/ins
tguid/esav_sen.pdf¢ Sophos EM Library Manuall http://www.sophos.com/sophos/docs/eng/ma
nuals/eml_men.pdf
References
¢ Sophos Enterprise Console Manuall http://www.sophos.com/sophos/docs/e
ng/manuals/sec_men.pdf
¢ OUCS Guide to Installing and Configuring EM Library and Automatic Client Updatingl http://www.oucs.ox.ac.uk/viruses/soph
os/enterprise/l Refer to references section for more
links
