By choosing Kaspersky Lab products, you get reliable protection of your IT infrastructure and the ability to control security in your company using a single, convenient management console Kaspersky Security Center.

• System administration

Review

Previously, IT departments had to work simultaneously with multiple management consoles to manage multiple security tools and perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the work of the administrator.

Ease of Management
The main goal creating Kaspersky Security Center was committed to simplifying and speeding up the setup, startup and management processes for IT security tools and systems in complex IT environments. A single management console helps you control all Kaspersky Lab security and system administration tools you use. With Kaspersky Security Center you can control every workplace and every device on your network, centrally address security concerns, reduce operational costs and improve productivity.

Intuitive interface
When developing Kaspersky Security Center, our specialists strived to provide the user with the most easy-to-use interface with clearly organized monitoring panels.

Easy installation
Using the installation wizard, you can quickly and easily install and configure Kaspersky Lab security solutions throughout your IT environment.

Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the security status of the corporate network.

Simple reporting
Kaspersky Security Center allows you to create and configure various reports on the protection status. Reports can be generated either on demand or according to a specified schedule.

Support for multi-platform environments
Working in the operating room Windows system, Kaspersky Security Center supports managing multiple operating systems and platforms, including servers and workstations for Windows control, Linux and Novell Netware, as well as mobile devices running Android control, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone.

How to get Kaspersky Security Center

Kaspersky Security Center is part of Kaspersky TOTAL Security for business and all Kaspersky Endpoint Security for business products: STARTER, STANDARD and ADVANCED. Kaspersky Security Center will include only those management tools that are necessary to work with the Kaspersky Lab product you have chosen. If you decide to upgrade to a higher level of Kaspersky Endpoint Security for Business or to the most complete solution Kaspersky TOTAL Security for Business, additional management tools will automatically appear in the Kaspersky Security Center management console.

Job security management

Installation, configuration and management of endpoint protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage the security of your business and protect it from known and new malware. software, prevent IT security risks and reduce security costs.

• Antivirus protection and firewall
  Allows the administrator to audit the use of applications, allow or block their launch.
• Whitelists
  Kaspersky Security Center provides flexible management options for anti-malware protection:
  • Set and manage protection policies for multiple platforms, including Windows, Linux, and Mac;
  • configure protection settings for individual devices, groups of servers and workstations;
  • Perform anti-virus scans on demand and on a schedule;
  • process quarantined objects;
  • manage anti-virus database updates;
  • manage cloud Kaspersky protection Security Network;
  • Configure and manage firewall and intrusion prevention system (HIPS).
• Control of applications, devices and Web Control
  Centralized management of the IT infrastructure allows you to create security policies and provide additional protection for valuable data. You can set rules for groups and individual users.
  • restrict the launch of unwanted applications on your network using Application Control;
  • create access rules for devices that users connect to the network based on type or serial number device, as well as based on the method of connecting the device;
  • Monitor and control Internet access for the entire enterprise or groups of users.
• File server protection
  The only infected object from network storage capable of infecting a large number of computers. To avoid this, Kaspersky Security Center makes it possible to configure and manage all protection functions for file servers.
  • Control malware protection for file servers running:
    • Windows;
    • Linux;
    • Novell NetWare.
• Encryption
  Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.
  • You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
  • You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
    • hard drives(file and folder encryption or full disk encryption);
    • removable devices (file and folder encryption or full disk encryption).

Mobile device management

Needs for access to corporate systems mobile devices are growing, and Kaspersky Security Center helps protect them and ensure the safety of using personal devices for work.

• Mobile device protection management
  Kaspersky Security Center helps you deploy and configure protection for mobile devices:
  • configure mobile workplace protection, including creating security policies for iOS;
  • install and update software via SMS, email or via users' computers;
  • Monitor whether all users have fully deployed security controls on their devices;
  • control access to the corporate network;
  • set policies for groups or individual users using Active Directory;
  • configure ActiveSync settings.
• Malware protection
  Kaspersky Lab technologies provide comprehensive protection of mobile devices from malware, and Kaspersky Security Center helps you flexibly manage the functions of this protection:
  • Run malware scans on demand and on a schedule;
  • use anti-spam tools to filter out unwanted calls And text messages(except iOS).
• Mobile Application Management
  Kaspersky Security Center allows you to control which programs can be launched on the user's Android mobile device:
  • use the "Default permission" mode to prevent only blacklisted applications from running;
  • use Deny by Default mode to allow only whitelisted programs to run;
  • create a policy to control cases of unauthorized flashing of devices
• Data encryption on mobile devices
  In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:
  • manage full encryption disk on devices with the iOS operating system;
  • configure encryption of files and folders.
• Containers
  Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:
  • configure containers to completely isolate corporate data from personal data on the user’s device;
  • manage container encryption;
  • control access of programs to certain resources on a mobile device;
  • set restrictions on access to data;
  • Use remote troubleshooting tools when you encounter problems with applications or containers.
• Anti-Theft
  Remote management using Kaspersky Security Center allows you to still control some important functions if your mobile device is lost or stolen:
  • remote blocking will prevent unauthorized access to your corporate network;
  • the search function allows you to determine the approximate location of the missing mobile device;
  • The wipe function gives you the choice to delete corporate data or restore factory settings.

When you purchase Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Security for Mobile, all mobile device management capabilities will be available in Kaspersky Security Center. This way, you can use a single console to manage your mobile devices, endpoint protection, and many other Kaspersky Lab technologies.

System administration tools

In addition to detailed control over the security of the IT infrastructure, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and increase productivity and reduce operational costs.

• Deployment of OS and programs
  Kaspersky Security Center makes it possible to manage OS and program images: create, quickly copy and deploy.
• Software installation
  The remote software installation feature in Kaspersky Security Center saves administrators time and helps reduce the amount of traffic transmitted over the corporate network.
  • Deploy software on demand or according to a schedule.
  • Using dedicated update servers
• License management and hardware and software
  Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:
  • Keep track of all devices on your network with automatic hardware inventory;
  • Monitor application usage and track license renewal issues using summary reports generated by Kaspersky Security Center.
• Vulnerability monitoring
  After inventorying your hardware and software, you can search for vulnerabilities in operating systems and applications that have not been patched:
  • generate detailed reports on vulnerabilities;
  • Perform vulnerability assessments and prioritize patches.
• Patch installation management
  Once you find vulnerabilities, you can efficiently distribute the most important patches using Kaspersky Security Center:
  • manage the download of patches from Kaspersky Lab servers;
  • Manage the installation of Microsoft updates and patches on computers on your network.
• Network access control
  Network access control not only provides automatic discovery of devices on the corporate network, but also simplifies setting policies for guest mobile devices:
  • manage policies for providing access to your corporate network from various devices;
  • Manage guest access to the Internet and corporate network resources.

All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Systems Management.

Full list of supported applications:

Kaspersky Security Center provides management of the following Kaspersky Lab solutions for protection against information threats:

• mobile device protection:
  • Kaspersky Endpoint Security for Smartphone
• workstation protection:
  • Kaspersky Endpoint Security for Linux
  • Kaspersky Endpoint Security for Mac
  • Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
  • Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
• server protection:
  • New! Kaspersky Endpoint Security for Windows
  • Kaspersky Anti-Virus for Windows Server s Enterprise Edition
  • Kaspersky Anti-Virus for data storage systems
  • Kaspersky Anti-Virus for Linux File Server
  • Kaspersky Anti-Virus 6.0 for Windows Servers MP4
  • Kaspersky Anti-Virus 5.7 for Novell NetWare
• protection of virtual environments:
  • New! Kaspersky Security for Virtualization

Please note that some versions of security solutions are supported for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations under Linux control is still carried out using Kaspersky Administration Kit – previous version means of centralized management of the protection system.

System requirements

Administration Server

Software requirements:	Hardware requirements:
Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0 Microsoft® Windows® Installer 4.5 (for Windows Server® 2008 / Windows Vista®)
Database management system: Microsoft® SQL Server Express 2005, 2008 Microsoft® SQL Server® 2005, 2008, 2008 R2 MySQL Enterprise
32-bit OS:	512 MB RAM
64-bit OS: Windows Server 2003	512 MB RAM 1 GB of free hard disk space

Administration Console

Software requirements:	Hardware requirements:
Microsoft® Management Console 2.0 or later Microsoft® Internet Explorer® 8.0
32-bit OS: Windows Server 2003 (including Windows Small Business Server 2003) Windows Server 2008 Windows XP Professional SP2 / Vista SP1 / 7 SP1	1 GHz processor or higher 512 MB RAM 1 GB of free hard disk space
64-bit OS: Windows Server 2003 Windows Server 2008 SP1 (including Windows Small Business Server 2008) Windows Server 2008 R2 (including Windows Small Business Server 2011) Windows XP Professional / Vista SP1 / 7 SP1	1.4 GHz processor or higher 512 MB RAM 1 GB of free hard disk space

Web administration console server

Software requirements:	Hardware requirements:
Web server: Apache 2.2
32-bit OS: Windows Server 2003 (including Windows Small Business Server 2003) Windows Server 2008 (including Core mode) Windows XP Professional SP2 / Vista SP1 / 7 SP1	1 GHz processor or higher 512 MB RAM 1 GB of free hard disk space
64-bit OS: Windows Server 2003 Windows Server 2008 SP1 (including Windows Small Business Server 2008 and Core mode) Windows Server 2008 R2 (including Windows Small Business Server 2011 and Core mode) Windows XP Professional / Vista SP1/ 7 SP1	1.4 GHz processor or higher 512 MB RAM 1 GB of free hard disk space

Kaspersky TOTAL Security for Business includes all the features of Kaspersky Security Center. When using other Kaspersky Lab products, the set of Kaspersky Security Center capabilities will depend on the functionality of the selected solution.

New Web Console

The main advantages of Web Console compared to MMC:

No client-side installation required, just a web browser required

Since you only need a browser, it doesn’t matter what operating system

If you work on a mobile device, you can view reports directly from the beach

Web Console supports the User-Centric model, that is, the administrator assigns a policy not to the device, but to the user. The User-Centric management model works if devices are assigned owners in AD. KSC will be able to receive this information and assign policy profiles not to devices, but to device owners. The old Device-Centric management model, where policy profiles were assigned to devices, remains available and is the default.

Web Console is a separate distribution. It can be installed either on a computer with KSC or on a separate computer.

Interaction scheme:

Web Console is a web server based on the Node.js platform.

The Web Console server part connects to KSC using the new KSC Open API protocol based on HTTPs. The client part is an SPA (Single Page Application).

In its simplest form, SPA is a web application whose components are loaded once on the page, and the content is loaded as needed. Those. when we click on any interface element in the Web Console, JavaScript is launched, which loads modules and renders what we requested. And everything will look as if we went to another page.

Changes in the interface of the MMC administration console

Several new nodes have appeared in the console tree:

Multitenant applications – this may include LC applications that have Multitenancy support functionality, for example, KSV.

Deleted objects – this includes deleted entities, such as tasks, policies, installation packages

Triggering of rules in Smart Training mode – information about triggering of rules in the training mode for the new AAC component comes here

Active threats (previously called Unprocessed files)

So, what can go into the Deleted objects node. All entities that have a Revisions section in their properties go to the Deleted objects node after deletion.

Namely: - Policies - Tasks - Installation packages - Virtual Administration Servers - Users - Security groups - Administration groups

We can say that this is an analogue of the Recycle Bin in Windows.

General and end-to-end forKSC subnet list

In KSC, subnets can be used in multiple places. For example, in the properties of KSC, when we want to limit the transmission of traffic by time. In the Agent policy, when setting up connection profiles.

In KSC 10, it was necessary to separately set subnet parameters in each of these places, which was not very convenient.

In KSC 11, a new section has appeared in the properties of the Administration Server, where you can specify a list of subnets within an organization once and this list will be available anywhere in KSC where you need to select a subnet as a parameter.

Installation package: protection level indicator

The KES 11.1 installation package in KSC 11 no longer has installation options.

But they added a protection indicator to the properties of the installation package; previously such an indicator was only in the policy. If the administrator decides to disable the installation important component KES 11.1, the indicator will change color. You can also see what influenced the change in the level of protection.

KSC 11: supportdiff – update files

The update servers store several sets of databases, complete and so-called diff files (the difference (delta) between the current and previous update). Diffs can be daily or weekly. KSC 10 was able to download only the full set of databases, now it can download both sets, full and diffs.

The paradox is that KES has long been able to work with diffs, but only when updating from the Internet, now KES can use diffs when updating from KSC. This will significantly reduce internal traffic many times over.

Network Agents: supportdiff – update files

The option to download updates in advance (offline update mode) is enabled in the Agent policy by default

Diff file relay does not work when offline update mode is enabled

Diff files will not be transferred to older versions of Agents

BUT! In the Network Agent properties there is an option “Download updates from KSC in advance”. So, if this option is enabled, and it is enabled by default, then KES will be updated the old fashioned way without using diffs.

KSC 11: Update Agents

Update Agents can now also distribute DIFF update files.

In addition, they can now act as a KSN Proxy and can redirect KSN requests from protected devices to the Administration Server or directly to global KSN servers.

UpdateAgent: support 10,000 nodes

By default, KSC assigns Update Agents automatically.

In KSC 10, if the administrator wanted to assign the Update Agent manually, this caused inconvenience in large networks. Why? Because previously one Update Agent could support up to 500 hosts. And if there are several thousand hosts on the network, then it was necessary to assign many Update Agents to cover the entire network. In addition, not any computer can become an Update Agent; it must meet certain system requirements.

In general, manually assigning an Update Agent in large networks used to be a difficult task.

Now this problem has disappeared, because... now one Update Agent supports up to 10,000 hosts.

Since the number of supported hosts has increased, the system requirements to a computer that can be assigned an Update Agent (processor frequency 3.6 GHz or higher, RAM from 8 GB, Volume free space on a disk from 120GB)

FolderKLSHARE has moved: C:\ProgramData\KasperskyLab\adminkit\1093\.working\share\

K.S.C. 11: Plugin Backward Compatibility KES

KSC11 introduces backward compatibility of KES plugins.

Previously, if they were used on the network different versions KES, the administrator had to maintain separate sets of policies and tasks for each version. Now the policies and tasks of KES 11.1 will apply to KES 11.

K.S.C. 11: remote installation

A new section has appeared in the Remote Installation Wizard - Behavior for devices managed through other Administration Servers.

If there are multiple KSC servers on the network, they can see the same devices. This option allows you to avoid installation on a device that is connected to another KSC.

KSC 11: improvements inRBAC

Firstly, RBAC no longer requires a license for the Administration Server.

Secondly, new roles have appeared: - Auditor - Security Officer - Supervisor. By default they are not assigned to anyone.

Thirdly, it became possible to relay the list of roles to subordinates of the Administration Server. Previously, you had to work with roles separately on each Server, which was not very convenient. Now you can create and configure roles in one place on the Main Administration Server and move them down the hierarchy.

KSC 11: new reports

Report on the status of application components– allows the administrator to clearly understand where which components are installed and their current status. This important information, because An installed but not running component reduces the effectiveness of end node protection. Previously, the administrator did not have the opportunity to view the status of KES components in one place on all devices at once. To find out which components were installed and running, we had to look at each host separately, which was inconvenient and time-consuming.

If necessary, based on this report, you can build detailed reports on individual components, for example, see where Endpoint Sensor is installed.

Reportonthreatdetectiondistributedbycomponentanddetectiontechnology- information about which particular protection component detected the threat and using what technology. This allows you to clearly demonstrate the operation of detection technologies and the usefulness of protection components.

Integration withSIEM via syslog

To send events from KSC to the SIEM system via the syslog protocol, a license is no longer required.

But this only applies to Syslog, integration with ArcSight, QRadar and Splunk still requires a license!

Diagnostics of update installationWindows

The option automatically enables Network Agent tracing. Trace files are stored in the folder - %WINDIR%\Temp

TOTALKSC 11:

A full-fledged KSC Web Console has appeared

Implemented support for DIFF update files

Support implemented backward compatibility KES plugins

Update agents can act as a KSN proxy and support up to 10,000 nodes

Adding new roles to RBAC does not require a KSC license

New reports added

Integration with SIEM systems via syslog no longer requires a license

Windows update installation diagnostics have been expanded

This material was prepared for specialists involved in managing anti-virus protection and security in an enterprise.

This page describes and discusses the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when antivirus protection from Kaspersky Lab is already in use, it is also common that IT specialists do not know the most interesting aspects in the work of new versions of products that really help make life easier for these same IT specialists, and at the same time increase the level of security and reliability.

After reading this article and watching the videos, you will be able to briefly familiarize yourself with the most interesting functionality that provides latest version management consoles of Kaseprky Security Center and Kaspersky Endpoint Security and see how it works.

1. Installation of the Kaspersky Security Center 10 administration server.

You can find the necessary distribution kits on the official Kaspersky Lab website:

ATTENTION! The distribution kit for the full version of Kaspersky Security Center already includes the latest version of Kaspersky Endpoint Security distribution kit.

First of all, I would like to talk about where to start installing anti-virus protection from Kaspersky Lab: Not with the anti-viruses themselves on client computers, as it might seem at first glance, but with the installation of the administration server and the central management console Kaspesky Security Center (KSC ). Using this console, you can deploy anti-virus protection on all computers in your organization much faster. In this video you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer for an anti-virus solution for client computers, which even a completely untrained user can install (I think every administrator has such “users”) - the installation interface contains only 2 buttons - “Install” and “Close”.

The administration server itself can be installed on any computer that is always on or is maximally accessible; this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but from previous versions - perhaps you will hear and see something new for yourself...

DID YOU LIKE THE VIDEO?
We do the same supply of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not have to pay anything for this miracle of civilization.

In order to “link” already installed client antiviruses with the administration server, you need very little:

• Install the administration server (First section of this article).
• Install the administration server agent (NetAgent) on all computers - I will tell you about the installation options in the attached video below.
• After installing the administration server agent, the computers, depending on your settings, will be either in the “Non-distributed computers” section or in the “Managed computers” section. If the computers are in “Not distributed computers”, they will need to be transferred to “Managed computers” and configure a policy that will apply to them.

After these steps, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be fewer infections and less headaches for the administrator.

In the video below, I will try to describe scenarios for installing NetAgents on client computers, depending on how your network is structured.

Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks and centrally manages various security tools

Application

Many large organizations create corporate networks between devices to facilitate data transfer and management. Such solutions are very smart, however, we should not forget about certain threats and it is worth thinking about security. Kaspersky Security Center from Kaspersky Lab does an excellent job of this task.

Benefits of the program

This tool generates a common control center for a system of devices used by all members of the organization. The software is universal, compatible with both computers and mobile devices. The system is entirely under the control of the device administrator, who protects it from viruses and various threats. The implementation of protection occurs at different stages, since it is complex.

The Control Center is responsible for monitoring the activities of programs, their opening and blocking of harmful software. It influences all applications and programs installed on computers that are associated with corporate network. The administrator controls user actions, either by adjusting their own security settings or using standard templates.

Kaspersky Security Center constantly checks the system for weaknesses, updates security components, and monitors the availability of updates for running software. When checking the system, the program provides reports on its actions. Reports are generated automatically when regular checking is activated, but the tool is able to generate them upon user request and transfer them to files PDF formats, HTML and XML.

The intuitive interface that the program is equipped with makes the user's work easier.

Key Features:

• Protection for both desktop and mobile devices.
• Supports devices with different operating systems.
• Control is carried out either by several users or by one administrator.
• Blocking unwanted software.
• Convenient security policy settings, the ability to use both standard profiles and create your own.

Goal of the work.

This lab is devoted to installing the Security Center antivirus protection management server.

Preliminary information.

Before you begin installation, you need to decide on the general scenario for deploying anti-virus protection. Two main scenarios offered by Security Center developers:

• - deployment of anti-virus protection within the organization;
• - deployment of anti-virus protection of the client organization’s network (used by organizations acting as service providers). The same scheme can be used within an organization that has several remote divisions, computer networks which are administered independently of the head office network.

In data laboratory work the first scenario will be implemented. If you plan to use the second one, you will additionally need to install and configure the Web-Console component. And here we need to talk about the architecture of the Security Center. It includes the following components:

• 1. Administration Server, which performs the functions of centralized storage of information about the LC programs installed in the organization’s network and their management.
• 2. Network Agent carries out interaction between the Administration Server and LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
• 3. Administration Console provides a user interface for managing the Server. The administration console is designed as an extension component to Microsoft Management

Console (MMC). It allows you to connect to the Administration Server both locally and remotely, using local network or via the Internet.

4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection of the client organization's network, which is managed by Kaspersky Security Center. The use of this component will not be studied in this laboratory workshop.

• 1. Installation and configuration of the Server and Administration Console.
• 2. Creation of administration groups and distribution of client computers among them.
• 3. Remote installation to client computers of Network Agent and LC anti-virus programs.
• 4. Updating signature databases of LC programs on client computers.
• 5. Configuring notifications about anti-virus protection events.
• 6. Launch the on-demand scan task and check the operation of event notifications on client computers.
• 7. Analysis of reports.
• 8. Setup automatic installation antivirus programs on new computers on the network.

This lab will cover the implementation of the first stage. In Fig. Figure 5.35 shows a diagram of a laboratory bench simulating a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center server and administration console on the AVServ server.

Rice. 5.35.

Table 5.5

Differences in Kaspersky Security Center 9.0 distribution versions

Component	Full
	version	version
Administration Server distribution package
Kaspersky Endpoint Security for Windows distribution kit
Network Agent distribution
Microsoft SQL 2005 Server Express Edition
Microsoft. NET Framework 2.0 SP1
Microsoft Data Access Component 2.8
Microsoft Windows Installer 3.1
Kaspersky Security Center System Health Validator

The Security Center distribution package can be downloaded from the link http://www.kaspersky.ru/downloads-security-center. In this case, you can choose the version of the downloaded distribution - Lite or full. In table Table 5.5 lists the differences between the distribution versions for version 9.0, which was used to prepare descriptions of laboratory work. To complete the laboratory you will need full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.

Description of work.

After finishing preparatory actions run the Security Center installation program on the AVServ server. After the welcome window, you will be asked for the path to save the files needed during the installation process, another welcome window will appear and a window with license agreement, which you must accept to continue the installation process.

When choosing the installation type, select the “Custom” option, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.

If you select the “Standard” option, then as a result of the wizard, Administration Server will be installed along with the server version of Network Agent, Administration Console, application management plugins available in the distribution package, and Microsoft SQL Server 2005 Express Edition (if it has not been installed previously).

The next step is to select the server components to install (Fig. 5.36). We need to install the Administration Server, and leave this checkbox unchecked.

We will not use Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network.

Also, as part of the laboratory workshop, there are no plans to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components at this time.

The selected network size affects the setting of the values ​​of a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after installing the server.

You will also need to specify the account under which the administration server will be launched, or agree to the creation of a new account (Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), this window may contain the option " Account systems." Anyway, this entry must have administrator rights, which is required both for creating the database and for subsequent operation of the server.

Table 5.6

Settings based on network size

Parameter / number of computers		100-1000	1000-5000	More
Displaying the slave node in the console tree and virtual Servers administration and all parameters related to slave and virtual Servers	absent	absent	present	present
Displaying Sections Safety in the properties windows of the Server and administration groups	absent	absent	present	present
Creating a Network Agent policy using the Initial Configuration Wizard	absent	absent	present	present
Random distribution of update task launch time on client computers	absent	within 5 minutes	within 10 minutes	within 10 minutes

Rice. 5.37.

The next step is to select the database server to use (Fig. 5.38). To store data, Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express 2005, 2008 editions) or MySQL Enterprise. In Fig. 5.38, A the DBMS type selection window is shown. If selected MySQL server, you will need to specify the name and port number for the connection.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work we will use the recommended configuration, which involves installing MS SQL Server 2005 Express along with the Security Center installation (Fig. 5.38, b).

Rice. 5.38.

After selecting SQL Server as the DBMS to use, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

To store installation packages and distribute updates, the administration server will use the folder provided in general access. You can specify an existing folder or create a new one. The default share name is KL8NAKE.

Rice. 5.39.

You also have the option to specify the port numbers used to connect to the Security Center server. By default, TCP port 14000 is used, and for protocol-protected SSL connections- TCP port 13000. If after installation you cannot connect to the administration server, you should check whether these ports are blocked by the firewall Windows screen. In addition to those mentioned above, UDP port 13000 is used to transmit information about shutting down computers to the server.

Next, you will need to specify the method for identifying the administration server. This could be an IP address, DNS or NetBIOS names. In used for laboratory practical work virtual network A Windows domain is organized and there is a DNS server, so we will use domain names(Fig. 5.40).

Rice. 5.40.

The next window allows you to select installed plugins to manage antivirus programs OK. Looking ahead, we can say that the Kaspersky Endpoint Security 8 for Windows product will be deployed, the plugin for which we will need (Fig. 5.41).

Rice. 5.41.

After this, the selected programs and components will be installed on the server. Once the installation is complete, the administration console will launch or, if you unchecked the last window of the installation wizard, launch it from the Start menu -> Programs -> Kaspersky Security Center.

Exercise 1.

In accordance with the description, install the administration server on virtual machine AVServ.

When you launch the console, the initial server setup is performed. In the first step, you can specify activation codes or files license keys for LC antivirus products. If you have a “corporate” key for several computers, with default settings the key will be automatically distributed by the server to client computers.

Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network (KSN), remote service to provide access to the Kaspersky Lab knowledge base about the reputation of files, Internet resources and software.

The next step is to configure settings for notifying the anti-virus protection administrator by e-mail. Must be specified mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the laboratory does not have a suitable mail server, you can skip this step and make the settings later.

If you access the Internet through a proxy server, you will need to specify its parameters. After completing this stage, standard policies, group tasks and administration tasks will be automatically created. They will be discussed in more detail in the following labs.

Rice. 5.43.

The next step is to automatically start downloading updates. If the download has started successfully, you can, without waiting for the completion, click the “Next” button and after finishing the initial setup wizard, go to the main window of the Administration Console (Fig. 5.43). It should display that there is one managed computer on the network (along with the administration server, an administration agent was installed on the AVScrv computer), which does not have anti-virus protection. This is considered a critical event.

Task 2.

Perform the initial server setup.

The administration console can be installed separately from the Console folder of the distribution disk by running the Setup program. If you are using a distribution package downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default this is the C:KSC9 ussianConsole folder.

Rice. 5.44.

Task 3.

Install the Security Center administration console on the Stationl .labs.local virtual machine. Check connectivity to the AVServ.labs.local server. To do this, you must indicate its address or name in the console window (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).

Rice. 5.45.

Rice. 5.46.

If the connection fails, check whether the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through Control Panel: System and Security -> Windows Firewall -> Allow a program to run through Windows firewall. The corresponding resolution settings must be present, see fig. 5.46 (the names of the rules remained as in the previous version of the product - Kaspersky Administration Kit).