T E C H N I C A L S A L E S S E R V I C E S
|
|
- Angelica Hill
- 6 years ago
- Views:
Transcription
1 T E C H N I C A L S A L E S S E R V I C E S Trend Micro OfficeScan 7.0 and Cisco Security Agent 4.5 Configuration For Cisco Security Agent 4.5 August 2005 Trend Micro, Inc N. De Anza Blvd. Cupertino, CA T / F
2 TABLE OF CONTENTS ABOUT THIS DOCUMENT...2 ASSUMPTIONS...2 SCOPE & LIMITATION...2 PREPARATION PRIOR TO CONFIGURATION...2 VARIABLE DESCRIPTION...3 CONFIGURATION PROCEDURE FOR CSA IMPORT GROUPS & POLICIES PRIOR TO ACTUAL CONFIGURATION CONFIGURE NETWORK ADDRESS SETS VARIABLES CONFIGURE NETWORK SERVICE VARIABLES UPDATE SYSTEM HARDENING MODULE PREPARE AGENT KITS FOR DEPLOYMENT...8 SUMMARY...9 APPENDIX...10 ABOUT TREND MICRO INCORPORATED
3 ABOUT THIS DOCUMENT Cisco Security Agent (CSA) is an Intrusion Prevention product that provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. Trend Micro OfficeScan Corporate Edition is a client/server security solution that integrates the core capabilities of multiple security technologies. Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates. OfficeScan helps enforce security policies and mitigates the daily threat of file-based and network viruses, intruders, spyware, and other threats. This document acts as a guideline for configuring CSA in an environment where OfficeScan is also installed. The configuration outlined herein will ensure that CSA will allow OfficeScan client & server components to communicate properly. ASSUMPTIONS The information in this document is based on the following assumptions: OfficeScan Server & Client components have been deployed prior to installation of CSA. If NAC is also being implemented, then Cisco Trust Agent should also be deployed through OfficeScan. When OfficeScan deploys CTA, it also includes the posture plug-ins required for CTA to work with the OfficeScan server. SCOPE & LIMITATION This document is provided as a guide to configuring CSA to allow OfficeScan to function properly in the same environment. All configurations to CSA will be done through the CSA Management Console. To facilitate this, Trend Micro has provided a set of CSA Policies that can be imported to CSA Management Console. This set is named OfficeScan70_CSA_45_Policies01.export and can be downloaded at the link below: Any and all other configuration needed by CSA for other requirements are not included here. Also, the configuration guidelines herein only document as far as pre-deployment of Agent Kits. Please refer to the proper CSA Documentation for directions on adding other IT Policies & application requirements to your Agent Kits and deploying them. It is beyond the scope of this document to outline the installation, deployment & configuration of OfficeScan, as this is already fully documented in the OfficeScan Installation. PREPARATION PRIOR TO CONFIGURATION Listed below are the prerequisites for the configuration of CSA: The required set of CSA Policies needed for configuring CSA has already been downloaded from the Trend Micro Knowledge Base, i.e. OfficeScan70_CSA_45_Policies01.export. The Policies contained herein are listed in APPENDIX A of this document for your reference. APPENDIX B contains the validation procedure & results for the import file. During installation, the IP addresses of the following OfficeScan Components have been noted: OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents During installation, the Ports used by the following OfficeScan components have been noted: OfficeScan Clients 2
4 OfficeScan Server (HTTP Ports) Trend Micro Policy Server for Cisco NAC (HTTP Ports) VARIABLE DESCRIPTION Table 1.1. Variables used as Network Address Sets VARIABLE NAME VARIABLE DESCRIPTION OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents Trend Micro Policy Server for Cisco NAC Trend Micro OfficeScan Server List of IP Addresses for all OfficeScan Update Agents Table 1.2. Variables used as Network Services VARIABLE NAME VARIABLE DESCRIPTION Cisco NAC Authentication Ports Ports For ACS and Policy Server OfficeScan Client Port OfficeScan Server HTTP Port Trend Micro Policy Server For Cisco NAC Client Port For Server To Client Communication HTTP/HTTPS Ports For OfficeScan Server HTTP/HTTPS Ports For OfficeScan Policy Server CONFIGURATION PROCEDURE FOR CSA 1. IMPORT GROUPS & POLICIES PRIOR TO ACTUAL CONFIGURATION In the CSA Management Console, go to the Maintenance> Export/Import >Import menu option. FIGURE 1.1. Selecting the Import menu option 3
5 Browse to the downloaded import file OfficeScan70_CSA_45_Policies01.export and click Import. FIGURE 1.2.Selecting the Import Groups & Policy File 2. CONFIGURE NETWORK ADDRESS SETS VARIABLES The different Network Address Sets should be configured to reflect the different IP addresses of your OfficeScan Policy Server, OfficeScan Server and any OfficeScan Update Agents in your environment. To do this, select the Configuration> Variables> Network Address Sets menu option. FIGURE 2.1. Selecting the Network Address Sets menu option 4
6 From the Network Address Set list, choose OfficeScan Policy Server. In the Address Ranges Matching field, change the IP address to match the IP of your Policy Server. NOTE: Skip this variable if NAC is not used or if the Trend Micro Policy Server is not installed. FIGURE 2.2. Matching the IP address of OfficeScan Policy Server Go back to the Network Address List and choose OfficeScan Server. In the Address Ranges Matching field, change the IP address to match the IP of your OfficeScan Server. FIGURE 2.3. Matching the IP address of OfficeScan Server If your OfficeScan environment uses update agents, you need to add their IP addresses to the Network Address Sets. To do this, go back to the Network Address List and choose OfficeScan Update Agents. In the Address Ranges Matching field, change the IP addresses to match the IP of your OfficeScan Update Agents. Note that the default value in this field is <none>. 5
7 FIGURE 2.4. Matching the IP addresses of any OfficeScan Update Agents 3. CONFIGURE NETWORK SERVICE VARIABLES The different Network Service variables should be configured to match the ports set during the installation of OfficeScan Clients, OfficeScan Server and Trend Micro Policy Server. To do this, select the Configuration> Variables> Network Services menu option. FIGURE 3.1. Selecting the Network Services menu option From the Network Services list, choose OfficeScan Client Port. In the Protocol Ports field, update the Port number to match the Port selected during installation of OfficeScan Server. 6
8 FIGURE 3.2. Matching Port used during installation of OfficeScan Clients If the default installation ports for OfficeScan Server (8080 and 4343) were not used during installation, then the OfficeScan Server HTTP Port variable will need to be updated. To do this, go back to the Network Services list and select OfficeScan Server HTTP Port. In the Protocol Ports field, update the Port number to match the Port used by OfficeScan Server during installation. If IIS is used as a web server and if the default installation ports for Trend Micro Policy Server (8081 and 4344) were not used during installation, then the Trend Micro Policy Server For Cisco NAC variable will need to be updated. To do this, go back to the Network Services list and select Trend Micro Policy Server For Cisco NAC. In the Protocol Ports field, update the Port number to match the Port used by OfficeScan Server during installation. 4. UPDATE SYSTEM HARDENING MODULE The default CSA policies will cause excess logging when the Trend Micro Client Firewall loads. While this does not affect functionality, it will add unneeded items to the CSA event log. To prevent excess logging caused by the default CSA policies, modify the System Hardening rule module under Rule Modules [Windows] from the Configuration menu. FIGURE 4.1 Modifying the System Hardening Rule Module 7
9 From the list of rule modules, click on the Rules column of System Hardening Module. FIGURE 4.2 Rules Column of System Hardening Module From the list of rules, click on Sniffer and Protocol Detection. FIGURE 4.3 Selecting Sniffer and Protocol Detection In Exclude: The following non-standard protocols and packet sniffers add TM_CFW. FIGURE 4.4 Adding TM_CFW to Non-Standard Protocols and Packet Sniffers 5. PREPARE AGENT KITS FOR DEPLOYMENT At this point, the necessary Groups can now be added to your Agent Kits for pre-deployment. Note that when NAC is also being implemented, then Cisco Trust Agent should also be deployed through OfficeScan. You may also refer to APPENDIX C: Agent Kit Deployment Flowchart for a graphical representation of this section. For Desktop Agent Kits, add the following Groups to your package: Systems - OfficeScan Client 7.0 Systems OfficeScan Update Agents (only if machine is an update agent) For ACS Server Agent Kits, add the following Groups to your package: Servers Cisco ACS Server For Cisco NAC Systems OfficeScan Client 7.0 8
10 For OfficeScan Server Agent Kits (where NAC Policy Server is also installed in the same machine), add the following Groups to your package: Servers OfficeScan Server 7.0 Servers Trend Micro Policy Server for Cisco NAC Systems OfficeScan Client 7.0 For dedicated OfficeScan Server & NAC Policy Server Agent Kits, add the following Groups to your package: Servers OfficeScan Server 7.0 Systems OfficeScan Client 7.0 If the environment is NAC-enabled, add the Systems Cisco Trust Agent Group to all packages. SUMMARY This document acts a guideline for configuring CSA through the CSA Management Console to allow OfficeScan to function properly. To do this, the OfficeScan70_CSA45_Policies01.export should be imported through the CSA Management Console. Next, Network Address Sets & Network Service Variables should be configured accordingly to reflect OfficeScan installation ports & IP addresses. The proper Groups should then be added to your Agent Kits in preparation for deployment. 9
11 APPENDIX APPENDIX A: OfficeScan70_CSA45_Policies01.export The different rules per Group contained in the import file are listed and described as follows: Server Group: Servers Cisco ACS Server For Cisco NAC Policy: Cisco ACS Server RADIUS Rule Module: Cisco ACS 3.3 RADIUS Server For NAC Rules: 1. Rule Type: Network Access Control Description: ACS to act as server for Cisco NAC Authentication Ports Application Class: Cisco ACS Server RADIUS Act As: Server Network Service: $Cisco NAC Authentication Ports Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services Cisco NAC Authentication Ports by processes in application class Cisco ACS Server RADIUS will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: ACS to act as client for Trend Micro Policy Server HTTP Ports Application Class: Cisco ACS Server RADIUS Act As: Client Network Service: $Trend Micro Policy Server HTTP Ports Host Address: <all> Attempts to connect to any server whose address is contained in address ranges using local addresses contained in address ranges for network services Trend Micro Policy Server HTTP Ports by processes in application class Cisco ACS Server RADIUS will be allowed. No events will be logged when the rule is triggered. Server Group: Servers OfficeScan Server 7.0 Policy: OfficeScan - Server Rule Module: OfficeScan Server Rules: 1. Rule Type: Network Access Control Description: IIS Web Server act as a server for OfficeScan HTTP Port Application Class: IIS Web Server application [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Server HTTP Port Host Address: <all> 10
12 Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Server HTTP Port by processes in application class IIS Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Trend Virus Scanner Applications act as a client for OfficeScan client port Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Client Port Host Address: <all> Attempts to connect to any server whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 3. Rule Type: Network Access Control Description: Trend Virus Scanner act as a client for HTTP to remote addresses Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $HTTP [V4.5.1 r616] Host Address: $Remote addresses [V4.5.1 r616] Attempts to connect to any server whose address is contained in address sets Remote addresses [V4.5.1 r616] using local addresses contained in address ranges for network services HTTP [V4.5.1 r616] by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 4. Rule Type: Network Access Control Description: Apache act as a server for OfficeScan HTTP port Application Class: Apache Web Server application [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Server HTTP Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Server Group: Servers Trend Micro Policy Server For Cisco NAC Policy: OfficeScan Policy Server For Cisco NAC Rule Module: Trend Micro Policy Server For Cisco NAC Rules: 11
13 1. Rule Type: Network Access Control Description: IIS act as a server for Trend Micro Policy Server HTTP Ports Application Class: IIS Web Server application [V4.5.1 r616] Act As: Server Network Service: $Trend Micro Policy Server HTTP Ports Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Apache act as a server for OfficeScan HTTP Port Application Class: Apache Web Server application [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Server HTTP Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Group: Systems OfficeScan Client 7.0 Policy: OfficeScan Client Rule Module: OfficeScan Client Rules: 1. Rule Type: Network Access Control Description: Trend virus scanner act as a client for OfficeScan Server HTTP Port to OfficeScan Server Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Server HTTP Port Host Address: $OfficeScan Server Attempts to connect to any server whose address is contained in address sets OfficeScan Server using local addresses contained in address ranges for network services OfficeScan Server HTTP Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Trend virus scanner act as a server on OfficeScan Client Port for OfficeScan Server Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] 12
14 Act As: Server Network Service: $OfficeScan Client Port Host Address: $OfficeScan Server Attempts to accept connections from any client whose address is contained in address sets OfficeScan Server using local addresses contained in address ranges for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 3. Rule Type: Network Access Control Description: Trend virus scanner act as a client for OfficeScan Client Port to OfficeScan Update Agents Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Client Port Host Address: $OfficeScan Update Agents Attempts to connect to any server whose address is contained in address sets OfficeScan Update Agents using local addresses contained in address ranges for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Group: Systems OfficeScan Update Agents Policy: OfficeScan Update Agent Rule Module: OfficeScan Update Agent Rules: 1. Rule Type: Network Access Control Description: Trend virus scanner act as a server for OfficeScan Client Port Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Client Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges using local addresses contained in address ranges for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Application Classes Application Name: Cisco ACS Server RADIUS Application Description: RADIUS Process For Cisco ACS Server Target: <All Windows> Add Process To Application Class: When created from the following executables: **\CSRadius.exe When created from the following executables: **\CSAuth.exe Application Class Include: This process and all its descendents 13
15 Variables Network Address Sets VARIABLE NAME VARIABLE DESCRIPTION ADDRESS RANGE NOT ADDRESS RANGE OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents Trend Micro Policy Server For Cisco NAC Trend Micro OfficeScan Server List of IP addresses for all OfficeScan Update Agents <IP Address(s) of Policy Server> <IP Address(s) of OfficeScan Server> <none> (Default) <none> <none> <none> Network Services VARIABLE NAME VARIABLE DESCRIPTION PROTOCOL PORTS Cisco NAC Authentication Ports Ports For ACS and Policy Server UDP/21862 UDP/1645 UDP/1646 OfficeScan Client Port Client Port For Server To Client Communication <Chosen by user during OfficeScan installation> OfficeScan Server HTTP Port HTTP/HTTPS Ports For OfficeScan Server TCP/8080 TCP/4343 Trend Micro Policy Server For Cisco NAC HTTP/HTTPS Ports For OfficeScan Policy Server TCP/8081 TCP/
16 APPENDIX B: Validation Procedures The OfficeScan import file (OfficeScan70_CSA_45_Policies01.export) was validated by placing all related servers and desktop machines running OfficeScan components in the Restrictive Networking group. This group includes a rule to block all TCP and UDP traffic, both inbound and outbound. The machines were also added to their relevant OfficeScan groups and functionality was testing. The following functions were verified: 1. Client status is correctly shown on the OfficeScan console. The client status should show Online 2. Clients are able to receive notifications via TmListen from the OfficeScan server. The Verify Connection command on the OfficeScan console can be used to verify this functionality. 3. Clients are able to issue CGI requests to the OfficeScan server. This can be verified by issuing an Update Now command from the client. Cisco NAC components were also tested under the same conditions and the following was verified: 1. Cisco ACS server can accept RADIUS requests RADIUS requests from the router can be seen in either the Passed Authentications or Failed Attempts logs of ACS. 2. Trend Micro Policy Server For Cisco NAC can accept posture requests from the ACS server and respond successfully to the ACS server with a posture token. Validation logs can be viewed from the Trend Micro Policy Server web console. 3. Cisco Security Agent properly recognizes the systems posture state from the Cisco Trust Agent. The Cisco Security Agent client will display the current posture token in Agent Panel. If any of the above fails ensure that all of the required variables were updated to match your environment; also, check the Cisco Security Agent management console to determine if any OfficeScan traffic was blocked by CSA. 15
17 APPENDIX C: Agent Kit Deployment Flowchart FIGURE 4. Agent Kit Deployment Flowchart 16
18 ABOUT TREND MICRO INCORPORATED Trend Micro Incorporated is a leader in network antivirus and Internet content security software and services. The Tokyo-based Corporation has business units worldwide. Trend Micro products are sold through corporate and valueadded resellers, as well as managed service providers. For additional information and evaluation copies of all Trend Micro products, visit by Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior written consent of Trend Micro Incorporated. Trend Micro, the t-ball logo, Control Manager, Network VirusWall, OfficeScan, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. [MA##XX##_999999USXXX] Information contained in this document is provided as-is is subject to change without notice. This report is for informational purposes only. TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS REPORT. This document is not intended for use in Germany or any other jurisdiction where such information may be prohibited. This document is a publication of Trend Micro Technical Sales Services. 17
Protecting Your Digital World
Protecting Your Digital World C O R P O R A T E O V E R V I E W With revenues of more than $105 Billion, cybercrime generates more revenue than the illegal drug trade. Source: U.S. Treasury, reported by
More informationHow to Test Outbreak Commander
TREND MICRO CONTROL MANAGER TREND MICRO, INC. 10101 N. DE ANZA BLVD. CUPERTINO, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 WWW.TRENDMICRO.COM How to Test Outbreak Commander 2 TREND MICRO CORPORATE
More informationSOLUTION MANAGEMENT GROUP
InterScan Messaging Security Virtual Appliance 8.0 Reviewer s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com
More informationQuestion: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?
Volume: 385 Questions Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A. tcp/8905 B. udp/8905 C. http/80 D. https/443 Answer: A Question:
More informationAndroid Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
Appendix Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More Appendix TrendLabs Security Intelligence Blog Lenart Bermejo, Jordan Pan, and Cedric Pernet July 2017 TREND MICRO LEGAL
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationData Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
More informationSecuring Your Environment with Dell Client Manager and Symantec Endpoint Protection
Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection Altiris, Now Part of Symantec Copyright 2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,
More informationDRIDEX s New Tricks Lead to Global Spam Outbreak
Appendix DRIDEX s New Tricks Lead to Global Spam Outbreak Appendix TrendLabs Security Intelligence Blog Michael Casayuran, Rhena Inocencio, and Jay Yaneza May 2016 TREND MICRO LEGAL DISCLAIMER The information
More informationTrend Micro OfficeScan Client User Guide
Trend Micro OfficeScan Client User Guide Overview The purpose of this document is to provide users with information on the Trend Micro OfficeScan antivirus client. OfficeScan is the new anti-virus/anti-malware
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationCisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version
Cisco 642-566 642-566 Security Solutions for Systems Engineers (SSSE) Practice Test Version 3.10 QUESTION NO: 1 You are the network consultant from Your company. Please point out two requirements call
More information: Administration of Symantec Endpoint Protection 14 Exam
250-428: of Symantec Endpoint Protection 14 Exam Study Guide v. 2.2 Copyright 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Altiris are trademarks or registered trademarks
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationDocument Part No. NVEM12103/41110
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationNetwork Admission Control Agentless Host Support
Network Admission Control Agentless Host Support Last Updated: October 10, 2012 The Network Admission Control: Agentless Host Support feature allows for an exhaustive examination of agentless hosts (hosts
More informationT E C H N I C A L S A L E S S O L U T I O N S
Product Management Document InterScan Web Security Virtual Appliance Customer Sizing Guide September 2010 TREND MICRO INC. 10101 N. De Anza Blvd. Cupertino, CA 95014 www.trendmicro.com Toll free: +1 800.228.5651
More informationfor Small and Medium Business Quick Start Guide
for Small and Medium Business Quick Start Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products/services described herein without notice. Before using
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationOfficeScanTM 10 For Enterprise and Medium Business
OfficeScanTM 10 For Enterprise and Medium Business Installation and Upgrade Guide es Endpoint Security Trend Micro Incorporated reserves the right to make changes to this document and to the products
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationSiemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.
Security information 1 Preface 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG Commissioning Manual Siemens Industrial 03/2018 A5E44395601-AA Legal
More informationQUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS
APPLICATION NOTE QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS Configuring Basic Security and Connectivity on Branch SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc. Table
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access Solutions Version: Demo QUESTION 1 By default, how many days does Cisco ISE wait before it purges the expired guest accounts?
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationPulse Secure Desktop Client
Pulse Secure Desktop Client Always-on VPN and VPN Only Access Deployment Guide Published Document Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 www.pulsesecure.net Pulse Secure and the
More informationSymbols. Numerics I N D E X
I N D E X Symbols /var/log/ha-debug log, 517 /var/log/ha-log log, 517 Numerics A 3500XL Edge Layer 2 switch, configuring AD SSO, 354 355 access to resources, troubleshooting issues, 520 access VLANs, 54
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationThe Reigning King of IP Camera Botnets and its Challengers
Appendix The Reigning King of IP Camera Botnets and its Challengers Appendix TrendLabs Security Intelligence Blog Dove Chu, Kenney Lu and Tim Yeh APT Team and CSS May 2017 Indicators of Compromise (IoCs):
More informationConfiguring Network Admission Control
45 CHAPTER This chapter describes how to configure Network Admission Control (NAC) on Catalyst 6500 series switches. With a PFC3, Release 12.2(18)SXF2 and later releases support NAC. Note For complete
More informationClient Server Security3
Client Server Security3 for Small and Medium Business Getting Started Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationGoliath Application Availability Monitor for Microsoft RDS Prerequisites Guide
Goliath Application Availability Monitor for Microsoft RDS Prerequisites Guide Goliath Application Availability Monitor Proof of Concept Limitations Goliath Application Availability Monitor Proof of Concepts
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationIntegrate Palo Alto Traps. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: August 16, 2018 Abstract This guide provides instructions to configure Palo Alto Traps to send its syslog to EventTracker Enterprise. Scope The configurations
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationTrend Micro OfficeScan XG
Trend Micro OfficeScan XG Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More informationCopyright 2017 Trend Micro Incorporated. All rights reserved.
Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent
More informationNetwork Admission Control
Network Admission Control Last Updated: October 24, 2011 The Network Admission Control feature addresses the increased threat and impact of worms and viruses have on business networks. This feature is
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the service described herein without notice. Before installing and using the service, review the readme files, release
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationSophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017
Sophos Web Appliance Configuration Guide Product Version 4.3.5 Sophos Limited 2017 ii Contents Sophos Web Appliance Contents 1 Copyrights and Trademarks...1 2 Introduction...2 3 Features...4 4 Network
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the service described herein without notice. Before installing and using the service, review the readme files, release
More informationCSA for Mobile Client Security
7 CHAPTER A secure unified network, featuring both wired and wireless access, requires an integrated, defense-in-depth approach to security, including comprehensive endpoint security that is critical to
More informationTippingPoint Best Practice Guide. RADIUS PEAP Configuration for IPS Devices and Cisco ACS. Version:
TippingPoint Best Practice Guide RADIUS PEAP Configuration for IPS Devices and Cisco ACS Version: 16.1.1 Copyright Statement Copyright 2016 Trend Micro. Trend Micro Incorporated ( Trend Micro ) makes no
More informationOfficeScanTM 10 For Enterprise and Medium Business
OfficeScanTM 10 For Enterprise and Medium Business Administrator s Guide es Endpoint Security Trend Micro Incorporated reserves the right to make changes to this document and to the products described
More informationSophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017
Sophos Web Appliance Configuration Guide Product Version 4.3.2 Sophos Limited 2017 ii Contents Sophos Web Appliance Contents 1 Copyrights and Trademarks...4 2 Introduction...5 3 Features...7 4 Network
More informationDeploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)
Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) Microsoft Corporation Published: June 2004 Abstract This white paper describes how to configure
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationChapter 3 LAN Configuration
Chapter 3 LAN Configuration This chapter describes how to configure LAN Setup, LAN Groups and Routing (Static IP) features of your ProSafe VPN Firewall 50. These features can be found under the Network
More informationGoliath Application Availability Monitor for Citrix Prerequisites Guide
Goliath Application Availability Monitor for Citrix Prerequisites Guide Goliath Application Availability Monitor Proof of Concept Limitations Goliath Application Availability Monitor Proof of Concepts
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationSilver Peak EC-V and Microsoft Azure Deployment Guide
Silver Peak EC-V and Microsoft Azure Deployment Guide How to deploy an EC-V in Microsoft Azure 201422-001 Rev. A September 2018 2 Table of Contents Table of Contents 3 Copyright and Trademarks 5 Support
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationDeep Security 9.5 Supported Features by Platform
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationHDDCryptor: Subtle Updates, Still a Credible Threat
Appendix HDDCryptor: Subtle Updates, Still a Credible Threat Appendix TrendLabs Security Intelligence Blog Stephen Hilt and Fernando Mercês November TREND MICRO LEGAL DISCLAIMER The information provided
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationIntel Small Business Extended Access. Deployment Guide
Intel Small Business Extended Access Deployment Legal Notices and Disclaimers Disclaimers INTEL CORPORATION MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE
More informationConfiguring Network Admission Control
CHAPTER 59 This chapter describes how to configure Network Admission Control (NAC) in Cisco IOS Release 12.2SX. Note For complete syntax and usage information for the commands used in this chapter, see
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationIntegrating Microsoft Forefront Threat Management Gateway (TMG)
Integrating Microsoft Forefront Threat Management Gateway (TMG) EventTracker v7.x Publication Date: Sep 16, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationImplementing Network Admission Control
CHAPTER 2 This chapter describes how to implement Network Admission Control (NAC) and includes the following sections: Network Topology Configuration Overview Installing and Configuring the Cisco Secure
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Overview: Security, Internet Access, and Communication
More informationForeScout App for IBM QRadar
How-to Guide Version 2.0.0 Table of Contents About IBM QRadar Integration... 3 Use Cases... 3 Visualization of CounterACT Endpoint Compliance Status & Connectivity... 3 Agent Health and Compliance for
More informationForeScout Extended Module for Symantec Endpoint Protection
ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection
More informationIntegrate Viper business antivirus EventTracker Enterprise
Integrate Viper business antivirus EventTracker Enterprise Publication Date: June 2, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationIntel Unite. Intel Unite Firewall Help Guide
Intel Unite Intel Unite Firewall Help Guide September 2015 Legal Disclaimers & Copyrights All information provided here is subject to change without notice. Contact your Intel representative to obtain
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationIntegrate Cisco Sourcefire
Integrate Cisco Sourcefire EventTracker Enterprise Publication Date: April 18, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate
More informationSecurity Industry Market Share Analysis
Security Industry Market Share Analysis December 2010 Introduction The Research OPSWAT releases quarterly market share reports for several sectors of the security industry. This quarter s report includes
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationSymantec Endpoint Protection
Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec Insight and by SONAR, a single,
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationNAC-Auth Fail Open. Prerequisites for NAC-Auth Fail Open. Restrictions for NAC-Auth Fail Open. Information About Network Admission Control
NAC-Auth Fail Open Last Updated: October 10, 2012 In network admission control (NAC) deployments, authentication, authorization, and accounting (AAA) servers validate the antivirus status of clients before
More informationCisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x 1 Introduction and Scope 2 Functionality Overview 3 Mass-Mailing-Based
More informationFighterPOS Pos Malware Gets Worm Routine
Appendix FighterPOS Pos Malware Gets Worm Routine Appendix TrendLabs Security Intelligence Blog Jay Yaneza and Erika Mendoza Trend Micro Cyber Safety Solutions Team February 2016 TREND MICRO LEGAL DISCLAIMER
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationTREND MICRO. Client/Server Suite. Comprehensive Virus Protection for Business Workstations and Servers. Getting Started Guide
TM TREND MICRO Client/Server Suite Comprehensive Virus Protection for Business Workstations and Servers Getting Started Guide Trend Micro Incorporated reserves the right to make changes to this document
More informationFirewall and Web-Filter Rules
Firewall and Web-Filter Rules February 2015 This document is intended for restricted use only. Infinite Campus asserts that this document contains proprietary information that would give our competitors
More information+ milestone. Milestone Systems. XProtect VMS 2017 R3. System Architecture Document
+ milestone Milestone Systems XProtect VMS 2017 R3 System Architecture Document XProtect Corporate XProtect Expert XProtect Professional+ XProtect Express+ Contents Introduction... 6 Target audience and
More informationDeep Security 9.5 Supported Features by Platform
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationIntegrate Symantec Messaging Gateway. EventTracker v9.x and above
Integrate Symantec Messaging Gateway EventTracker v9.x and above Publication Date: May 9, 2018 Abstract This guide provides instructions to configure a Symantec Messaging Gateway to send its syslog to
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationTREND MICRO LEGAL DISCLAIMER
TrendLabs TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice.
More informationMilestone Systems. XProtect VMS 2017 R2. System Architecture Document. XProtect Corporate XProtect Expert XProtect Professional+ XProtect Express+
Milestone Systems XProtect VMS 2017 R2 System Architecture Document XProtect Corporate XProtect Expert XProtect Professional+ XProtect Express+ Contents Introduction... 6 Target audience and purpose...
More informationUnified Communications Manager Express Toll Fraud Prevention
Unified Communications Manager Express Toll Fraud Prevention Document ID: 107626 Contents Introduction Prerequisites Requirements Components Used Conventions Overview Internal vs. External Threats Toll
More informationTDR and Windows Defender. Integration Guide
TDR and Windows Defender Integration Guide i WatchGuard Technologies, Inc. TDR and Windows Defender Deployment Overview Threat Detection and Response (TDR) is a collection of advanced malware defense tools
More information