Version 2.1
Kaspersky Lab www.kaspersky.com
L9.1–1
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Lab 9.1
Managing Licenses of Applications by Other Manufacturers
Lab objective. Configure license control limitations for the Perforce application.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. Perforce revision control system is also used in the company. According to
the license agreement, 20 users are allowed to use it for free. You want the Licensed applications group management
functionality of Kaspersky Security Center to control the number of Perforce client installations and send
notifications when their number exceeds 20.
Contents. In this lab we will:
1. Activate the Systems Management functionality
2. Create a group of licensed applications for Perforce
3. Generate a report and configure notifications about license violations
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Task 1
Activate the Systems Management functionality
As a result of a standard installation, Kaspersky Security Center cannot monitor license violation for the programs
installed across the network. To be able to use this capability, a special license is necessary. In this task, we will add
the necessary license and make sure that the corresponding interface settings are changed automatically.
L9.1–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Run the Administration Console
2. On the Getting started page, in
the Administration Server area, click View
information about Administration Server key
3. In the Active key area, click the Modify button
4. In the window that opens, click the Add button
L9.1–3
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Security-Center
5. On the Select how to add key page, click Load
from key file and specify the location of the new
key file (ask the instructor about it)
6. Click Next
7. On the subsequent page, click Finish
8. Select the added key and click OK
9. Close the Administration Server properties
window
L9.1–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
10. In the Administration Server area of
the Getting Started page, click Configure
functionality displayed in user interface
11. Note that the Display system management and
Display mobile devices management option has
been selected automatically
12. Click Cancel
13. Restart the Administration Console
●
Task 2
Create a group of licensed applications
In this task you will create a group of licensed applications for Perforce and specify its license restrictions.
Security-Center
1. Expand the Applications and vulnerabilities
container and open the Licensed applications
group management node
2. Click Add a group of licensed applications
L9.1–5
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Security-Center
3. Type Perforce for the group name
4. Click Add
5. Click Select and select Perforce Visual
Components on the list of application
L9.1–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
6. Click OK twice
7. Click Next
8. Click Add
9. In the Selecting a key window, click Add
L9.1–7
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Security-Center
10. Type Perforce Free 20-User License for the key
name
11. Change the Maximum number value to 20
12. Click OK twice
13. Click Next
14. On the last page of the group creating wizard,
click Finish
●
L9.1–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Task 3
Generate a report and configure notifications
In this task you will create a new report template about the statuses of groups of licensed applications and configure
e-mail notifications about license violations.
Security-Center
1. In the Licensed applications group
management node, click View report on status
of groups of licensed applications
2. Type License Management report for the report
name and click Next
3. On the subsequent page, click Finish
L9.1–9
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Security-Center
4. View the report
5. Open the Getting started page and in
the Administration Server area, click
Administration Server properties
6. Switch to the Events section
7. Select the Error event type
8. Open the properties of the The limit of
installations has been exceeded for one of
the groups of licensed applications event
9. Select the Notify by email option and click OK
10. Close the Administration Server properties
window
●
L9.1–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Conclusion
In this lab we studied a new functionality Kaspersky Security Center 10: Licensed applications group management.
It enables the administrator to monitor license limitations and expiration dates for any application. For this purpose,
a special group is to be created, monitored programs are included in it and license criteria specified, such as
quantitative limits and expiration date. This tool helps the administrator to take care of purchasing a new license
early before the current license expires, and also plan purchasing additional licenses.
L9.2–1
Lab 9.2. Installing Windows Updates
Lab 9.2
Installing Windows Updates
Lab objective. Find and install missing Windows updates using the Kaspersky Security Center 10 tools.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. You plan to use the new capabilities of Kaspersky Security Center 10 to
regularly search for application vulnerabilities and Windows Updates and automatically install the necessary
patches. Also, you want to use the Administration Server as a local Windows update source to save traffic. You need
to configure Kaspersky Security Center 10 to solve these tasks.
Contents. In this lab we will:
1. Create update download and installation tasks using the Quick Start Wizard
2. Synchronize with Windows Update servers
3. Find vulnerabilities and application updates for the client computers
4. Install critical updates on the workstations
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account.
Password—Ka5per5Ky
Desktop
1. Boot up the computer named Desktop
2. Log on to the abc\Alex account. Password—
Ka5per5Ky
Task 1
Create update download and installation tasks
In this task you will run the Quick Start Wizard anew to configure the Vulnerability and Patch Management
functionality. It will create the necessary tasks. Also, you will need to re-configure the Network Agent policy to
make the Administration Server act as a Windows update source.
L9.2–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Run the Administration Console
2. Right-click the Administration Server node
3. Select All tasks->Quick Start Wizard
4. On the welcome page of the wizard, click Next
5. Click Add key later to skip adding the license
6. On the Kaspersky Security Network page, click
Next
7. On the E-mail notification settings page, click
Next
8. On the Update management settings page,
select Find and install application updates and
Use Administration Server as WSUS server
9. Click Next
10. Wait until the tasks are created
L9.2–3
Lab 9.2. Installing Windows Updates
Security-Center
11. On the Proxy server settings page, click Next
12. On the next page, click Next
13. On the final page, click Finish
14. Select the Managed computers node and switch
to the Policies tab
15. Open the properties of the Policy - Kaspersky
Security Center Network Agent
L9.2–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
16. Switch to the Software updates and
vulnerabilities section
17. Select the Use Administration Server as WSUS
server check box
18. Click OK and wait for the policy to be enforced
●
Task 2
Synchronize with Windows Update servers
The Quick Start Wizard creates an Administration Server task: Perform Windows Update synchronization. This task
regularly downloads data about all available updates from Windows Update servers, which enables
the Administration Server to act as a WSUS server.
L9.2–5
Lab 9.2. Installing Windows Updates
Security-Center
1. Open the Administration Server tasks container
2. Open the Perform Windows Update
synchronization task properties
3. Switch to the Applications section
4. Clear all checkboxes corresponding to
the Microsoft products except for Windows
products
5. Switch to the Update languages section
L9.2–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
6. Select only English (United Kingdom) and
English (United States)
7. Click OK
8. Run the Perform Windows Update
synchronization task and wait for it to complete
●
L9.2–7
Lab 9.2. Installing Windows Updates
Task 3
Find vulnerabilities and application updates
After the synchronization task completes, the client computers will be able to use the Administration Server as
an update server to save the Internet traffic. Vulnerabilities will also be searched against the Kaspersky Lab
vulnerability database downloaded together with anti-virus database updates. In this task you will search for
application vulnerabilities and updates.
1. Expand the Managed computers node
2. Select the Workstations group and switch to
the Tasks tab
3. Run the Find vulnerabilities and application
updates – Windows Workstations task and wait
for it to finish
L9.2–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
4. Expand the Applications and vulnerabilities
node
5. Open the Software updates container
6. Click the Accept button to the right of the You
need to accept license agreements for updates message
7. In the License Agreements window, click
Accept all
●
L9.2–9
Lab 9.2. Installing Windows Updates
Task 4
Install critical updates on the workstations
In this task we will configure the standard Install application updates and fix vulnerabilities task to install only
Critical Microsoft updates and only on the workstations.
1. Select the Managed computers node and switch
to the Tasks tab
2. Open the properties of the Install application
updates and fix vulnerabilities task
3. Switch to the Settings section
4. Open the properties of the Microsoft updates:
critical updates, security updates and
definition updates rule
L9.2–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
5. Switch to the Updates categories section
6. Clear all options except for Critical updates
7. Click OK
8. Switch to the Exclusions from task scope
section
9. In the Exclude computers by OS type area,
select Server OS
10. Click OK
L9.2–11
Lab 9.2. Installing Windows Updates
11. Run the Install application updates and fix
vulnerabilities task and wait for it to complete
12. Expand the Reports and notifications node
13. Generate the Software update report
14. Look through the report
●
L9.2–12 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Conclusion
In this lab we studied the rebuilt functionality of Kaspersky Security Center 10—Software updates and
vulnerabilities. Now the Administration Server can act as a Microsoft Update server to optimize update download
and distribution procedure. Also, the new version allows automatically installing program updates on schedule, and
using various rules.
L9.3–1
Lab 9.3. Fixing Program Vulnerabilities
Lab 9.3
Fixing Program Vulnerabilities
Lab objective. Fix vulnerabilities in the Firefox browser.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. Soon after the deployment, you scanned the software installed on
the computers for vulnerabilities. Among other results, you found out that an old version of the Firefox browser is
used in the network. Your task is to fix vulnerabilities in the Firefox browser on the client computers using
the Systems Management functionality of Kaspersky Security Center 10.
Contents. In this lab we will:
1. Create a vulnerability fix task for a third-party application
2. Run the vulnerability fix task and study the results
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Desktop
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account, password—
Ka5per5Ky
Task 1
Create a vulnerability fix task for a third-party application
We ran the Find vulnerabilities and application updates task in the previous lab. In this task, you will look through
the list of found vulnerabilities.
Kaspersky Security Center 10 includes a database of third-party applications created by Kaspersky Lab experts.
Kaspersky Security Center can use its data to automatically fix vulnerabilities in known applications.
The administrator should only «approve» an update for a third-party application and create a special rule that will
periodically install the recommended updates.
L9.3–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Run Administration Console
2. Expand the Applications and vulnerabilities
node
3. Open the Application vulnerabilities container
4. In the Text field, type *Firefox* and press
ENTER
5. Open the properties of any Firefox vulnerability
6. Switch to the Recommended fixes section
7. Note that a fix is automatically found for
the vulnerability. The fix will upgrade
the browser to the latest version
L9.3–3
Lab 9.3. Fixing Program Vulnerabilities
Security-Center
8. Open the Software updates container
9. In the Approved field, select Not defined
10. In the Text field, type *firefox* and press
ENTER
11. Open the properties of the Mozilla Firefox
update that has the largest version number
12. Set the Update approved by your
administrator field value to Installation
approved
L9.3–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
13. Switch to the Computers section
14. Make sure that the update is applicable to
the Desktop computer
15. Switch to the Fixed vulnerabilities section
16. Make sure that the update fixes all vulnerabilities
found in Mozilla Firefox
L9.3–5
Lab 9.3. Fixing Program Vulnerabilities
Security-Center
17. Open the Managed computers -> Workstations
node and switch to the Tasks tab
18. Click Create a task
19. Type Install 3rd party application updates for
the task name
20. Click Next
L9.3–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
21. Select the Install critical updates and fix
vulnerabilities task type
22. Click Next
23. Click Add and then Rule for third-party
updates
24. Select to Install approved updates only
25. Click OK
L9.3–7
Lab 9.3. Fixing Program Vulnerabilities
Security-Center
26. Click Next in three windows
27. Click Finish
●
L9.3–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Task 2
Fix the vulnerabilities
In this task we will run the vulnerability fix task, wait for its completion and interpret the results. The task is
supposed to fix vulnerabilities in the Mozilla Firefox browser.
Security-Center
1. Run the created task
2. Wait for it to complete
L9.3–9
Lab 9.3. Fixing Program Vulnerabilities
Security-Center
3. Open the Application vulnerabilities container
4. Change the filter to Show only fixed
5. Open the properties of any Firefox vulnerability
6. Open the Vulnerability instances section
7. Note that the window is empty
L9.3–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
8. Select the Show computers with fixed
vulnerability checkbox
9. Note that the vulnerability was fixed on
the Desktop computer
●
Conclusion
In this lab we learned how to fix vulnerabilities in third-party applications using Kaspersky Security Center tools.
L9.4–1
Lab 9.4. Installing Programs by Other Manufacturers
Lab 9.4
Installing Programs by Other Manufacturers
Lab objective. Install Skype using the Kaspersky Lab database of applications by other manufacturers.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. You want to quickly install the Skype application on the client computers.
Your task is to create Skype installation package using the database of applications by other manufacturers available
in Kaspersky Security Center 10 and install it on the client computers.
Contents. In this lab we will:
1. Create an installation package for Skype
2. Start the remote installation task and interpret the results
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account.
Password—Ka5per5Ky
Desktop
1. Boot up the computer named Desktop
2. Log on to the abc\Alex account. Password—
Ka5per5Ky
Task 1
Create an installation package for Skype
A new method of creating installation packages has appeared in Kaspersky Security Center 10—from
the application database of Kaspersky Lab. Now the administrator does not need to go to the manufacturer’s site to
download an application, nor look for the command-line options to silently install it; all this is done automatically
based on the information available in the database.
L9.4–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Run Administration Console
2. Expand the Remote installation node
3. Open the Installation packages container
4. Click Create installation package
5. Click the Create installation package for
specified executable file button
L9.4–3
Lab 9.4. Installing Programs by Other Manufacturers
Security-Center
6. Type Skype for the package name
7. Click Next
8. Click the Select arrow
9. Select Application from Kaspersky Lab
database
10. In the search box, type *skype* and press ENTER
11. Select Skype for Windows 6.x
L9.4–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
12. Click OK
13. In the License Agreements window, click
Accept all
14. Click Next twice
15. Wait for the package to load
16. Click Finish
●
L9.4–5
Lab 9.4. Installing Programs by Other Manufacturers
Task 2
Start the remote installation task and interpret
the results
In this task you will remotely install the created installation package, wait for the task completion and interpret its
results.
Security-Center
1. Right-click the Skype installation package
2. Click Install application
3. Click the Select computers for deployment
button
L9.4–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
4. Select the Desktop computer and click Next
5. Click Next four times and wait for the task to
complete
6. Open the Managed computers \ Workstations \
Desktops group and switch to the Computers tab
L9.4–7
Lab 9.4. Installing Programs by Other Manufacturers
Security-Center
7. Open the properties of the Desktop computer
8. Switch to the Applications registry section
9. Make sure that a new application has been added
to the list, Skype 6.1
●
Conclusion
In this lab we studied a new capability of Kaspersky Security Center 10: creation of installation packages based on
the information available in Kaspersky Lab application database.
L9.4–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
L9.5–1
Lab 9.5. Manually Prohibit Network Access to Device
Lab 9.5
Manually Prohibit Network Access to Device
Lab objective. Learn how to manually block and allow network devices.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. You want to use the Network Access Control functionality of Kaspersky
Security Center 10. When you activate the network access control system, you see an unknown computer in the list
of network devices and decide to block network access until all the circumstances are clarified.
Contents. In this lab we will:
1. Install the Network Access Control components
2. Enable the Network Access Control subsystem
3. Block a computer manually
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Partner
1. Boot up the computer named Partner
2. Log on to the Administrator account,
password—Ka5per5Ky
Task 1
Install the Network Access Control components
After a typical installation of Kaspersky Security Center, the Network Access Control subsystem is inactive. To be
able to use this functionality, it is necessary to assign the Enforcer role to at least one computer within each
broadcast domain (subnet). Any computer where the Network Agent and a special driver are installed can act as
an Enforcer. In this task, we will assign the Enforcer role to the computer where the Administration Server is
installed.
L9.5–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Security-Center
1. Click Start, Control Panel, Uninstall
a program
2. Select Kaspersky Security Center
Administration Server and click
Uninstall/Change
3. Click Next
4. Click Modify
L9.5–3
Lab 9.5. Manually Prohibit Network Access to Device
Security-Center
5. Select the Network Access Control check box
6. Click Next
7. Click Modify
8. Wait for the installation to complete
9. Click Finish
●
L9.5–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Task 2
Enable the Network Access Control subsystem
After the driver is installed, the Network access management subsystem is ready, but still inactive. The activation
has two steps:
Enable Enforcer—must be done for each computer assigned the Enforcer role
Enable the Network Access Control—can be done either centrally via the agent policy, or individually for
each Enforcer
Security-Center
Partner
1. Open the Servers subgroup and switch to
the Computers tab
2. Open the properties of the Security-Center
computer
3. Switch to the Applications section
L9.5–5
Lab 9.5. Manually Prohibit Network Access to Device
Security-Center
Partner
4. Open the properties of the Kaspersky Security
Center Network Agent application
5. Switch to the Managing network access (NAC),
Settings section
6. Change the NAC agent operation mode to Main
7. Click OK twice to close the properties of
the Security-Center computer
8. Select the Managed computers node and switch
to the Policies tab
9. Open the properties of the Policy - Kaspersky
Security Center Network Agent
L9.5–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Security-Center
Partner
10. Switch to the Managing network access (NAC) |
Settings section
11. Change the NAC operation mode to Standard
12. Close the lock to make these settings required
13. Click OK
14. Wait for the policy to be enforced
●
L9.5–7
Lab 9.5. Manually Prohibit Network Access to Device
Task 3
Block a computer manually
The administrator has found an unfamiliar computer in the Administration Console and wants to prohibit any
network activity for this device until all the circumstances are clarified.
Security-Center
Partner
1. Expand the Unassigned computers node
2. Open the Network devices container
3. Right-click the Partner computer
4. Click Block device
L9.5–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Security-Center
Partner
5. On the Partner computer, start Internet
Explorer
6. Go to www.google.com
7. Make sure that the page is inaccessible
8. Right-click the Partner computer
L9.5–9
Lab 9.5. Manually Prohibit Network Access to Device
Security-Center
Partner
9. Click the Block device menu item again to
uncheck it
10. On the Partner computer, restart Internet
Explorer
11. Try to open www.google.com once again
12. Make sure that network activity is not blocked
this time
●
L9.5–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Conclusion
In this lab we studied the procedure of activating the Network Access Control subsystem. Any computer within
a broadcast domain (subnet) can act as an Enforcer—for this purpose, it is necessary to install the Network Agent
and a special driver on it. Driver installation can be enabled in the properties of the Network Agent installation
package.
Also, we tested the simplest example of the subsystem operation in this lab. The administrator can block network
access for any device with a single click on the list of detected network devices.
L9.6–1
Lab 9.6. Redirecting Computers to Authorization Page
Lab 9.6
Redirecting Computers to Authorization Page
Lab objective. Provide a guest computer with network access.
Scenario. You are an Anti-Virus security administrator in ABC company. The company’s business is organized so
that visitors often bring their notebooks in the office. You do not want them to uncontrolledly connect to
the corporate network, and plan to use the NAC functionality of Kaspersky Security Center 10 to block network
access for non-corporate computers. Meanwhile, the purpose of a visit may necessitate network access. To make
the visitors feel at ease, you plan to redirect guest computers to the authorization portal instead of complete blocking
so that they are able to access the network using a password. The guest username and password will be
communicated to the managers, who will give them to the visitors as necessary.
Contents. In this lab we will:
1. Add the gateway or domain controller to the white list
2. Create a rule for redirecting http requests to the authorization page
3. Test the rule
Preparation
Turn on DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Partner
3. Boot up the computer named Partner
4. Log on to the Administrator account,
password—Ka5per5Ky
Task 1
Add the gateway or domain controller to the white list
In this task, to avoid accidental blocking of the gateway or domain controller, add both servers to the white list.
L9.6–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Start the Administration Console
2. Open the Managed computers node and switch
to the Policies tab
3. Open the properties of Policy - Kaspersky
Security Center Network Agent
4. Switch to the Managing network access (NAC),
Network elements section
5. Click Add
L9.6–3
Lab 9.6. Redirecting Computers to Authorization Page
Security-Center
6. Type Gateway for the element name
7. Click Add
8. Type IP address 10.28.0.2
9. Click OK twice
10. Click Add
L9.6–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
11. Type DC for the element name
12. Click Add
13. Type IP address 10.28.0.10
14. Click OK twice
15. Switch to the White list section
16. Click Add
L9.6–5
Lab 9.6. Redirecting Computers to Authorization Page
Security-Center
17. Select the Gateway element
18. Click OK
19. Similarly, add the DC element
20. Click OK
●
L9.6–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Task 2
Create a rule for redirecting http requests to
the authorization page
In this task you will create a rule that will redirect all http requests from the client computers that are not managed
by Kaspersky Security Center to the authorization page. First of all, you will create a category of network devices to
which the rule will be applied. It will include guest computers (computers not managed by the Administration
Server in terms of Kaspersky Security Center NAC). Additionally, you will need to set the username and password
to be specified by guests on the authorization portal.
Security-Center
1. Re-open the properties of Policy - Kaspersky
Security Center Network Agent
2. Switch to the Managing network access (NAC)
| Network elements section
3. Click Add
4. Type Unmanaged Computers for the element
name
L9.6–7
Lab 9.6. Redirecting Computers to Authorization Page
Security-Center
5. Click the Add drop-down arrow
6. Select By computer status
7. Clear the Computer is managed with
Kaspersky Security Center checkbox
8. Click OK
9. Switch to Authorization page | Accounts
10. Click Add
L9.6–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
11. Type Guest for the account name
12. Type Qwerty!@ for the password
13. Confirm the Qwerty!@ password
14. Click OK
15. Switch to Access rules | Access restrictions
16. Click Add
17. Type Authorization page for the rule name
18. Click Add
19. Add the Unmanaged Computers element
L9.6–9
Lab 9.6. Redirecting Computers to Authorization Page
Security-Center
20. In the Restrict network access area, select
Redirect to authorization portal
21. Click OK
22. Click OK
23. Wait for the policy to be enforced
●
L9.6–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Task 3
Test the rule
After the rule is created and applied, any network activity will be prohibited until the user is authorized. In this task,
we will make sure of that.
Security-Center
Partner
1. On the Partner computer, start Internet
Explorer
2. Go to www.google.com
3. Make sure that the authorization page opens
instead of the Google search page
L9.6–11
Lab 9.6. Redirecting Computers to Authorization Page
Security-Center
Partner
4. Type Guest for the login
5. Type Qwerty!@ for the password
6. Click Submit
7. Make sure that the initially requested page opens
after the successful authorization
●
L9.6–12 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Conclusion
In this lab we studied a simple authorization portal scenario based on Kaspersky Security Center NAC. If necessary,
the administrator can replace the standard authorization page with a custom one to extend its functionality.
L9.7–1
Lab 9.7. Limiting Access Based on Computer Status
Lab 9.7
Limiting Access Based on Computer Status
Lab objective. Configure limited network access for computers whose status is not OK.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. You want to use the network access control functionality to restrict access to
external networks for computers whose status is not OK. At the same time, the local network resources must be
accessible even for computers having the Critical status.
Contents. In this lab we will:
1. Create a rule allowing computers whose status is not OK to access only the local network resources
2. Test the rule
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account.
Password—Ka5per5Ky
Desktop
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account. Password—
Ka5per5Ky
L9.7–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Task 1
Create a rule allowing access only to the local network
resources
In this task you will create a rule allowing computers whose status is not OK to access only the local network
resources. Access to the Internet will be blocked until the computer status changes to OK.
Security-Center
1. Run the Administration Console
2. Select the Managed сomputers node and switch
to the Policies tab
3. Open the properties of Policy - Kaspersky
Security Center Network Agent
L9.7–3
Lab 9.7. Limiting Access Based on Computer Status
Security-Center
4. Switch to the Managing network access (NAC),
Network elements section
5. Click Add
6. Type Bad Status for the element name
7. Click the Add drop-down arrow
8. Select By computer status
L9.7–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
9. Select the Computer status is “Warning” and
Computer status is “Critical” check boxes
10. Click OK twice
11. Switch to the Network services addresses
section
12. Click Add
13. Type Internal addresses for the element name
14. Click Add
L9.7–5
Lab 9.7. Limiting Access Based on Computer Status
Security-Center
15. Select Specify IP subnet using the address and
the subnet mask
16. In the Subnet address field, type 10.28.0.0
17. In the Subnet mask field, type 255.255.255.0
18. Click OK
19. Click OK
20. Switch to the Access rules, Access restrictions
section
21. Click Add
22. Type Bad Status for the rule name
23. Click Add
L9.7–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
24. Add the Bad Status network element
25. In the Restrict network access area, select Allow
specified addresses only
26. Click Select
27. Add the Internal addresses network resource
28. Click OK
29. Click OK
30. Wait for the policy to be enforced
●
L9.7–7
Lab 9.7. Limiting Access Based on Computer Status
Task 2
Test the rule
After the rule for computers whose status is not OK is created and applied, they will be allowed to access only
the local network addresses. When the status will change to OK, any network activity will be allowed. In this task
we will make sure of that.
Security-Center
Desktop
1. Open the Desktops subgroup and switch to
the Computers tab
2. Make sure that the Desktop computer status is
OK (green)
3. Open computer properties and switch to
the Applications section
L9.7–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
4. Select Kaspersky Endpoint Security 10 for
Windows and click the Stop button
5. Wait for the application to become Inactive
6. Click OK
7. Click Refresh in the Administration Console
8. Make sure that the Desktop computer status has
changed to Critical (red)
L9.7–9
Lab 9.7. Limiting Access Based on Computer Status
Security-Center
Desktop
9. On the Desktop computer, run Internet
Explorer
10. Go to www.google.com
11. Make sure that the page is inaccessible
12. On the Start menu, click Run
13. Type \\dc
14. Press ENTER
15. Make sure that the local network is accessible
L9.7–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
16. In the Administration Console, switch to
the Computers tab within the Desktops
subgroup
17. Open computer properties and switch to
the Applications section
18. Select Kaspersky Endpoint Security 10 for
Windows and click the Run button
L9.7–11
Lab 9.7. Limiting Access Based on Computer Status
Security-Center
Desktop
19. Wait for the application to become Running
20. Click OK
21. Click Refresh in the Administration Console
22. Make sure that the Desktop computer status is
OK (green) again
L9.7–12 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
23. On the Desktop computer, restart Internet
Explorer
24. Once again, try to go to www.google.com
25. Make sure that this time the page is successfully
displayed
26. Open the Servers subgroup and switch to
the Computers tab
27. Open the properties of the Security-Center
computer
L9.7–13
Lab 9.7. Limiting Access Based on Computer Status
Security-Center
Desktop
28. Switch to the Applications section
29. Open the properties of the Kaspersky Security
Center Network Agent application
30. Switch to the Managing network access (NAC),
Settings section
31. Change the NAC agent operation mode to
Disabled
32. Click OK twice to close the properties of
the Security-Center computer
●
Conclusion
In this lab we studied the capability to grant access only to some addresses and block the other network activity. For
example, a computer that mismatches some criteria can be prohibited from accessing external networks. In this lab,
the rule allows the managed computers whose status is not OK to access only the local network addresses and
blocks any other activities.
L9.7–14 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
L9.8–1
Lab 9.8. Capturing Operating System Image
Lab 9.8
Capturing Operating System Image
Lab objective. Create an operating system image to be deployed to the client computers using Kaspersky Security
Center 10.
Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is
used for managing client computers. Microsoft Windows 7 operating system is installed on the client computers in
the company. The decision was made to deploy a new operating system, Microsoft Windows 8. You are going to use
the OS image capture and distribution functionality of Kaspersky Security Center 10. First of all, you need to
activate this functionality and create an image of a computer where Windows 8 operating system and the necessary
programs (including Network Agent) are installed already.
Contents. In this lab we will:
1. Install Windows Automated Installation Kit
2. Capture the computer image with Microsoft Windows 8 operating system and the necessary programs,
including Network Agent
Preparation
Turn on the DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Task 1
Prepare Kaspersky Security Center to image capturing
After the standard installation, Kaspersky Security Center cannot capture operating system images for two reasons.
First, for the Administration Server to be able to capture images, Windows Automated Installation Kit (WAIK) must
be installed on the server. It is a free set of tools that automate Windows installation, which can be downloaded from
the Microsoft web site.
Second, the OS image capture and distribution functionality is not included in the standard distribution of Kaspersky
Security Center. These features can be enabled only with a special license, which we installed in lab 9.1.
We will install WAIK in this task.
L9.8–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
1. Make sure that you are working with
the Administration Server virtual machine
2. On the VMware console menu, click VM,
Removable Devices, CD\DVD, Settings
3. In the Connection area, select Use ISO image
file
4. Click the Browse button to select
the KB3AIK_EN.ISO file (ask the instructor
where this file is located)
5. Click OK
6. In the AutoPlay window that opens, select Run
StartCD.exe
L9.8–3
Lab 9.8. Capturing Operating System Image
Security-Center
7. On the welcome page of the Windows Automated
Installation Kit wizard, click Windows AIK
Setup
8. On the welcome page of the WAIK installation
wizard, click Next
9. On the License Terms page, select I Agree and
click Next
L9.8–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
10. On the Select Installation Folder page, click
Next
11. On the Confirm Installation page, click Next
12. Wait for the installation to finish
13. On the Installation Complete page, click Close
●
L9.8–5
Lab 9.8. Capturing Operating System Image
Task 2
Capture the operating system image
Generally, to be able to capture an operating system image, it is sufficient to know credentials of an administrative
account for this computer. However, usually, images help the administrators to save time and effort on installing not
only the operating system, but also standard applications. That is why all programs that must be installed on
the computers to be given to the users should also be installed on the computer from which the image is taken.
These applications may include Microsoft Office or some special software packages. Also, since Kaspersky Security
Center is used in the organization, Network Agent must be installed on this computer. Then, after the image is
deployed on a computer, it will immediately connect to the Administration Server.
Therefore, we will use a computer with pre-installed Network Agent in this task. Preparatory actions are not
necessary before capturing the image. After the image is deployed to a new computer, Network Agent will
automatically detect that the equipment has changed and will generate a new identifier for the Administration
Server. This identifier will tell the Administration Server that it is a new computer.
Security-Center
Reference
1. Boot up the computer named Reference
2. Run the Administration Console
3. Open the Remote installation container,
Installation packages node
4. Click Create installation package
L9.8–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Reference
5. On the Select installation package type page,
click Create installation package based on OS
image of reference computer
6. On the subsequent page, click Next
7. Type Capture Windows 8 Image for the task
name and click Next
8. On the Settings page, in the Installation
package name field, type Windows 8
Enterprise English for the package name
9. Click the Browse button next to the Computer of
which the OS image will be taken field and
select the Reference computer in the Managed
computers\Reference group
10. Clear the Create backup copy of the computer
state check box
11. Click the Browse button next to the Shared
folder for storing images field and select
the shared folder where the image will be saved:
\\Security-Center\Pub
L9.8–7
Lab 9.8. Capturing Operating System Image
Security-Center
Reference
12. Specify the account that has the Write permission
on the selected shared folder: username
ABC\Administrator, password Ka5per5Ky, and
click Next
13. On the Selecting account to start the task page,
click Next
14. On the following page, click Next
L9.8–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Reference
15. Click Finish
16. On the Reference computer, log on to
the ABC\dummy account, password Ka5per5Ky
17. Double-click the Desktop widget in the lower-left
corner of the window
18. Wait for the restart message
L9.8–9
Lab 9.8. Capturing Operating System Image
Security-Center
Reference
19. Click Restart
20. Wait for the computer to start to a Command
Prompt and run the image capturing script
21. Wait for the Capturing of image was started
status of the Capture Windows 8 Image task
22. Click View results and look through the current
task execution results
L9.8–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Reference
23. The task will complete in 1 or 2 hours
●
Conclusion
In this lab we captured an operating system image to be deployed across the network. The Network Agent is not
actually required to be installed on the computer; the only requirement is knowing an administrator’s credentials.
However, since the computer should have all the necessary programs installed, we may say that Network Agent is
also a pre-requisite.
The administrator need not prepare the computer for image capturing anyhow. All actions are performed
automatically.
If software is regularly updated on the standard computer and the image should also be updated, the image capture
task can be scheduled to automatically start weekly or monthly.
L9.9–1
Lab 9.9. Deploying Operating System
Lab 9.9
Deploying Operating System
Lab objective. Deploy an operating system from the created image using Kaspersky Security Center 10.
Scenario. You are an Anti-Virus security administrator in ABC company, where Kaspersky Security Center 10 is
used for managing client computers. The company migrates to Windows 8 and your task is to deploy the new
operating system both on old and new computers. You already created an image of Windows 8 with installed
programs, and now you need to deploy the image to the computers using Kaspersky Security Center 10.
Contents. In this lab we will:
1. Install the Windows 8 image to the managed computers
2. Install the Windows 8 image to bare metal computers—computers without an operating system
Preparation
Turn on DC computer.
Security-Center
1. Boot up the computer named Security-Center
2. Log on to the abc\Administrator account,
password—Ka5per5Ky
Desktop
3. Boot up the computer named Desktop
4. Log on to the abc\Alex account, password—
Ka5per5Ky
Task 1
Deploy the image to the managed computers
In this task you will deploy the Microsoft Windows 8 image to the managed computers. The image contains
an installed Network Agent with configured Administration Server connection settings, and the computer will be
manageable right after the installation.
L9.9–2 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
1. Run Kaspersky Security Center Administration
Console
2. Expand the Remote installation container and
open the Installation packages node
3. On the shortcut menu of the Windows 8
Enterprise English installation package, select
Install application
4. On the Selecting computers for installation
page, click Select computers for deployment
L9.9–3
Lab 9.9. Deploying Operating System
Security-Center
Desktop
5. Select the Desktop computer in
the Workstations\Desktops group and click
Next
6. On the subsequent page, click Next
7. On the page where the action in case of restart is
to be selected, leave the default choice and click
Next
L9.9–4 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
8. On the Selecting account to access
the computer page, click Next
9. On the subsequent page, click Next
10. On the Starting installation page, also click
Next
L9.9–5
Lab 9.9. Deploying Operating System
Security-Center
Desktop
11. Make sure that the task is running
12. On the Desktop computer, wait for the restart
message
13. Click Restart
14. Wait for automatic start of the script that installs
the system from an image
L9.9–6 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
15. After this process finishes, Windows 8 operating
system will boot (this may take more than
5 minutes). Wait for the license agreement to
appear
16. Select the I accept the license terms for using
Windows checkbox and click Accept
L9.9–7
Lab 9.9. Deploying Operating System
Security-Center
Desktop
17. Type Desktop for the computer name
18. Click Next
L9.9–8 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
19. Click Use express settings
L9.9–9
Lab 9.9. Deploying Operating System
Security-Center
Desktop
20. Click Sign in with a Microsoft account at
the bottom
L9.9–10 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
21. Click Local account
L9.9–11
Lab 9.9. Deploying Operating System
Security-Center
Desktop
22. On the account setup page, type:
User name: Alex
Password: Ka5per5Ky
Reenter password: Ka5per5Ky
Password hint: Eugene
(or whatever you prefer, as Eugene is blatantly
a non-secure hint)
23. Click Finish
L9.9–12 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
24. On the Security-Center computer, make sure
that the task is completed
25. Open the Workstations\Desktops group and
switch to the Computers tab
26. Note that the Desktop computer is disconnected
from the network
L9.9–13
Lab 9.9. Deploying Operating System
Security-Center
Desktop
27. Open the properties of the Desktop computer
28. Note the warning that there are other computers
having the same name in the network
29. Click View in the warning area
30. Right-click the computer in the table and select
All tasks, Move to group on the shortcut menu
31. In the Select group window, select the Desktops
group and click OK
32. Click the Close button to close the table
33. Close the Properties: Desktop window
L9.9–14 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Desktop
34. On the Computers page, click Refresh
35. Make sure that there are two computers named
Desktop in the group now—one disconnected
from the server running Windows 7 operating
system, and another one connected to the server
running Windows 8 operating system
36. Delete the Desktop computer with Windows 7
operating system
●
L9.9–15
Lab 9.9. Deploying Operating System
Task 2
Deploy the image to a new machine without an operating
system
In this task you will install the Microsoft Windows 8 operating system from the created image to bare metal using
Kaspersky Security Center. The main condition of a bare metal installation is the availability of a PXE server that
starts client computers at a command prompt over the network, and a DHCP server that informs the computer about
the network parameters, which is a must for loading the image from the Administration Server.
Security-Center
Bare_Metal
1. Boot up the computer named Bare_Metal
2. Make sure that an operating system is not
installed there
3. Write down or remember the MAC address of
the computer, which is written on its screen
(CLIENT MAC ADDR)
L9.9–16 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Bare_Metal
4. On the Administration Server, expand
the Remote installation container and open
the Deploying computer images node
5. Click Manage the list of PXE servers in
the network
L9.9–17
Lab 9.9. Deploying Operating System
Security-Center
Bare_Metal
6. Click Add and select the Security-Center
computer from the Servers group
7. Click OK
8. In the PXE server properties window, click OK
too
9. Make sure that Security-Center has appeared in
the list of PXE servers and click OK
10. Click Add MAC address of target computer
11. Type the MAC address of the Bare_Metal
computer (the address elements should be
separated by colons or hyphens)
12. Click OK
L9.9–18 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Bare_Metal
13. Right-click the added computer and select Assign
OS image installation package on its shortcut
menu
14. Select the Windows 8 Enterprise English
installation package and click OK
L9.9–19
Lab 9.9. Deploying Operating System
Security-Center
Bare_Metal
15. Restart the Bare_Metal computer
16. Wait for the computer to boot at a command
prompt over the network and for the image
deployment script to start
17. When Windows 8 starts, repeat steps 15-23 of
Task 1, name the computer Desktop2 and specify
the John username with Ka5per5Ky password
18. Right-click the Administration Server node and
select Search on its shortcut menu
19. In the Search window, type Desktop2 in
the Computer Name field and click Find now
20. On the shortcut menu of the found computer,
select All tasks, Move to group
L9.9–20 KASPERSKY LAB™
KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center
Bare_Metal
21. In the Select group window, specify
the Workstations, Desktops group
22. Click OK and close the Search window
23. Open the Desktops group
24. Make sure that both computers Desktop and
Desktop2, which are installed from the same
image, are simultaneously connected to
the Administration Server
●
Conclusion
In this lab we remotely installed operating system from a previously created image. This mechanism can be used
both for upgrading the operating system on managed computers and for deploying software to new computers.
The key elements for image deployment are a DHCP server, which sends network parameters to the computers
started at a command prompt, and a PXE server, which allows starting the computers without an operating system
over the network.
V 2.1