Plugins for Kaspersky Security Center 10. Installing Kaspersky Security Center. Configuring centralized management on computers with Kaspersky

Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks, and centrally manages various security tools

Application

Many large organizations create corporate networks between devices to facilitate data transfer and management. Such solutions are very competent, however, one should not forget about certain threats and it is worth thinking about security. Kaspersky Security Center from Kaspersky Lab does an excellent job with this task.

Benefits of the program

This tool generates a common control center for the system of devices used by all members of the organization. The software is universal, compatible with both computers and mobile devices. The entire system is under the control of the device administrator, who protects it from viruses and various threats. The implementation of protection occurs at different stages, since it is complex.

The Control Center is responsible for controlling the activities of programs, opening them and blocking harmful software. It affects all applications and programs installed on computers that are connected to the corporate network. The administrator manages user actions, either by adjusting their own security settings or using standard templates.

Kaspersky Security Center constantly checks the system for weaknesses, updates security components, and monitors the availability of updates for running software. When checking the system, the program presents reports on its actions. Reports are generated automatically when the regular check is activated, but the tool is able to generate them at the request of the user, and translate them into PDF, HTML and XML files.

The intuitive interface provided with the program facilitates the user's work.

Key Features:

  • Protection of both stationary and mobile devices.
  • Support for devices with different operating systems.
  • Control is carried out either by several users or by one administrator.
  • Blocking unwanted software.
  • Convenient security policy settings, the ability to apply both standard profiles and create your own.

Purpose of work.

This lab focuses on installing the Security Center Antivirus Management Server.

Preliminary information.

Before proceeding with the installation, you need to decide on the general scenario for deploying anti-virus protection. There are two main scenarios suggested by the Security Center developers:

  • - deployment of anti-virus protection inside three organizations;
  • - deployment of anti-virus protection for the client organization's network (used by organizations acting as ssrvisnroviders). The same scheme can be used within an organization with several remote subdivisions, whose computer networks are administered independently of the head office network.

In these labs, the first scenario will be implemented. If you plan to use the second one, then you will additionally need to install and configure the Web-Console component. And here it is necessary to say about the architecture of the Security Center. It includes the following components:

  • 1. Administration Server, which carries out the functions of centralized storage of information about the LAN programs installed in the organization's network and their management.
  • 2. Administration agent interacts between the Administration Server and the LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
  • 3. Administration Console provides a user interface for managing the Server. Administration Console is made as a component of an extension to Microsoft Management

Console (MMS). It allows you to connect to the Administration Server both locally and remotely, via a local network or via the Internet.

4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection in the network of a client organization managed by Kaspersky Security Center. The use of this component will not be explored in this lab.

  • 1. Installing and configuring Administration Server and Console.
  • 2. Creation of administration groups and distribution of client computers among them.
  • 3. Remote installation on client computers of the Network Agent and anti-virus programs of the LC.
  • 4. Updating signature databases of LC programs on client computers.
  • 5. Configuring notifications about anti-virus protection events.
  • 6. Launching the on-demand scan task and checking the operation of event notifications on client computers.
  • 7. Analysis of reports.
  • 8. Configuring automatic installation of anti-virus programs on new computers in the network.

This lab will review the implementation of the first stage. In fig. Figure 5.35 shows a diagram of a laboratory bench that simulates a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center Server and Administration Console on the AVServ.

Rice. 5.35.

Table 5.5

Differences in versions of the distribution kit of Kaspersky Security Center 9.0

Component

Full

version

version

Administration Server distribution kit

Kaspersky Endpoint Security for Windows distribution kit

Network Agent distribution kit

Microsoft SQL 2005 Server Express Edition

Microsoft .NET Framework 2.0 SP1

Microsoft Data Access Component 2.8

Microsoft Windows Installer 3.1

Kaspersky Security Center System Health Validator

The Security Center distribution kit can be downloaded from the link http://www.kaspersky.com/downloads-security-center. In this case, you can choose the version of the downloaded distribution - Lite or full. Table 5.5 lists the differences in distributions versions for version 9.0, which was used in the preparation of the descriptions of the laboratory works. To run the lab, you will need the full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.

Work description.

After completing the preparatory steps, launch the Security Center installation program on the AVServ server. After the welcome window, you will be asked for the path to save the files required during the installation process, another welcome window and a window with a license agreement will appear, which must be accepted to continue the installation process.

When choosing the type of installation, mark the "Custom" item, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.

If you select the "Standard" option, the wizard will install the Administration Server together with the server version of Network Agent, Administration Console, application management plug-ins available in the distribution kit, and Microsoft SQL Server 2005 Express Edition (if it has not been installed earlier).

The next step is to select the server components to be installed (Fig. 5.36). We need to install the Administration Server, and leave a check mark on this item.

Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network, will not be used by us.

Also, as part of the laboratory workshop, it is not planned to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components now.


The selected network size affects the setting of values ​​for a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after server installation.

You will also need to specify the account under which the administration server will run, or agree to create a new account (Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), the System Account option may appear in this window. In any case, this entry must have administrator rights, which will be required both for creating a database and for the subsequent operation of the server.

Table 5.6

Parameters set depending on the size of the network

Parameter / number of computers

100-1000

1000-5000

More

Display in the console tree of the node of slave and virtual Administration Servers and all parameters associated with slave and virtual Servers

absent

absent

is present

is present

Displaying sections Security in the properties windows of the Server and administration groups

absent

absent

is present

is present

Creating a Network Agent policy using the Quick Start Wizard

absent

absent

is present

is present

Random distribution of the start time of the update task on client computers

absent

within 5 minutes

in the interval of 10 minutes

in the interval of 10 minutes

Rice. 5.37.

The next step is to select the database server to use (Fig. 5.38). For data storage Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express editions 2005, 2008) or MySQL Enterprise. In fig. 5.38, a the window for selecting the type of DBMS is shown. If the MySQL server is selected, you will need to specify the name and port number for the connection.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work, we will use the recommended configuration, which implies the installation of MS SQL Server 2005 Express along with the installation of the Security Center (Fig.5.38, b).


Rice. 5.38.

After selecting SQL Server as the DBMS used, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

To store installation packages and distribute updates, the administration server will use a shared folder. You can specify an existing folder or create a new one. The default share name is KL8NAKE.


Rice. 5.39.

You can also specify the port numbers used to connect to the Security Center Server. TCP port 14000 is used by default, and TCP port 13000 is used for SSL-secured connections. If you cannot connect to the administration server after installation, you should check if these ports are blocked by the Windows firewall. In addition to those mentioned above, UDP port 13000 is used to transmit information about shutdown of computers to the server.

Next, you will need to specify a method for identifying the administration server. This can be IP address, DNS names, or NetBIOS names. In the virtual network used for the laboratory workshop, a Windows domain is organized and a DNS server is present, so we will use domain names (Figure 5.40).


Rice. 5.40.

The next window allows you to select the plug-ins to be installed to manage the anti-virus programs of the PC. Looking ahead, we can say that the product will be deployed Kaspersky Endpoint Security 8 for Windows, the plug-in for which we will need (Fig. 5.41).


Rice. 5.41.

After that, the selected programs and components will be installed on the server. When the installation is complete, the Administration Console will be launched, or, if you unchecked the checkbox in the last window of the installation wizard, launch it from the Start -> Programs -> Kaspersky Security Center menu.

Exercise 1.

Follow the description to install the Administration Server on the AVServ virtual machine.

Initial server configuration is performed when the console starts. At the first step, you can specify activation codes or license key files for antivirus products in the LC. If you have a "corporate" key for several computers, with the default settings, the key will be automatically distributed by the server to client computers.


Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network (KSN), a remote service for providing access to the Kaspersky Lab knowledge base on the reputation of files, Internet resources and software.

The next step is to configure the settings for notifying the anti-virus protection administrator by e-mail. You must specify the mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the lab does not have a suitable mail server, you can skip this step and make the settings later.

If the Internet is accessed through a proxy server, you will need to specify its parameters. After passing this stage, the automatic creation of standard policies, group tasks and administration tasks will be performed. They will be discussed in more detail in the next laboratory work.


Rice. 5.43.

The next step is to automatically start downloading updates. If the download has started successfully, you can, without waiting for the end of the page, click the Next button and after finishing the initial setup wizard, go to the main window of the Administration Console (Fig. 5.43). It should display that there is one managed computer on the network (along with the Administration Server, the Administration Agent was installed on the AVScrv computer), which does not have anti-virus protection. This is regarded as a critical event.

Task 2.

Complete the initial server setup.

Separately, the administration console can be installed from the Console folder on the distribution disk by running the Setup program. If you are using a distribution kit downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default, this is the C: KSC9 ussianConsole folder.


Rice. 5.44.

Task 3.

Install the Security Center Administration Console on the Stationl .labs.local virtual machine. Check the connectivity to the AVServ.labs.local server. To do this, in the console window, you must specify its address or name (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).


Rice. 5.45.


Rice. 5.46.

If the connection fails, check if the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through the Control Panel: System and Security -> Windows Firewall -> Allow the program to run through Windows Firewall. The corresponding permissive settings must be present, see fig. 5.46 (the names of the rules remain the same as in the previous version of the product - Kaspersky Administration Kit).

This material was prepared for specialists involved in the management of antivirus protection and security at the enterprise.

This page describes and analyzes the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the Central Management Console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists, with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are in the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also common that IT specialists do not know the most interesting points in the operation of new versions of products that really help to make life easier for the same IT specialists, and at the same time improve level of safety and reliability.

After reading this article and watching the videos, you can briefly familiarize yourself with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.

1. Installing the Administration Server of Kaspersky Security Center 10.

The required distributions can be found on the official Kaspersky Lab website:

ATTENTION! The distribution package of the full version of Kaspersky Security Center already includes the distribution package of the latest version of Kaspersky Endpoint Security.

First of all, I would like to tell you about where to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from the installation of the administration server and the central management console of Kaspesky Security Center (KSC ). With the help of this console, you can deploy anti-virus protection on all computers of your institution much faster. In this video you will see that after the installation and minimal configuration of the KSC administration server, it becomes possible to create an antivirus solution installer for client computers that even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains everything 2 buttons - "Install" and "Close".

The administration server itself can be installed on any computer that is always turned on or as accessible as possible, this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you installed the central console before, but in previous versions - you may hear and see something new for yourself ...

LIKE THE VIDEO?
We also do delivery of Kaspersky products... And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not need to pay anything for this miracle of civilization.

In order to "connect" the already installed client antiviruses with the administration server, you need very little:

  • Install the Administration Server (Section 1 of this article).
  • Install the Administration Server Agent (NetAgent) on all computers - I will describe the installation options in the attached video below.
  • After the installation of the administration server agent, computers, depending on your settings, will be either in the "Not distributed computers" section or in the "Managed computers" section. If computers will be in "Not distributed computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.

After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be less infections and less headache for the administrator.

In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.

We reviewed the functionality of Kaspersky Endpoint Security 8, which provides a comprehensive multi-level protection system for computers running Windows operating systems. For centralized management of all deployed copies of Kaspersky Endpoint Security 8 on corporate computers, the Kaspersky Security Center solution is used. In the second part of the review, we will take a closer look at how administration is carried out using the new, ninth version of Kaspersky Security Center and what main features it provides.

The main purpose of Kaspersky Security Center is to provide the administrator with tools for configuring all components of the protection system and access to detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management of a large set of protection tools in an organization provided by Kaspersky Lab. The set of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers, and mobile devices:

  • Kaspersky Endpoint Security 8 for Smartphone
  • Kaspersky Endpoint Security 8 for Windows
  • Kaspersky Endpoint Security 8 for Linux
  • Kaspersky Endpoint Security 8 for Mac
  • Kaspersky Anti-Virus 6.0 for Windows Workstation;
  • Kaspersky Anti-Virus 6.0 Second Opinion Solution;
  • Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition;
  • Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition;
  • Kaspersky Anti-Virus 8.0 for data storage systems;
  • Kaspersky Anti-Virus 8.0 for Linux File Server;
  • Kaspersky Anti-Virus 6.0 for Windows Servers;
  • Kaspersky Anti-Virus 5.7 for Novell NetWare.

Figure 1. Logic of using Kaspersky Security Center when protecting an organization's network

Kaspersky Security Center can operate in two modes - the usual one, which is described in this review, and the mode required for the operation of service providers that provide other organizations with protection of their networks in the form of a SaaS service. This mode requires a special license.

Kaspersky Security Center is not a standalone program, but a set of software tools that includes:

  • administration server is a service responsible for security management. It is the main module of Kaspersky Security Center and stores all information about managed computers in a database (MS SQL Server or MySQL). In addition to the main administration server, you can organize a hierarchical structure of administration servers to work through them with remote parts of the local network or the local network of the serviced organization. This is especially true for companies with a distributed structure. In this case, local users only access their own server.
  • Administration Console - a module implemented as a snap-in for the Microsoft Management Console and designed to manage the administration server;
  • web console - a web application that has a function similar to the administration console. The difference is that the web console allows you to access the administration server through a browser using the web interface. However, in comparison with the same administration console, it has limited management capabilities;
  • Kaspersky Security Center Administration Agent is a program designed for interaction between the Administration Server and client computers. It is installed on client systems and allows you to receive information about the current state of programs and events that occurred on client computers, send and receive control commands, and also ensures the functioning of the update agent.
  • application control modules - modules that are installed on the administrator's workstation. Purpose - to gain access to Kaspersky Lab software products in an organization through the administration console.

Figure 2. Block diagram of interaction of Kaspersky Security Center components

The diagram shows that the administrator can work through the snap-in with several administration servers, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without having to install any modules on it, which can be useful if it is necessary to monitor the security system. This access method is also used when deploying protection in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.

Figure 3. Diagram of using the web console

;

Kaspersky Security Center allows configuring and managing components and settings on client computers. For each user group or a specific user, the administrator can specify various settings for the following components:

  1. Protection components: file antivirus, mail antivirus, web antivirus, IM antivirus, firewall, protection against network attacks, network monitoring, system monitoring.
  2. Control components: application launch control, application activity control, vulnerability scan, device control, web control.

Figure 4. Diagram of components managed by Kaspersky Security Center

The ninth version of Kaspersky Security Center is an evolution of the Kaspersky Administration Kit 8.0 tool. Compared to this, a set of new functions has been added to Kaspersky Security Center. Now it is possible to create virtual administration servers; added control over the operation of the "Application Control", "Vulnerability Control", "Web Control" and "Device Control" components; a web console for managing the administration server through a browser; added functions for managing clients on virtual machines. now it is possible to centrally detect and eliminate vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about monitored computers, generating reports and working with accounts have been significantly expanded.

System requirements

To work with Kaspersky Security Center 9, the computer must meet the general system requirements specified in Table 1.

Table 1. Hardware requirements for running on different operating systems

Operating system version Hardware Requirements
32-bit OS
Microsoft Windows Server 2003 Microsoft Windows Server 2008 deployed in Server Core mode Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1.processor with a frequency of 1 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space.
64-bit OS
Microsoft Windows Server 2003 Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1;processor with a frequency of 1.4 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space.

Since Kaspersky Security Center 9 includes three components - the Administration Server, the Administration Console, and the Web Administration Console Server, for the operation of each of them the following requirements must be met.

Administration Server

  • Microsoft Data Access Components (MDAC) 2.8 or later or Microsoft Windows DAC 6.0.
  • Microsoft Windows Installer 4.5 (for Windows Server 2008 / Windows Vista).

Database Management System

  • Microsoft SQL Server Express 2005, 2008;
  • Microsoft SQL Server 2005, 2008, 2008 R2;
  • MySQL Enterprise.

Administration Console

  • Microsoft Management Console 2.0 or later.
  • Microsoft Internet Explorer 8.0.

Administration web console server

  • Web server: Apache 2.2.
  • Browser - Internet Explorer 7, Firefox 3.6 or Safari 4.

Functionality

The main functions of Kaspersky Security Center are deploying protection on client computers, centralized administration of these applications, and retrieving information about events on protected computers.

Deploying protection

  1. Remote installation and removal of programs for endpoint protection and administration tools.
  2. Deploying third-party products or your own installation packages on protected computers.
  3. The ability to install endpoint protection systems on infected computers.

Administration

  1. Creation of virtual administration servers to ensure protection of physically remote segments of an organization's local network or remote offices.
  2. Formation of a hierarchy of administration groups for "flexible" adjustment of the rules for the operation of various user groups.
  3. Combining a set of rules and settings of various components into policies and flexible application of created policies to regulate the activities of a specific user or group of users. The ability to use both standard policies and the creation of new policies.
  4. Implementation of centralized (if necessary - remote) management of programs for endpoint protection.
  5. Centralized update of databases and protection modules with endpoint protection programs.
  6. Centralized work with files moved to quarantine or backup storage, as well as with objects whose processing has been postponed.
  7. Inventory of hardware devices and software on computers in the organization's local network.
  8. Centralized detection and elimination of vulnerabilities found in the operating system and various software.
  9. Management of Kaspersky Endpoint Security 8 deployed in virtual environments (automatic detection of virtual machines, lifecycle management of virtual machines, optimization of the load on the host server when performing resource-intensive tasks).

Monitoring

  • Obtaining information about critical events on protected computers in real time.
  • Obtaining statistics and reports on all events on protected computers. It is possible to generate reports containing events in each protection component and administrator actions. Reports can be generated on a schedule or at the request of the administrator. If necessary, you can configure sending reports in a convenient format by e-mail.
  • Using the web console allows you to organize access to operational information about the protection status and reports from any computer in the network or remotely.

Also, Kaspersky Security Center now has the ability to manage the protection of virtual workstations. When a new virtual machine appears on the network, it is automatically found, connected to the administration console, and all the necessary protection components are installed on it. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for convenient administration of the virtual infrastructure. Dynamic mode support for Virtual Desktop Infrastructure (VDI) has also been implemented.

Preparation for use

To install Kaspersky Security Center, you need to run the installation file of the application, after which the welcome window of the installation wizard will appear.

Figure 5. The initial window of the Kaspersky Security Center installation wizard

Next, you need to read the license agreement and accept its terms. After that, you need to select the type of installation. A standard installation contains a minimal set of components and is recommended for networks with up to 200 computers. Custom installation allows you to configure additional settings for Kaspersky Security Center and is recommended for networks with more than 200 computers. We select a custom installation and click the "Next" button.

Figure 6. Selecting the type of installation for Kaspersky Security Center

The next step is to select the components to install.

Figure 7. Selecting Kaspersky Security Center components for installation

Figure 8. Selecting the size of the network

At the next step, you need to select an account under which the Administration Server will run on the computer. You can choose from two types of accounts - a system account (not available on Windows Vista and later Microsoft operating systems) or a user account.

Figure 9. Selecting an account under which Kaspersky Security Center will run

After that, you need to select the type of database for the administration server - Microsoft SQL Server (Express Edition) or MySQL. If you select MS SQL Server, if this DBMS is not available, it will be installed. If you choose to run the MySQL DBMS, it must already be installed in the system.

Figure 10. Selecting a database server for Kaspersky Security Center

The next step is to configure the parameters for connecting to a server with a database. And then an account is configured to connect to the server.

Figure 11. Configuring the settings for connecting to a server with a database

After that, you need to determine the location and name of the shared folder in which the installation files and updates will be stored. You can create a new folder or select an existing one.

Figure 12. Creating a shared folder

Next, you must specify the port number for connecting to the administration server (port 14000 is used by default) and the SSL port number for secure connection to the administration server using the SSL protocol (by default, port 13000 is used).

Figure 13. Configuring the settings for connecting to the administration server

After that, you need to set the address of the administration server. The address can be DNS name, NetBIOS name, or IP address.

Figure 14. Setting the address of the administration server

In the next step, you need to select modules for managing programs. We need a module for managing Kaspersky Endpoint Security 8 for Windows, so we select it.

Figure 15. Selecting modules for installation

This completes the configuration process, you can start the installation of the program. Next, you need to restart the operating system, after which the installation can be considered complete.

After installation, you will need to make a number of additional settings - specify the registration key or code, decide on the use of "cloud" technologies, configure sending notifications about events and proxy server settings. After that, you can start working with Kaspersky Security Center.

Working with the product

The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).

Figure 16. Microsoft Management Console snap-in window

The advantage of using the snap-in is the standard interface that Windows administrators are familiar with. In addition, several different snap-ins can be added to one management console. For example, Windows Firewall, the Diskeeper defragmentation program, the Performance snap-in, and Kaspersky Security Center.

Figure 17. An example of creating a management console

The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview pane (console tree), and a workspace. After installing Kaspersky Security Center, we gain access to the administration server, through which we will manage the instances of Kaspersky Endpoint Security 8 installed on computers in the local network.

With a distributed structure of the company, it is necessary to create a set of administration servers that will allow servicing each segment of the network separately, but at the same time, centrally managing everything from one point. This will reduce traffic within the local network, simplify work with remote offices or local network segments. If you have multiple administration servers, you can delegate the security responsibility and authority for managing each virtual server to individual administrators. You can add administration servers from the context menu of the "Kaspersky Security Center" node ("New" - "Kaspersky Administration Server" - "Administration Server ..."). The created hierarchy allows you to create rules for inheriting tasks and policies for different administration servers.

The hierarchy of tools for the administrator's work is shown in Figure 18.

Figure 18. Hierarchy of tools for the administrator's work

The Administration Server can be used as a proxy server for Kaspersky Security Network (KSN); a special service, KSN Proxy, is responsible for this. Its use allows all computers under the control of the administration server to transmit and receive data to the "cloud" even if they do not have access to the Internet. Also, by caching requests, KSN Proxy allows you to reduce the load on the Internet access.

Figure 19. Configuring KSN Proxy parameters

The logic of working with the program when deploying protection and administration is built as follows. First, the administrator configures the administration server settings. After that, administration groups are created in accordance with the logic of the protected network. For example, accounting staff can be prohibited from using any removable media, and programmers can be configured with the most stringent web control parameters.

Computers are added to the created groups, and the Network Agent and Kaspersky Endpoint Security 8 are installed on each computer. Then, security policies are created and configured for each user group. Also, the administrator can create various tasks (virus scan, update, etc.) and set the criteria for their execution (by timer, by event, etc.). After that, work with the program goes into the background - the administrator needs to periodically review reports, respond to threats, add new users for protection and perform other network maintenance work. Let's take a look at how it works.

To manage settings for protection operation on client computers, the Computer Management group is used, which contains four panels: Groups, Policies, Tasks, and Computers.

Figure 20. Group "Computer management"

Creation of administration groups and their configuration

The "Groups" panel contains tools for managing groups of computers on the "Administration Server". These administration groups allow you to organize the hierarchy of computers in the network in order to selectively apply various policies and tasks to them in the future. By default, only one, root, group is available. Using the Create Group and Create Subgroup commands in the Groups panel, you can create the hierarchy of computer groups that your organization needs.

Figure 21. An example of creating administration groups

Through the context menu of the "Managed computers" node (the command "All tasks" - "Create group structure" in the context menu), the hierarchy of computers can be generated automatically. For this, information about the structure of domains and workgroups of the Windows network, Active Directory groups, or the contents of a text file is used.

In the "Groups" panel, you can specify the conditions for installing applications on computers that have newly appeared in the group. You can also specify the criteria by which the user's computer will be assigned the "Warning" or "Critical" status. For example, if the databases were not updated for more than X days or more than Y viruses were found.

Figure 22. Setting the criteria for setting statuses for computers

After the groups have been created and configured, you can start populating the groups with computers. To do this, use the "Computers" panel, where you can add and remove computers on the "Administration Server". You can also view information about each of the computers on the network - its status, the time the signature databases were updated, the number of viruses found, etc.

Figure 23. "Computers" panel with expanded filtering panel

To add a new computer, you need to click on the "Add computers" button, after which a wizard window will appear. The first step is to determine how to add client computers.

Figure 24. Window of the Add Client Computers Wizard

When adding computers manually, you need to specify the ip-address or a range of ip-addresses of computers in the network. You can also import a list from a text file with a list of ip-addresses.

Figure 25. Manually adding new computers

When adding automatically, it is enough to specify the necessary computers from the list of detected computers on the network.

Figure 26. The window for adding computers discovered by the administration server

If, for some reason, computers were not assigned to administration groups, they remain in the folders of the "Uncommon computers" node. You can also apply tasks and configure policies to these computers. These folders also contain new computers found by the Administration Server when polling the Windows network, IP addresses, and Active Directory groups. After finding new computers on the network, the administrator can move them to one of the existing groups.

Installing applications via Kaspersky Security Center

Kaspersky Security Center allows you to install various applications on computers in the local network. These can be Kaspersky Lab applications for client protection or third-party applications. To install the application on client computers, you need to create a task of the appropriate type and specify the computers for which it will run.

Installing applications via Kaspersky Security Center is primarily required for deploying protection on client computers when starting to use Kaspersky Lab solutions in an organization and when adding new computers for protection.

To organize protection on client computers, you first need to install Network Agents and Kaspersky Endpoint Security 8. The installation package is installed using the Remote Installation Wizard, which is launched from the "Groups" panel by clicking the "Start installation" button. Select the administration agent and click the "Next" button.

Figure 27. Selecting the program to install

We indicate that the program is installed "From the shared folder". After the installation of the administration agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when a new computer is added to the network, the administrator will be able to run one task to install the entire list of required programs.

Figure 28. Selecting application installation parameters

In the next step, you can specify accounts with administrator rights.

Figure 29. Selecting accounts with administrator rights on the target computer

After that, you will need to choose whether to restart the computer after installing the program and, if so, whether to do it forcibly or ask the user. This completes the creation of the application installation task and can be launched.

Figure 30. Running the application installation task

If for some reason installation over the network is impossible (for example, the network is disconnected on the computer), then you can create an installation package and provide the user for self-installation.

Choosing Kaspersky Lab products, you get reliable protection of your IT infrastructure and the ability to control security in your company using a single convenient management console Kaspersky Security Center.

  • System administration

Overview

In the past, the IT department had to work with multiple management consoles at the same time to manage multiple security tools, as well as to perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the work of the administrator.

Ease of controls
The main goal of creating Kaspersky Security Center was to simplify and speed up the processes of configuring, launching and managing IT security tools and systems in a complex IT environment. A single management console helps you control all the security and system administration tools you use at Kaspersky Lab. With Kaspersky Security Center, you can control every workplace and every device on your network, centrally solve security problems, and reduce operating costs and increase productivity.

Intuitive interface
When developing Kaspersky Security Center, our specialists tried to provide the user with the most easy-to-use interface with clearly organized dashboards.

Easy installation
Using the setup wizard, you can quickly and easily install and configure Kaspersky Lab security solutions across the entire IT environment.

Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the protection status of the corporate network.

Simple reporting
Kaspersky Security Center allows you to create and configure various reports on the protection status. Reports can be generated both on demand and according to a specified schedule.

Support for multi-platform environments
Working in the Windows operating system, Kaspersky Security Center supports management of many operating systems and platforms, including servers and workstations running Windows, Linux and Novell Netware, as well as mobile devices running Android, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone ...

How to get Kaspersky Security Center

Kaspersky Security Center is included in Kaspersky TOTAL Security for Business and in all Kaspersky Endpoint Security for Business products: START, STANDARD, and ADVANCED. Kaspersky Security Center will include only those management tools that are required to work with the Kaspersky Lab product of your choice. If you decide to upgrade to a higher level of Kaspersky Endpoint Security for Business or to the most complete solution of Kaspersky TOTAL Security for Business, additional management tools will automatically appear in the management console of Kaspersky Security Center.

Workplace protection management

Installation, configuration and management of workplace protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage and protect your business from known and emerging malware, prevent IT security risks and reduce protection costs.

  • Antivirus protection and firewall
    Allows the administrator to audit the use of applications, allow or block their launch.
  • Whitelisting
    Kaspersky Security Center provides flexible options for managing anti-malware protection tools:
    • set and manage security policies for multiple platforms, including Windows, Linux and Mac;
    • configure protection settings for individual devices, groups of servers and workstations;
    • perform anti-virus scans on demand and on schedule;
    • process quarantined objects;
    • manage anti-virus database updates;
    • manage cloud protection of Kaspersky Security Network;
    • configure and manage your firewall and intrusion prevention system (HIPS).
  • Control of applications, devices and Web Control
    Centralized management of IT infrastructure allows you to create security policies and provide additional protection for valuable data, You can set rules for groups and individual users.
    • limit the launch of unwanted applications on your network using Application Control;
    • Create access rules for devices that users connect to the network based on the type or serial number of the device, as well as based on the method of connecting the device;
    • track and control Internet access for the entire enterprise or user groups.
  • File server protection
    A single infected object from the network storage can infect a large number of computers. To avoid this, Kaspersky Security Center allows you to configure and manage all protection functions for file servers.
    • Monitor malware protection for file servers running:
      • Windows;
      • Linux;
      • Novell NetWare.
  • Encryption
    Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.
    • You can create comprehensive policies that control encryption, anti-malware, device and software control, and other desktop security features.
    • You can create comprehensive policies that control encryption, anti-malware, device and software control, and other desktop security features.
      • hard drives (file and folder encryption or full disk encryption);
      • removable devices (file and folder encryption or full disk encryption).

Mobile device management

The demand for access to corporate systems from mobile devices is growing, and Kaspersky Security Center helps to protect them and ensure the safety of using personal devices for work.

  • Mobile protection management
    Kaspersky Security Center helps you deploy and configure protection for mobile devices:
    • customize the protection of mobile workplaces, including the creation of security policies for iOS;
    • install and update software via SMS, e-mail messages or through users' computers;
    • Track whether all users have fully deployed protections to their devices.
    • manage access to the corporate network;
    • set policies for groups or individual users using Active Directory;
    • configure ActiveSync settings.
  • Malware protection
    Kaspersky Lab technologies provide comprehensive protection of mobile devices against malware, and Kaspersky Security Center helps to flexibly manage the functions of this protection:
    • Perform malware checks on demand and on schedule.
    • use anti-spam tools to filter out unwanted calls and text messages (except for iOS).
  • Mobile App Management
    Kaspersky Security Center allows you to control which applications can be launched on a user's mobile device running Android:
    • use the "Permission by default" mode to prohibit the launch of only applications from the black list;
    • use the "Deny by default" mode to allow launching only programs from the white list;
    • create a policy to control cases of unauthorized flashing of devices
  • Data encryption on mobile devices
    In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:
    • manage full disk encryption on iOS devices;
    • configure encryption of files and folders.
  • Containers
    Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:
    • configure containers to completely isolate corporate data from personal data on the user's device;
    • manage container encryption;
    • control access of programs to certain resources on a mobile device;
    • set restrictions on access to data;
    • use remote troubleshooting tools when you encounter problems with applications or containers.
  • Anti-Thief
    Remote management using Kaspersky Security Center allows you to still control some important functions in the event of a loss or theft of a mobile device:
    • remote blocking will prevent unauthorized access to your corporate network;
    • the search function allows you to determine the approximate location of the missing mobile device;
    • the purge function gives you the option of deleting corporate data or resetting it to factory defaults at your choice.

When purchasing Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Security for Mobile Devices, all options for managing mobile devices will be available in Kaspersky Security Center. Thus, you can use a single console to manage your mobile devices, workplace protection and many other Kaspersky Lab technologies.

System administration tools

In addition to granular control over IT infrastructure security, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and improve productivity and reduce operating costs.

  • Deploying OS and Programs
    Kaspersky Security Center allows you to manage OS and application images: create, quickly copy and deploy.
  • Installing the software
    The remote software installation function in Kaspersky Security Center saves administrators' time and helps to reduce the volume of traffic transmitted over the corporate network.
    • software deployment on demand or on schedule.
    • Using dedicated update servers
  • License management and accounting of hardware and software
    Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:
    • Track all devices on your network with automatic hardware inventory;
    • monitor application usage and track license upgrade problems using summary reports generated by Kaspersky Security Center.
  • Vulnerability monitoring
    After inventorying your hardware and software, you can search for vulnerabilities in operating systems and applications that have not been patched:
    • generate detailed reports on vulnerabilities;
    • Perform vulnerability assessments and prioritize patching.
  • Patch installation management
    Having discovered vulnerabilities, you can efficiently organize the distribution of the most important fixes using Kaspersky Security Center:
    • manage the download of patches from Kaspersky Lab servers;
    • Manage the installation of Microsoft updates and patches on computers on your network.
  • Network access control
    Network Access Control not only automatically discovers devices on the corporate network, but also simplifies setting policies for guest mobile devices:
    • manage policies for granting access to your corporate network from various devices;
    • manage guest access to the Internet and corporate network resources.

All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business or Kaspersky Systems Management.

Full list of supported apps:

Kaspersky Security Center manages the operation of the following Kaspersky Lab solutions for protection against information threats:

  • protection of mobile devices:
    • Kaspersky Endpoint Security for Smartphone
  • protection of workstations:
    • Kaspersky Endpoint Security for Linux
    • Kaspersky Endpoint Security for Mac
    • Kaspersky Anti-Virus 6.0 for WindowsWorkstationsMP4
    • Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
  • server protection:
    • New! Kaspersky Endpoint Security for Windows
    • Kaspersky Anti-Virus for Windows Servers Enterprise Edition
    • Kaspersky Anti-Virus for data storage systems
    • Kaspersky Anti-Virus for Linux File Server
    • Kaspersky Anti-Virus 6.0 for WindowsServersMP4
    • Kaspersky Anti-Virus 5.7 for Novell NetWare
  • protection of virtual environments:
    • New! Kaspersky Security for Virtualization

Please note that support for some versions of security solutions for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations under Linux, is still supported using Kaspersky Administration Kit, the previous version of the centralized security management tool.

System requirements

Administration Server

Software requirements: Hardware Requirements:
  • Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0
  • Microsoft® Windows® Installer 4.5 (for Windows Server® 2008 / Windows Vista®)
    		•
    Database management system:
  • Microsoft® SQL Server Express 2005, 2008
  • Microsoft® SQL Server® 2005, 2008, 2008 R2
  • MySQL Enterprise
    		•
    32-bit OS:
  • 512 MB RAM
    		•
    64-bit OS:
  • Windows Server 2003
    		•
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration Console

    Software requirements: Hardware Requirements:
  • Microsoft® Management Console 2.0 or later
  • Microsoft® Internet Explorer® 8.0
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • 1 GHz processor or faster
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • 1.4 GHz processor or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    Administration Web Console Server

    Software requirements: Hardware Requirements:
  • Web server: Apache 2.2
    		•
    32-bit OS:
  • Windows Server 2003 (including Windows Small Business Server 2003)
  • Windows Server 2008 (including Core mode)
  • Windows XP Professional SP2 / Vista SP1 / 7 SP1
    		•
  • 1 GHz processor or faster
  • 512 MB RAM
  • 1 GB free hard disk space
    		•
    64-bit OS:
  • Windows Server 2003
  • Windows Server 2008 SP1 (including Windows Small Business Server 2008 and Core mode)
  • Windows Server 2008 R2 (including Windows Small Business Server 2011 and Core mode)
  • Windows XP Professional / Vista SP1 / 7 SP1
    		•
  • 1.4 GHz processor or higher
  • 512 MB RAM
  • 1 GB free hard disk space
    		•

    All features of Kaspersky Security Center are included in Kaspersky TOTAL Security for Business. When using other Kaspersky Lab products, the set of capabilities of Kaspersky Security Center will depend on the functionality of the selected solution.

    Read also

    Liked? Like us on Facebook