T E C H N I C A L S A L E S S E R V I C E S

Similar documents
Protecting Your Digital World

How to Test Outbreak Commander

SOLUTION MANAGEMENT GROUP

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More


Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

DRIDEX s New Tricks Lead to Global Spam Outbreak

Trend Micro OfficeScan Client User Guide


Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version

: Administration of Symantec Endpoint Protection 14 Exam




Document Part No. NVEM12103/41110

ASA/PIX Security Appliance

Network Admission Control Agentless Host Support

T E C H N I C A L S A L E S S O L U T I O N S

for Small and Medium Business Quick Start Guide


OfficeScanTM 10 For Enterprise and Medium Business


Cisco Network Admission Control (NAC) Solution

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo


Pulse Secure Desktop Client

Symbols. Numerics I N D E X

Forescout. Configuration Guide. Version 8.1

Port Mirroring in CounterACT. CounterACT Technical Note

The Reigning King of IP Camera Botnets and its Challengers

Configuring Network Admission Control

Client Server Security3


Goliath Application Availability Monitor for Microsoft RDS Prerequisites Guide


Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Cisco NAC Network Module for Integrated Services Routers

Integrate Palo Alto Traps. EventTracker v8.x and above

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Trend Micro OfficeScan XG

HikCentral V.1.1.x for Windows Hardening Guide

Copyright 2017 Trend Micro Incorporated. All rights reserved.

Network Admission Control


Symantec Client Security. Integrated protection for network and remote clients.

Sophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017


CSA for Mobile Client Security

TippingPoint Best Practice Guide. RADIUS PEAP Configuration for IPS Devices and Cisco ACS. Version:

OfficeScanTM 10 For Enterprise and Medium Business

Sophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)


Administration of Symantec Cyber Security Services (July 2015) Sample Exam

Chapter 3 LAN Configuration

Goliath Application Availability Monitor for Citrix Prerequisites Guide

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Silver Peak EC-V and Microsoft Azure Deployment Guide

Symantec Network Access Control Starter Edition

Deep Security 9.5 Supported Features by Platform

HDDCryptor: Subtle Updates, Still a Credible Threat

USM Anywhere AlienApps Guide

Intel Small Business Extended Access. Deployment Guide

Configuring Network Admission Control

ClearPath OS 2200 System LAN Security Overview. White paper

Integrating Microsoft Forefront Threat Management Gateway (TMG)

HikCentral V1.3 for Windows Hardening Guide

Implementing Network Admission Control

Security, Internet Access, and Communication Ports

ForeScout App for IBM QRadar

ForeScout Extended Module for Symantec Endpoint Protection

Integrate Viper business antivirus EventTracker Enterprise

Intel Unite. Intel Unite Firewall Help Guide

McAfee Network Security Platform Administration Course

Integrate Cisco Sourcefire

Security Industry Market Share Analysis

ForeScout Extended Module for Carbon Black

Symantec Endpoint Protection

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Symantec Network Access Control Starter Edition

NAC-Auth Fail Open. Prerequisites for NAC-Auth Fail Open. Restrictions for NAC-Auth Fail Open. Information About Network Admission Control

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

FighterPOS Pos Malware Gets Worm Routine

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

TREND MICRO. Client/Server Suite. Comprehensive Virus Protection for Business Workstations and Servers. Getting Started Guide

Firewall and Web-Filter Rules

+ milestone. Milestone Systems. XProtect VMS 2017 R3. System Architecture Document

Deep Security 9.5 Supported Features by Platform

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

TREND MICRO LEGAL DISCLAIMER

Milestone Systems. XProtect VMS 2017 R2. System Architecture Document. XProtect Corporate XProtect Expert XProtect Professional+ XProtect Express+

Unified Communications Manager Express Toll Fraud Prevention

TDR and Windows Defender. Integration Guide

Transcription:

T E C H N I C A L S A L E S S E R V I C E S Trend Micro OfficeScan 7.0 and Cisco Security Agent 4.5 Configuration For Cisco Security Agent 4.5 August 2005 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com

TABLE OF CONTENTS ABOUT THIS DOCUMENT...2 ASSUMPTIONS...2 SCOPE & LIMITATION...2 PREPARATION PRIOR TO CONFIGURATION...2 VARIABLE DESCRIPTION...3 CONFIGURATION PROCEDURE FOR CSA...3 1. IMPORT GROUPS & POLICIES PRIOR TO ACTUAL CONFIGURATION...3 2. CONFIGURE NETWORK ADDRESS SETS VARIABLES...4 3. CONFIGURE NETWORK SERVICE VARIABLES...6 4. UPDATE SYSTEM HARDENING MODULE...7 5. PREPARE AGENT KITS FOR DEPLOYMENT...8 SUMMARY...9 APPENDIX...10 ABOUT TREND MICRO INCORPORATED...17 1

ABOUT THIS DOCUMENT Cisco Security Agent (CSA) is an Intrusion Prevention product that provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. Trend Micro OfficeScan Corporate Edition is a client/server security solution that integrates the core capabilities of multiple security technologies. Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates. OfficeScan helps enforce security policies and mitigates the daily threat of file-based and network viruses, intruders, spyware, and other threats. This document acts as a guideline for configuring CSA in an environment where OfficeScan is also installed. The configuration outlined herein will ensure that CSA will allow OfficeScan client & server components to communicate properly. ASSUMPTIONS The information in this document is based on the following assumptions: OfficeScan Server & Client components have been deployed prior to installation of CSA. If NAC is also being implemented, then Cisco Trust Agent should also be deployed through OfficeScan. When OfficeScan deploys CTA, it also includes the posture plug-ins required for CTA to work with the OfficeScan server. SCOPE & LIMITATION This document is provided as a guide to configuring CSA to allow OfficeScan to function properly in the same environment. All configurations to CSA will be done through the CSA Management Console. To facilitate this, Trend Micro has provided a set of CSA Policies that can be imported to CSA Management Console. This set is named OfficeScan70_CSA_45_Policies01.export and can be downloaded at the link below: http://kb.trendmicro.com/solutions/search/main/search/solutiondetail.asp?solutionid=25950 Any and all other configuration needed by CSA for other requirements are not included here. Also, the configuration guidelines herein only document as far as pre-deployment of Agent Kits. Please refer to the proper CSA Documentation for directions on adding other IT Policies & application requirements to your Agent Kits and deploying them. It is beyond the scope of this document to outline the installation, deployment & configuration of OfficeScan, as this is already fully documented in the OfficeScan Installation. PREPARATION PRIOR TO CONFIGURATION Listed below are the prerequisites for the configuration of CSA: The required set of CSA Policies needed for configuring CSA has already been downloaded from the Trend Micro Knowledge Base, i.e. OfficeScan70_CSA_45_Policies01.export. The Policies contained herein are listed in APPENDIX A of this document for your reference. APPENDIX B contains the validation procedure & results for the import file. During installation, the IP addresses of the following OfficeScan Components have been noted: OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents During installation, the Ports used by the following OfficeScan components have been noted: OfficeScan Clients 2

OfficeScan Server (HTTP Ports) Trend Micro Policy Server for Cisco NAC (HTTP Ports) VARIABLE DESCRIPTION Table 1.1. Variables used as Network Address Sets VARIABLE NAME VARIABLE DESCRIPTION OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents Trend Micro Policy Server for Cisco NAC Trend Micro OfficeScan Server List of IP Addresses for all OfficeScan Update Agents Table 1.2. Variables used as Network Services VARIABLE NAME VARIABLE DESCRIPTION Cisco NAC Authentication Ports Ports For ACS and Policy Server OfficeScan Client Port OfficeScan Server HTTP Port Trend Micro Policy Server For Cisco NAC Client Port For Server To Client Communication HTTP/HTTPS Ports For OfficeScan Server HTTP/HTTPS Ports For OfficeScan Policy Server CONFIGURATION PROCEDURE FOR CSA 1. IMPORT GROUPS & POLICIES PRIOR TO ACTUAL CONFIGURATION In the CSA Management Console, go to the Maintenance> Export/Import >Import menu option. FIGURE 1.1. Selecting the Import menu option 3

Browse to the downloaded import file OfficeScan70_CSA_45_Policies01.export and click Import. FIGURE 1.2.Selecting the Import Groups & Policy File 2. CONFIGURE NETWORK ADDRESS SETS VARIABLES The different Network Address Sets should be configured to reflect the different IP addresses of your OfficeScan Policy Server, OfficeScan Server and any OfficeScan Update Agents in your environment. To do this, select the Configuration> Variables> Network Address Sets menu option. FIGURE 2.1. Selecting the Network Address Sets menu option 4

From the Network Address Set list, choose OfficeScan Policy Server. In the Address Ranges Matching field, change the IP address to match the IP of your Policy Server. NOTE: Skip this variable if NAC is not used or if the Trend Micro Policy Server is not installed. FIGURE 2.2. Matching the IP address of OfficeScan Policy Server Go back to the Network Address List and choose OfficeScan Server. In the Address Ranges Matching field, change the IP address to match the IP of your OfficeScan Server. FIGURE 2.3. Matching the IP address of OfficeScan Server If your OfficeScan environment uses update agents, you need to add their IP addresses to the Network Address Sets. To do this, go back to the Network Address List and choose OfficeScan Update Agents. In the Address Ranges Matching field, change the IP addresses to match the IP of your OfficeScan Update Agents. Note that the default value in this field is <none>. 5

FIGURE 2.4. Matching the IP addresses of any OfficeScan Update Agents 3. CONFIGURE NETWORK SERVICE VARIABLES The different Network Service variables should be configured to match the ports set during the installation of OfficeScan Clients, OfficeScan Server and Trend Micro Policy Server. To do this, select the Configuration> Variables> Network Services menu option. FIGURE 3.1. Selecting the Network Services menu option From the Network Services list, choose OfficeScan Client Port. In the Protocol Ports field, update the Port number to match the Port selected during installation of OfficeScan Server. 6

FIGURE 3.2. Matching Port used during installation of OfficeScan Clients If the default installation ports for OfficeScan Server (8080 and 4343) were not used during installation, then the OfficeScan Server HTTP Port variable will need to be updated. To do this, go back to the Network Services list and select OfficeScan Server HTTP Port. In the Protocol Ports field, update the Port number to match the Port used by OfficeScan Server during installation. If IIS is used as a web server and if the default installation ports for Trend Micro Policy Server (8081 and 4344) were not used during installation, then the Trend Micro Policy Server For Cisco NAC variable will need to be updated. To do this, go back to the Network Services list and select Trend Micro Policy Server For Cisco NAC. In the Protocol Ports field, update the Port number to match the Port used by OfficeScan Server during installation. 4. UPDATE SYSTEM HARDENING MODULE The default CSA policies will cause excess logging when the Trend Micro Client Firewall loads. While this does not affect functionality, it will add unneeded items to the CSA event log. To prevent excess logging caused by the default CSA policies, modify the System Hardening rule module under Rule Modules [Windows] from the Configuration menu. FIGURE 4.1 Modifying the System Hardening Rule Module 7

From the list of rule modules, click on the Rules column of System Hardening Module. FIGURE 4.2 Rules Column of System Hardening Module From the list of rules, click on Sniffer and Protocol Detection. FIGURE 4.3 Selecting Sniffer and Protocol Detection In Exclude: The following non-standard protocols and packet sniffers add TM_CFW. FIGURE 4.4 Adding TM_CFW to Non-Standard Protocols and Packet Sniffers 5. PREPARE AGENT KITS FOR DEPLOYMENT At this point, the necessary Groups can now be added to your Agent Kits for pre-deployment. Note that when NAC is also being implemented, then Cisco Trust Agent should also be deployed through OfficeScan. You may also refer to APPENDIX C: Agent Kit Deployment Flowchart for a graphical representation of this section. For Desktop Agent Kits, add the following Groups to your package: Systems - OfficeScan Client 7.0 Systems OfficeScan Update Agents (only if machine is an update agent) For ACS Server Agent Kits, add the following Groups to your package: Servers Cisco ACS Server For Cisco NAC Systems OfficeScan Client 7.0 8

For OfficeScan Server Agent Kits (where NAC Policy Server is also installed in the same machine), add the following Groups to your package: Servers OfficeScan Server 7.0 Servers Trend Micro Policy Server for Cisco NAC Systems OfficeScan Client 7.0 For dedicated OfficeScan Server & NAC Policy Server Agent Kits, add the following Groups to your package: Servers OfficeScan Server 7.0 Systems OfficeScan Client 7.0 If the environment is NAC-enabled, add the Systems Cisco Trust Agent Group to all packages. SUMMARY This document acts a guideline for configuring CSA through the CSA Management Console to allow OfficeScan to function properly. To do this, the OfficeScan70_CSA45_Policies01.export should be imported through the CSA Management Console. Next, Network Address Sets & Network Service Variables should be configured accordingly to reflect OfficeScan installation ports & IP addresses. The proper Groups should then be added to your Agent Kits in preparation for deployment. 9

APPENDIX APPENDIX A: OfficeScan70_CSA45_Policies01.export The different rules per Group contained in the import file are listed and described as follows: Server Group: Servers Cisco ACS Server For Cisco NAC Policy: Cisco ACS Server RADIUS Rule Module: Cisco ACS 3.3 RADIUS Server For NAC Rules: 1. Rule Type: Network Access Control Description: ACS to act as server for Cisco NAC Authentication Ports Application Class: Cisco ACS Server RADIUS Act As: Server Network Service: $Cisco NAC Authentication Ports Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services Cisco NAC Authentication Ports by processes in application class Cisco ACS Server RADIUS will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: ACS to act as client for Trend Micro Policy Server HTTP Ports Application Class: Cisco ACS Server RADIUS Act As: Client Network Service: $Trend Micro Policy Server HTTP Ports Host Address: <all> Attempts to connect to any server whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services Trend Micro Policy Server HTTP Ports by processes in application class Cisco ACS Server RADIUS will be allowed. No events will be logged when the rule is triggered. Server Group: Servers OfficeScan Server 7.0 Policy: OfficeScan - Server Rule Module: OfficeScan Server Rules: 1. Rule Type: Network Access Control Description: IIS Web Server act as a server for OfficeScan HTTP Port Application Class: IIS Web Server application [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Server HTTP Port Host Address: <all> 10

Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Server HTTP Port by processes in application class IIS Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Trend Virus Scanner Applications act as a client for OfficeScan client port Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Client Port Host Address: <all> Attempts to connect to any server whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 3. Rule Type: Network Access Control Description: Trend Virus Scanner act as a client for HTTP to remote addresses Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $HTTP [V4.5.1 r616] Host Address: $Remote addresses [V4.5.1 r616] Attempts to connect to any server whose address is contained in address sets Remote addresses [V4.5.1 r616] using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services HTTP [V4.5.1 r616] by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 4. Rule Type: Network Access Control Description: Apache act as a server for OfficeScan HTTP port Application Class: Apache Web Server application [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Server HTTP Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Server Group: Servers Trend Micro Policy Server For Cisco NAC Policy: OfficeScan Policy Server For Cisco NAC Rule Module: Trend Micro Policy Server For Cisco NAC Rules: 11

1. Rule Type: Network Access Control Description: IIS act as a server for Trend Micro Policy Server HTTP Ports Application Class: IIS Web Server application [V4.5.1 r616] Act As: Server Network Service: $Trend Micro Policy Server HTTP Ports Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Apache act as a server for OfficeScan HTTP Port Application Class: Apache Web Server application [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Server HTTP Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Server HTTP Port by processes in application class Apache Web Server application [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Group: Systems OfficeScan Client 7.0 Policy: OfficeScan Client Rule Module: OfficeScan Client Rules: 1. Rule Type: Network Access Control Description: Trend virus scanner act as a client for OfficeScan Server HTTP Port to OfficeScan Server Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Server HTTP Port Host Address: $OfficeScan Server Attempts to connect to any server whose address is contained in address sets OfficeScan Server using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Server HTTP Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 2. Rule Type: Network Access Control Description: Trend virus scanner act as a server on OfficeScan Client Port for OfficeScan Server Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] 12

Act As: Server Network Service: $OfficeScan Client Port Host Address: $OfficeScan Server Attempts to accept connections from any client whose address is contained in address sets OfficeScan Server using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. 3. Rule Type: Network Access Control Description: Trend virus scanner act as a client for OfficeScan Client Port to OfficeScan Update Agents Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Client Network Service: $OfficeScan Client Port Host Address: $OfficeScan Update Agents Attempts to connect to any server whose address is contained in address sets OfficeScan Update Agents using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Group: Systems OfficeScan Update Agents Policy: OfficeScan Update Agent Rule Module: OfficeScan Update Agent Rules: 1. Rule Type: Network Access Control Description: Trend virus scanner act as a server for OfficeScan Client Port Application Class: Virus scanner all applications (Trend) [V4.5.1 r616] Act As: Server Network Service: $OfficeScan Client Port Host Address: <all> Attempts to accept connections from any client whose address is contained in address ranges 0.0.0.0-255.255.255.255 using local addresses contained in address ranges 0.0.0.0-255.255.255.255 for network services OfficeScan Client Port by processes in application class Virus scanner - all applications (Trend) [V4.5.1 r616] will be allowed. No events will be logged when the rule is triggered. Application Classes Application Name: Cisco ACS Server RADIUS Application Description: RADIUS Process For Cisco ACS Server Target: <All Windows> Add Process To Application Class: When created from the following executables: **\CSRadius.exe When created from the following executables: **\CSAuth.exe Application Class Include: This process and all its descendents 13

Variables Network Address Sets VARIABLE NAME VARIABLE DESCRIPTION ADDRESS RANGE NOT ADDRESS RANGE OfficeScan Policy Server OfficeScan Server OfficeScan Update Agents Trend Micro Policy Server For Cisco NAC Trend Micro OfficeScan Server List of IP addresses for all OfficeScan Update Agents <IP Address(s) of Policy Server> <IP Address(s) of OfficeScan Server> <none> (Default) <none> <none> <none> Network Services VARIABLE NAME VARIABLE DESCRIPTION PROTOCOL PORTS Cisco NAC Authentication Ports Ports For ACS and Policy Server UDP/21862 UDP/1645 UDP/1646 OfficeScan Client Port Client Port For Server To Client Communication <Chosen by user during OfficeScan installation> OfficeScan Server HTTP Port HTTP/HTTPS Ports For OfficeScan Server TCP/8080 TCP/4343 Trend Micro Policy Server For Cisco NAC HTTP/HTTPS Ports For OfficeScan Policy Server TCP/8081 TCP/4344 14

APPENDIX B: Validation Procedures The OfficeScan import file (OfficeScan70_CSA_45_Policies01.export) was validated by placing all related servers and desktop machines running OfficeScan components in the Restrictive Networking group. This group includes a rule to block all TCP and UDP traffic, both inbound and outbound. The machines were also added to their relevant OfficeScan groups and functionality was testing. The following functions were verified: 1. Client status is correctly shown on the OfficeScan console. The client status should show Online 2. Clients are able to receive notifications via TmListen from the OfficeScan server. The Verify Connection command on the OfficeScan console can be used to verify this functionality. 3. Clients are able to issue CGI requests to the OfficeScan server. This can be verified by issuing an Update Now command from the client. Cisco NAC components were also tested under the same conditions and the following was verified: 1. Cisco ACS server can accept RADIUS requests RADIUS requests from the router can be seen in either the Passed Authentications or Failed Attempts logs of ACS. 2. Trend Micro Policy Server For Cisco NAC can accept posture requests from the ACS server and respond successfully to the ACS server with a posture token. Validation logs can be viewed from the Trend Micro Policy Server web console. 3. Cisco Security Agent properly recognizes the systems posture state from the Cisco Trust Agent. The Cisco Security Agent client will display the current posture token in Agent Panel. If any of the above fails ensure that all of the required variables were updated to match your environment; also, check the Cisco Security Agent management console to determine if any OfficeScan traffic was blocked by CSA. 15

APPENDIX C: Agent Kit Deployment Flowchart FIGURE 4. Agent Kit Deployment Flowchart 16

ABOUT TREND MICRO INCORPORATED Trend Micro Incorporated is a leader in network antivirus and Internet content security software and services. The Tokyo-based Corporation has business units worldwide. Trend Micro products are sold through corporate and valueadded resellers, as well as managed service providers. For additional information and evaluation copies of all Trend Micro products, visit http://www.trendmicro.com. 2005 by Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior written consent of Trend Micro Incorporated. Trend Micro, the t-ball logo, Control Manager, Network VirusWall, OfficeScan, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. [MA##XX##_999999USXXX] Information contained in this document is provided as-is is subject to change without notice. This report is for informational purposes only. TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS REPORT. This document is not intended for use in Germany or any other jurisdiction where such information may be prohibited. This document is a publication of Trend Micro Technical Sales Services. 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback