ebook img

SafeGuard PortProtector Installation guide PDF

100 Pages·2010·2.57 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview SafeGuard PortProtector Installation guide

SafeGuard PortProtector 3.30 SP6 Installation guide Document date: March 2010 ® SafeGuard PortProtector 3.30, Installation guide Important Notice This guide is delivered subject to the following conditions and restrictions:  This guide contains proprietary information belonging to Sophos. Such information is supplied solely for the purpose of assisting explicitly and properly authorized SafeGuard PortProtector users.  No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any means, electronic or mechanical, without the express prior written permission of Sophos.  The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to change without notice.  The software described in this guide is furnished under a license. The software may be used or copied only in accordance with the terms of that agreement.  Information in this guide is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted.  The information in this document is provided in good faith but without any representation or warranty whatsoever, whether it is accurate, or complete or otherwise and on express understanding that Sophos shall have no liability whatsoever to other parties in any way arising from or relating to the information or its use.  SafeGuard PortProtector and SafeGuard PortAuditor are OEM versions of Safend Protector and Safend Auditor from Safend. Therefore some screenshots throughout this manual may still contain the Safend branding but mean the same as within the SafeGuard OEM version. Boston, USA | Oxford, UK © Copyright 2010. Sophos. All rights reserved. All trademarks are the property of their respective owners. Other company and brand products and service names are trademarks or registered trademarks of their respective holders. 2 ® SafeGuard PortProtector 3.30, Installation guide About This Guide This Installation Guide is comprised of the following chapters:  Chapter 1, Installation Workflow, suggests workflow for using the SafeGuard PortProtector solution to protect your organization's endpoints.  Chapter 2, Preparing for Installation, describes the SafeGuard PortProtector architecture and the SafeGuard PortProtector installation workflow. It then describes the system requirements and prerequisites for installation and all the preparations that need to take place before installing SafeGuard PortProtector.  Chapter 3, Installing SafeGuard PortProtector Management Server, describes how to install, restore and upgrade the SafeGuard PortProtector Management Server, and how to launch the SafeGuard PortProtector Management Console.  Chapter 4, Installing SafeGuard PortProtector Management Console, describes how to install SafeGuard PortProtector Management Console.  Chapter 5, Installing SafeGuard PortProtector Client, describes the various methods for installing, or deploying, SafeGuard PortProtector Client. It also explains how to uninstall and upgrade SafeGuard PortProtector Client.  Appendix A - OPSEC™ Interoperability, describes Check Point's OPSEC™ and how it interfaces with SafeGuard PortProtector.  Appendix B - NAC Interoperability, describes Cisco's NAC and how it interfaces with SafeGuard PortProtector. 3 ® SafeGuard PortProtector 3.30, Installation guide Contents 1 Installation Workflow ....................................................................................................................... 5 2 Preparing for Installation .................................................................................................................. 8 3 Installing SafeGuard PortProtector Management Server ............................................................. 12 4 Installing SafeGuard PortProtector Management Console .......................................................... 42 5 Installing SafeGuard PortProtector Client .................................................................................... 54 6 Appendix A - OPSEC™ Interoperability ........................................................................................ 81 7 Appendix B - NAC Interoperability ............................................................................................... 94 4 ® SafeGuard PortProtector 3.30, Installation guide 1 Installation Workflow About This Chapter Before installing SafeGuard PortProtector V3.3, it is important to fully understand the implementation process of the SafeGuard PortProtector solution. This chapter suggests a workflow for using the SafeGuard PortProtector solution to protect your organization's data. It contains the following section:  SafeGuard PortProtector Implementation Workflow describes the workflow for implementing and using SafeGuard PortProtector. 5 ® SafeGuard PortProtector 3.30, Installation guide 1.1 SafeGuard PortProtector Implementation Workflow The following is an overview of the workflow for implementing and using SafeGuard PortProtector. 6 ® SafeGuard PortProtector 3.30, Installation guide Step 1: Install the SafeGuard PortProtector Management Server and Console, as described in Chapter 2, Preparing for Installation and Chapter 3,  Installing SafeGuard PortProtector Management Server.  Step 2: Install Additional Management Consoles, as described in Chapter 4, Installing SafeGuard PortProtector Management Console.  Step 3: Define General SafeGuard PortProtector Administration Settings, such as the method in which policies are published, as described in Chapter 7, Administration in SafeGuard PortProtector User help.  Step 4: Scan Computers and Detect Port/Device Usage. Use SafeGuard PortAuditor to detect the ports that have been used in your organization and the devices and WiFi networks that are or were connected to these ports, as described in SafeGuard PortAuditor User help.  Step 5: Define SafeGuard PortProtector Policies. In this stage you define the blocked, allowed and restricted ports, devices and WiFi networks according to the security and productivity requirements of your organization as described in Chapter 3, Defining Policies in SafeGuard PortProtector User help.  Step 6: Install SafeGuard PortProtector Client on Endpoints, as described in Chapter 5,  Installing SafeGuard PortProtector Client.  Step 7: Distribute SafeGuard PortProtector Policies to Endpoints: in this stage, you can either associate policies to users and computer and distribute directly to endpoints (via SSL), or use Active Directory's GPO feature to distribute SafeGuard PortProtector Policies or any other third-party tool, as described in Chapter 4, Distributing Policies in SafeGuard PortProtector User help.  Step 8: Endpoints are Protected by SafeGuard PortProtector Policies: in this stage, only approved devices and WiFi networks can be used, through permitted ports. Logs about port, device and WiFi network use and attempted use, as well as tampering attempts, are created and sent to the Management Server as described in Chapter 8, End-User Experience in SafeGuard PortProtector User help.  Step 9: Monitoring Logs and Alerts, view and export the log entries generated by SafeGuard PortProtector Clients, as described in Chapter 5, Viewing Logs in SafeGuard PortProtector User help. 7 ® SafeGuard PortProtector 3.30, Installation guide 2 Preparing for Installation About This Chapter This chapter first describes the SafeGuard PortProtector architecture and the SafeGuard PortProtector installation workflow. It then specifies the system requirements and prerequisites for installing the different components of SafeGuard PortProtector, followed by instructions on how to prepare the network for installation. It contains the following sections:  System Requirements, page 9, describes the system requirements for each one of the SafeGuard PortProtector components.  Preparing your Network, page 10, describes the preparation that needs to be done on your network in order to allow the different SafeGuard PortProtector components to communicate without interruptions.  Tips on preparing your Endpoints, page 11, describes the preparation that needs to be done on your endpoints before installing SafeGuard PortProtector in order to optimize the security of your network. 8 ® SafeGuard PortProtector 3.30, Installation guide 2.1 System Requirements Following are the system requirements for the various system components: SafeGuard PortProtector SafeGuard PortProtector SafeGuard PortProtector Client Requirements Console Requirements Server Requirements Operating  Windows XP  Windows XP  Windows XP System Professional (SP 1-3) Professional (SP 2) Professional (SP2 – not supported  Windows XP 64 bit  Windows 2003 Server for production Professional (SP 2-3) – (SP 1-2) environments) note that there is a separate MSI from  Windows 2003 Server version 3.2 for 64 bit (SP 1-2) OS  Windows 2003 Server (SP 1-2)  Windows 2000 SP4 Rollup 1  Windows Vista Business/Enterprise /Ultimate (SP 1-2) 32- bit  Windows 7 Business/ Enterprise/Ultimate 32-bit Hardware  Pentium 800 MHz  Pentium 800 MHz The server hardware requirements depend on  256 MB RAM  256 MB of RAM the number of installed  50 MB HDD space  50 MB HDD space SafeGuard PortProtector clients. To obtain the specifications suitable for your organization, please contact your local Sophos reseller or Sophos support at ® SafeGuard PortProtector 3.30, Installation guide 2.2 Preparing your Network Before installing the system, be sure to enable the following communications in your network and personal firewalls. To prepare your network: 1 In order to communicate freely between the SafeGuard PortProtector management Server and the SafeGuard PortProtector Clients, make sure that the SSL port is open in your network firewall. Sophos typically uses port 443 (SSL standard) for this. If you have chosen otherwise, make sure to allow this port in your firewall. 2 In order for the SafeGuard PortProtector Management Console to be able to control clients (send control commands to clients to send their logs and update their policy), it needs WMI ports to be open on the personal firewalls of each endpoint. WMI uses port 135 and a series of random ports. 2.2.1 Opening WMI ports on Windows XP (SP2) Firewall If you are using Windows XP (SP2) firewall as the personal firewall on your endpoints, you can use the GPO mechanism to configure endpoints to accept incoming WMI communications. The following section is quoted from Microsoft documentation. "Without configured exceptions, Windows Firewall will drop traffic for server, peer, or listener applications and services. Therefore, it is likely you will want to configure Windows Firewall for exceptions to ensure that the Windows Firewall works appropriately for your environment. Windows Firewall settings are available for Computer Configuration only. They are located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall. Identical sets of policy settings are available for two profiles:  Domain profile. Used when computers are connected to a network that contains your organization’s Active Directory domain.  Standard profile. Used when computers are not connected to a network that contains your organization’s Active Directory domain, such as a home network or the Internet. The relevant policy setting for WMI is: Windows Firewall: Allow remote administration exception This allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using RPC and DCOM. The default is Not Configured". 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.