Administration console ksc. Installing Kaspersky Security Center

Goal of the work.

This lab is devoted to installing the Security Center anti-virus protection management server.

Preliminary information.

Before you begin installation, you need to decide on the general scenario for deploying anti-virus protection. Two main scenarios offered by Security Center developers:

• - deployment of anti-virus protection within the organization;
• - deployment of anti-virus protection of the client organization’s network (used by organizations acting as service providers). The same scheme can be used within an organization that has several remote divisions, the computer networks of which are administered independently of the head office network.

In these laboratory works the first scenario will be implemented. If you plan to use the second one, you will additionally need to install and configure the Web-Console component. And here we need to talk about the architecture of the Security Center. It includes the following components:

• 1. Administration server, which performs the functions of centralized storage of information about the LC programs installed in the organization’s network and their management.
• 2. Network Agent carries out interaction between the Administration Server and LC programs installed on the computer. There are versions of the Agent for different operating systems - Windows, Novell and Unix.
• 3. Administration Console provides a user interface for managing the Server. The administration console is designed as an extension component to Microsoft Management

Console (MMC). It allows you to connect to the Administration Server both locally and remotely, via a local network or the Internet.

4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection of the client organization's network, which is managed by Kaspersky Security Center. The use of this component will not be studied in this laboratory workshop.

• 1. Installation and configuration of the Server and Administration Console.
• 2. Creation of administration groups and distribution of client computers among them.
• 3. Remote installation of Network Agent and LC anti-virus programs on client computers.
• 4. Updating signature databases of LC programs on client computers.
• 5. Configuring notifications about anti-virus protection events.
• 6. Launch the on-demand scan task and check the operation of event notifications on client computers.
• 7. Analysis of reports.
• 8. Configuring automatic installation of anti-virus programs on new computers on the network.

This lab will cover the implementation of the first stage. In Fig. Figure 5.35 shows a diagram of a laboratory bench simulating a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the Security Center server and administration console on the AVServ server.

Rice. 5.35.

Table 5.5

Differences in Kaspersky Security Center 9.0 distribution versions

Component	Full
	version	version
Administration Server distribution package
Kaspersky Endpoint Security for Windows distribution kit
Network Agent distribution
Microsoft SQL 2005 Server Express Edition
Microsoft .NET Framework 2.0 SP1
Microsoft Data Access Component 2.8
Microsoft Windows Installer 3.1
Kaspersky Security Center System Health Validator

The Security Center distribution package can be downloaded from the link http://www.kaspersky.ru/downloads-security-center. In this case, you can choose the version of the downloaded distribution - Lite or full. In table Table 5.5 lists the differences between the distribution versions for version 9.0, which was used to prepare descriptions of laboratory work. To complete the laboratory, you will need the full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.

Description of work.

After completing the preparatory steps, launch the Security Center installation program on the AVServ server. After the welcome window, you will be asked for the path to save the files needed during the installation process, another welcome window will appear and a window with a license agreement that must be accepted to continue the installation process.

When choosing the installation type, select the “Custom” option, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.

If you select the “Standard” option, then as a result of the wizard, Administration Server will be installed along with the server version of Network Agent, Administration Console, application management plugins available in the distribution package, and Microsoft SQL Server 2005 Express Edition (if it has not been installed previously).

The next step is to select the server components to install (Fig. 5.36). We need to install the Administration Server, and leave this checkbox unchecked.

We will not use Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network.

Also, as part of the laboratory workshop, there are no plans to deploy anti-virus protection on mobile devices (such as smartphones), so we are not installing these components at this time.

The selected network size affects the setting of the values ​​of a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after installing the server.

You will also need to specify the account under which the administration server will be launched, or agree to the creation of a new account (Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), this window may have a System Account option. In any case, this entry must have administrator rights, which is required both for creating the database and for subsequent operation of the server.

Table 5.6

Settings based on network size

Parameter / number of computers		100-1000	1000-5000	More
Displaying in the console tree the node of slave and virtual Administration Servers and all parameters associated with slave and virtual Servers	absent	absent	present	present
Displaying Sections Safety in the properties windows of the Server and administration groups	absent	absent	present	present
Creating a Network Agent policy using the Initial Configuration Wizard	absent	absent	present	present
Random distribution of update task launch time on client computers	absent	within 5 minutes	within 10 minutes	within 10 minutes

Rice. 5.37.

The next step is to select the database server to use (Fig. 5.38). To store data, Security Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express 2005, 2008 editions) or MySQL Enterprise. In Fig. 5.38, A the DBMS type selection window is shown. If the MySQL server is selected, you will need to specify the name and port number to connect.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work we will use the recommended configuration, which involves installing MS SQL Server 2005 Express along with the Security Center installation (Fig. 5.38, b).

Rice. 5.38.

After selecting SQL Server as the DBMS to use, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

To store installation packages and distribute updates, the administration server will use a shared folder. You can specify an existing folder or create a new one. The default share name is KL8NAKE.

Rice. 5.39.

You also have the option to specify the port numbers used to connect to the Security Center server. By default, TCP port 14000 is used, and for a connection protected using the SSL protocol, TCP port 13000 is used. If after installation you cannot connect to the administration server, you should check whether these ports are blocked by the Windows firewall. In addition to those mentioned above, UDP port 13000 is used to transmit information about shutting down computers to the server.

Next, you will need to specify the method for identifying the administration server. This could be an IP address, DNS or NetBIOS names. The virtual network used for the laboratory workshop has a Windows domain and a DNS server, so we will use domain names (Fig. 5.40).

Rice. 5.40.

The next window allows you to select installed plugins for managing LC antivirus programs. Looking ahead, we can say that the Kaspersky Endpoint Security 8 for Windows product will be deployed, the plugin for which we will need (Fig. 5.41).

Rice. 5.41.

After this, the selected programs and components will be installed on the server. Once the installation is complete, the administration console will launch or, if you unchecked the last window of the installation wizard, launch it from the Start menu -> Programs -> Kaspersky Security Center.

Exercise 1.

Install the administration server on the AVServ virtual machine as described.

When you launch the console, the initial server setup is performed. In the first step, you can specify activation codes or license key files for LC antivirus products. If you have a “corporate” key for several computers, with default settings the key will be automatically distributed by the server to client computers.

Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network (KSN), a remote service that provides access to Kaspersky Lab’s knowledge base about the reputation of files, Internet resources and software.

The next step is to configure settings for notifying the anti-virus protection administrator by email. You must specify the mailing address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If your lab does not have a suitable mail server, you can skip this step and make the settings later.

If you access the Internet through a proxy server, you will need to specify its parameters. After completing this stage, standard policies, group tasks and administration tasks will be automatically created. They will be discussed in more detail in the following labs.

Rice. 5.43.

The next step is to automatically start downloading updates. If the download has started successfully, you can, without waiting for the completion, click the “Next” button and after finishing the initial setup wizard, go to the main window of the Administration Console (Fig. 5.43). It should display that there is one managed computer on the network (along with the administration server, an administration agent was installed on the AVScrv computer), which does not have anti-virus protection. This is considered a critical event.

Task 2.

Perform the initial server setup.

The administration console can be installed separately from the Console folder of the distribution disk by running the Setup program. If you are using a distribution package downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default this is the C:KSC9 ussianConsole folder.

Rice. 5.44.

Task 3.

Install the Security Center administration console on the Stationl .labs.local virtual machine. Check connectivity to the AVServ.labs.local server. To do this, you must indicate its address or name in the console window (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).

Rice. 5.45.

Rice. 5.46.

If the connection fails, check whether the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through Control Panel: System and Security -> Windows Firewall -> Allow a program to run through Windows Firewall. The corresponding resolution settings must be present, see fig. 5.46 (the names of the rules remained as in the previous version of the product - Kaspersky Administration Kit).

Regardless of whether you manage ten or several thousand desktops as part of a centralized, distributed or mixed IT infrastructure, installation, configuration and administration of all Kaspersky Lab security solutions is carried out through a single management console.

Centralized management. Scalability. Flexibility

Kaspersky Security Center allows you to provide effective mobile device management (MDM) across platforms, vulnerability monitoring and patch management, as well as control over the devices and applications allowed on your corporate network.

Kaspersky Security Center supports multi-level protection and management technologies that are activated through a single, convenient console. Kaspersky Security Center allows you to easily scale your protection system and add new tools and functions to it - both in small, rapidly growing companies and in large corporations with complex distributed IT infrastructure. Each subsequent level of the Kaspersky Security for Business solution opens up additional protection and management capabilities within a single platform - in accordance with your current needs.

Levels of Kaspersky Security for Business: consistent expansion of functionality

	Malware protection	Control of applications, devices, web control	Mobile Device Security	Data encryption	System administration	Protecting mail servers, Internet gateways and collaboration servers
STARTING
STANDARD
ADVANCED
TOTAL SECURITY

All-round protection. Full control

Centralized management allows you to increase the transparency of the corporate IT infrastructure, optimize costs and achieve maximum efficiency in managing the security system. Tightly integrated functions and tools within Kaspersky Security Center (KSC) provide effective management of all technologies implemented in a single Kaspersky Lab security platform.

• Deploying, configuring and managing endpoint protection from a single center allows you to ensure reliable and up-to-date protection for every endpoint and device in the corporate network.
• Mobile device security and management tools allow you to centrally manage the security of mobile devices across platforms through the same single console that you use to manage endpoint security. This greatly simplifies monitoring and control of the security of corporate IT infrastructure without the need for additional effort or technology.
• Vulnerability monitoring and patch management enable you to quickly detect vulnerabilities, prioritize them, and centralize patching. Administrators have complete information about detected vulnerabilities. Patches and updates can be installed automatically in the shortest possible time, which increases the level of security of the entire IT infrastructure.
• Centralized web, program and device controls help regulate and limit the use of unwanted or unsafe devices, programs and web resources.
• Centralized management of encryption technologies provides an additional layer of security, helping to combat the growing threat of data loss due to device theft or malicious attack.
• Advanced management capabilities include automated, centralized security administration, including hardware and software accounting, OS and application imaging, as well as remote software installation and remote troubleshooting.
• Support for workstations, mobile devices and virtual machines makes it possible to manage the protection of the entire IT infrastructure through a single console, providing effective monitoring and complete control of the corporate network.

Main features and benefits of Kaspersky Security Center

OPTIMUM DEFAULT SETTINGS
They are especially relevant for small companies that do not always have enough IT resources to perform additional administration tasks. Use the settings recommended by our experts, or choose those that are necessary for you.

SUPPORT FOR MULTI-PLATFORM ENVIRONMENTS
Security management of physical (Windows®, Linux®, Mac), mobile (Android™, iOS, Windows Phone) and virtual devices as part of the corporate IT infrastructure is carried out through a single console.

SCALABLE PROTECTION FOR COMPANIES OF ANY SIZE
Support for up to a million Active Directory® objects, as well as role-based administrator rights and configuration profiles, provide flexible operation of the solution in complex environments.

WIDE INTEGRATION OPPORTUNITIES
Integration with major SIEM systems for reporting and security. Integration with external NAC systems including Cisco® NAC, Microsoft® NAP and SNMP server.

REMOTE OFFICE SUPPORT
Traffic optimization and flexible patch distribution. A local workstation can act as an update agent for an entire remote office, enabling remote deployment of updates and reducing traffic between offices.

DETAILED REPORTS
A wide range of predefined report templates, with the ability to customize and generate individual reports. Additional dynamic filtering and sorting of reports by any parameters.

WEB CONSOLE
Allows for effective remote management of the security of workplaces and mobile devices.

VIRTUALIZATION SUPPORT
Recognize virtual machines and balance the load during periods of intensive work, as well as prevent anti-virus storms that reduce performance - all through a single management console.


HOW TO PURCHASE

Kaspersky Security Center is included at all levels of the line, as well as a number of solutions for protecting individual network nodes.

For consultation and to receive a commercial offer, send a request to: [email protected]

Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks and centrally manages various security tools

Application

Many large organizations create corporate networks between devices to facilitate data transfer and management. Such solutions are very smart, however, we should not forget about certain threats and it is worth thinking about security. Kaspersky Security Center from Kaspersky Lab does an excellent job of this task.

Benefits of the program

This tool generates a common control center for a system of devices used by all members of the organization. The software is universal, compatible with both computers and mobile devices. The system is entirely under the control of the device administrator, who protects it from viruses and various threats. The implementation of protection occurs at different stages, since it is complex.

The Control Center is responsible for monitoring the activities of programs, their opening and blocking of harmful software. It influences all applications and programs installed on computers that are connected to the corporate network. The administrator controls user actions, either by adjusting their own security settings or using standard templates.

Kaspersky Security Center constantly checks the system for weaknesses, updates security components, and monitors the availability of updates for running software. When checking the system, the program provides reports on its actions. Reports are generated automatically when regular checking is activated, but the tool is able to generate them upon user request and translate them into PDF, HTML and XML files.

The intuitive interface that the program is equipped with makes the user's work easier.

Key Features:

• Protection for both desktop and mobile devices.
• Supports devices with different operating systems.
• Control is carried out either by several users or by one administrator.
• Blocking unwanted software.
• Convenient security policy settings, the ability to use both standard profiles and create your own.

This material was prepared for specialists involved in managing anti-virus protection and security in an enterprise.

This page describes and discusses the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also often the case that IT specialists do not know the most interesting aspects in the work of new versions of products that really help make life easier for these same IT specialists, and at the same time increase level of safety and reliability.

After reading this article and watching the videos, you can briefly familiarize yourself with the most interesting functionality that the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console provides and see how it works.

1. Installation of the Kaspersky Security Center 10 administration server.

You can find the necessary distribution kits on the official Kaspersky Lab website:

ATTENTION! The distribution package of the full version of Kaspersky Security Center already includes the distribution package of Kaspersky Endpoint Security of the latest version.

First of all, I would like to talk about where to start installing anti-virus protection from Kaspersky Lab: Not with the anti-viruses themselves on client computers, as it might seem at first glance, but with the installation of the administration server and the central management console Kaspesky Security Center (KSC ). Using this console, you can deploy anti-virus protection on all computers in your organization much faster. In this video you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer for an anti-virus solution for client computers, which even a completely untrained user can install (I think every administrator has such “users”) - the installation interface contains only 2 buttons - “Install” and “Close”.

The administration server itself can be installed on any computer that is always on or is maximally accessible; this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but from previous versions - perhaps you will hear and see something new for yourself...

DID YOU LIKE THE VIDEO?
We do the same supply of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not have to pay anything for this miracle of civilization.

In order to “link” already installed client antiviruses with the administration server, you need very little:

• Install the administration server (First section of this article).
• Install the administration server agent (NetAgent) on all computers - I will tell you about the installation options in the attached video below.
• After installing the administration server agent, the computers, depending on your settings, will be either in the “Non-distributed computers” section or in the “Managed computers” section. If the computers are in “Not distributed computers”, they will need to be transferred to “Managed computers” and configure a policy that will apply to them.

After these steps, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be fewer infections and less headaches for the administrator.

In the video below, I will try to describe scenarios for installing NetAgents on client computers, depending on how your network is structured.

We looked at the functionality of Kaspersky Endpoint Security 8, which provides a comprehensive multi-level protection system for computers running Windows operating systems. To centrally manage all deployed copies of Kaspersky Endpoint Security 8 on an organization's computers, the Kaspersky Security Center solution is used. In the second part of the review, we will look in detail at how administration occurs using the new, ninth version of Kaspersky Security Center and what main capabilities it provides.

The main purpose of Kaspersky Security Center is to provide the administrator with tools for configuring all components of the security system and access to detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management of a large set of security tools in an organization, provided by Kaspersky Lab. The range of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers and mobile devices:

• Kaspersky Endpoint Security 8 for Smartphone;
• Kaspersky Endpoint Security 8 for Windows;
• Kaspersky Endpoint Security 8 for Linux;
• Kaspersky Endpoint Security 8 for Mac;
• Kaspersky Anti-Virus 6.0 for Windows Workstation;
• Kaspersky Anti-Virus 6.0 Second Opinion Solution;
• Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition;
• Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition;
• Kaspersky Anti-Virus 8.0 for data storage systems;
• Kaspersky Anti-Virus 8.0 for Linux File Server;
• Kaspersky Anti-Virus 6.0 for Windows Servers;
• Kaspersky Anti-Virus 5.7 for Novell NetWare.

Figure 1. Logic of using Kaspersky Security Center to protect an organization’s network

Kaspersky Security Center can operate in two modes - the usual one, which is described in this review, and the mode necessary for the work of service providers who provide other organizations with protection of their networks in the form of a SaaS service. This mode requires a special license.

Kaspersky Security Center is not a separate program, but a set of software tools that includes:

• Administration server – a service responsible for security management. It is the main module of Kaspersky Security Center and stores all information about managed computers in a database (MS SQL Server or MySQL). In addition to the main administration server, you can organize a hierarchical structure of administration servers to work through them with remote parts of the local network or the local network of the serviced organization. This is especially true for companies whose structure is distributed. In this case, local users access only their server.
• administration console – a module implemented as a snap-in for the Microsoft Management Console and intended for managing the administration server;
• web console – a web application that has a purpose similar to the administration console. The difference is that the web console allows you to access the administration server through a browser using the web interface. However, compared to the same administration console, it has limited management capabilities;
• Kaspersky Security Center Administration Agent is a program designed for interaction between the administration server and client computers. It is installed on client systems and allows you to receive information about the current state of programs and events that occurred on client computers, send and receive control commands, and also ensures the functioning of the update agent.
• program management modules – modules that are installed on the administrator’s workstation. The purpose is to gain access to Kaspersky Lab software products in an organization through the administration console.

Figure 2. Block diagram of interaction between Kaspersky Security Center components

The diagram shows that the administrator has the ability to work through the snap-in with several administration servers, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without having to install any modules on it, which can be useful when it is necessary to monitor the security system. This access method is also used when deploying protection in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.

Figure 3. Web console usage diagram

;

Kaspersky Security Center allows you to configure and manage components and settings on client computers. For each user group or specific user, the administrator can specify different settings for the following components:

1. Protection components: file antivirus, mail antivirus, web antivirus, IM antivirus, firewall, protection against network attacks, network monitoring, system monitoring.
2. Control components: program launch control, program activity control, vulnerability scan, device control, web control.

Figure 4. Diagram of components managed by Kaspersky Security Center

The ninth version of Kaspersky Security Center is a development of the Kaspersky Administration Kit 8.0 tool. In comparison, a set of new functions has been added to Kaspersky Security Center. It has become possible to create virtual administration servers, control over the operation of the Application Control, Vulnerability Control, Web Control and Device Control components has been added; a web console has appeared for managing the administration server via a browser; functions for managing clients on virtual machines have been added, it became possible to centrally detect and eliminate vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about controlled computers, creating reports and working with accounts have been significantly expanded.

System requirements

To work with Kaspersky Security Center 9, your computer must meet the general system requirements listed in Table 1.

Table 1. Hardware requirements for working on different operating systems

Operating system version	Hardware requirements
32-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1.	processor with a frequency of 1 GHz or higher; 512 MB RAM; 1 GB of free hard disk space.
64-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1;	processor with a frequency of 1.4 GHz or higher; 512 MB RAM; 1 GB of free hard disk space.

Since Kaspersky Security Center 9 includes three components - the administration server, the administration console and the web administration console server, for each of them to work, the following requirements must be met.

Administration Server

• Microsoft Data Access Components (MDAC) 2.8 or higher or Microsoft Windows DAC 6.0.
• Microsoft Windows Installer 4.5 (for Windows Server 2008 / Windows Vista).

Database Management System

• Microsoft SQL Server Express 2005, 2008;
• Microsoft SQL Server 2005, 2008, 2008 R2;
• MySQL Enterprise.

Administration Console

• Microsoft Management Console 2.0 or later.
• Microsoft Internet Explorer 8.0.

Server web administration console

• Web server: Apache 2.2.
• Browser – Internet Explorer 7, Firefox 3.6 or Safari 4.

Functionality

The main functions of Kaspersky Security Center are to deploy protection on client machines, centralize the administration of these programs, and receive information about events on protected computers.

Deployment of protection

1. Remote installation and removal of endpoint protection software and administrative tools.
2. Deployment of third-party products or your own installation packages on protected computers.
3. Ability to install endpoint protection systems on infected computers.

Administration

1. Creation of virtual administration servers to ensure protection of physically remote segments of an organization’s local network or remote offices.
2. Formation of a hierarchy of administration groups for “flexible” configuration of rules for the work of various user groups.
3. Combining a set of rules and settings of various components into policies and flexible application of the created policies to regulate the activities of a specific user or group of users. The ability to use both standard policies and create new policies.
4. Implementation of centralized (if necessary, remote) management of programs to protect endpoints.
5. Centralized updating of databases and protection modules with endpoint protection programs.
6. Centralized work with files placed in quarantine or in backup storage, as well as with objects whose processing has been postponed.
7. Inventory of hardware devices and software on computers on the organization’s local network.
8. Centralized detection and elimination of vulnerabilities found in the operating system and various software.
9. Management of Kaspersky Endpoint Security 8 deployed in virtual environments (automatic detection of virtual machines, life cycle management of virtual machines, optimization of the load on the host server when performing resource-intensive tasks).

Monitoring

• Obtaining information about critical events on protected computers in real time.
• Receiving statistics and reports on all events on protected computers. It is possible to generate reports containing events in each protection component and administrator actions. Reports can be generated on a schedule or at the request of the administrator. If necessary, you can configure sending reports in a convenient format by email.
• Using the web console allows you to organize access to operational information about the protection status and reports from any computer on the network or remotely.

Also in Kaspersky Security Center there is now the ability to manage the protection of virtual workstations. When a new virtual machine appears on the network, it is automatically found, connected to the administration console, and all the necessary protection components are installed on it. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for easy administration of the virtual infrastructure. Dynamic mode support for Virtual Desktop Infrastructure (VDI) is also implemented.

Preparation for use

To install Kaspersky Security Center, you need to run the program installation file, after which the installation wizard welcome window will appear.

Figure 5. Initial window of the Kaspersky Security Center installation wizard

Next, you need to read the license agreement and accept its terms. After this, you need to select the installation type. The standard installation contains a minimum set of components and is recommended for networks containing up to 200 computers. Custom installation allows you to configure additional settings for Kaspersky Security Center and is recommended for networks containing more than 200 computers. Select a custom installation and click the “Next” button.

Figure 6. Selecting the Kaspersky Security Center installation type

The next step requires you to select the components to install.

Figure 7. Selecting Kaspersky Security Center components for installation

Figure 8. Selecting network size

In the next step, you need to select the account under which the administration server will be launched on the computer. You can choose one of two types of accounts - a system account (not available in Windows Vista and later Microsoft operating systems) or a user account.

Figure 9. Selecting the account under which Kaspersky Security Center will be launched

After this, you need to select the database type for the administration server - Microsoft SQL Server (Express Edition) or MySQL. When you select MS SQL Server, if this DBMS is not available, it will be installed. If you choose MySQL DBMS for operation, it must already be installed on the system.

Figure 10. Selecting a database server for Kaspersky Security Center

The next step is to configure the connection parameters to the server with the database. And then an account is configured to connect to the server.

Figure 11. Configuring connection parameters to a server with a database

After this, you need to determine the location and name of the shared folder in which installation files and updates will be stored. You can create a new folder or select an existing one.

Figure 12. Creating a public folder

Next, you must specify the port number for connecting to the administration server (“port 14000 is used by default”) and the SSL port number for a secure connection to the administration server using the SSL protocol (“port 13000 is used by default”).

Figure 13. Configuring connection parameters to the administration server

After this, you need to set the address of the administration server. The address can be a DNS name, NetBIOS name, or IP address.

Figure 14. Setting the address of the administration server

The next step is to select modules to manage programs. We need a module to manage Kaspersky Endpoint Security 8 for Windows, so we select it.

Figure 15. Selecting modules for installation

This completes the setup process and you can start installing the program. Next, you need to restart the operating system, after which the installation can be considered complete.

After installation, you will need to make a number of additional settings - specify a key or registration code, decide to use cloud technologies, configure the sending of notifications about the occurrence of events and proxy server settings. After this, you can start working with Kaspersky Security Center.

Working with the product

The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).

Figure 16. Microsoft Management Console snap-in window

The advantage of using the snap-in is its standard interface, which is familiar to administrators working with Windows OS. In addition, you can add several different snap-ins to one management console. For example, Windows Firewall, Diskeeper defragmentation program, Performance snap-in and Kaspersky Security Center.

Figure 17. Example of creating a management console

The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview panel (console tree) and a work area. After installing Kaspersky Security Center, we gain access to the administration server, through which we will manage instances of Kaspersky Endpoint Security 8 installed on computers on the local network.

With a distributed company structure, it is necessary to create a set of administration servers that will allow servicing each network segment separately, but, at the same time, centrally manage everything from one point. This will reduce traffic within the local network and simplify work with remote offices or local network segments. If you have several administration servers, you can delegate responsibility for security and authority to manage each virtual server to individual administrators. You can add administration servers from the context menu of the “Kaspersky Security Center” node (“Create” – “Kaspersky Administration Server” – “Administration Server...”). The created hierarchy allows you to create rules for inheriting tasks and policies for different administration servers.

The hierarchy of tools for the administrator’s work is presented in Figure 18.

Figure 18. Hierarchy of tools for administrator work

The administration server can be used as a proxy server for Kaspersky Security Network (KSN), a special service - KSN Proxy - is responsible for this. Its use allows all computers under the control of the administration server to transmit and receive data to the “cloud” even if they do not have access to the Internet. Also, by caching requests, KSN Proxy allows you to reduce the load on Internet access.

Figure 19. Configuring KSN Proxy parameters

The logic for working with the program when deploying protection and administering it is constructed as follows. First, the administrator configures the administration server settings. After this, administration groups are created in accordance with the logic of the protected network. For example, accounting employees can be prohibited from using any removable media, and programmers can be configured with the most stringent web control parameters.

Computers are added to the created groups, and the Administration Agent and Kaspersky Endpoint Security 8 are installed on each computer. Security policies are then created and configured for each user group. The administrator can also create various tasks (virus scan, update, etc.) and set criteria for their execution (by timer, by event, etc.). After this, work with the program goes into the background - the administrator needs to periodically review reports, respond to threats, add new users for protection and perform other network maintenance work. Let's take a step-by-step look at how it works.

To manage protection settings on client computers, use the “Computer Management” group, which contains four panels: “Groups”, “Policies”, “Tasks” and “Computers”.

Figure 20. Computer Management group

Creating administration groups and setting them up

The “Groups” panel contains tools for managing groups of computers on the “Administration Server”. These administration groups allow you to organize a hierarchy of computers on the network in order to selectively apply various policies and tasks to them in the future. By default, only one, the root, group is available. Using the “Create Group” and “Create Subgroup” commands in the “Groups” panel, you can create the hierarchy of computer groups required in your organization.

Figure 21. Example of creating administration groups

Using the context menu of the “Managed computers” node (command “All tasks” - “Create group structure” in the context menu), a hierarchy of computers can be created automatically. For this purpose, information about the structure of Windows network domains and workgroups, Active Directory groups, or the contents of a text file is used.

In the “Groups” panel, you can set the conditions for installing programs on computers newly added to the group. You can also specify the criteria by which the user’s computer will be assigned the “Warning” or “Critical” status. For example, if the databases have not been updated for more than X days or more than Y viruses have been found.

Figure 22. Setting criteria for setting statuses for computers

Once the groups have been created and configured, you can begin populating the groups with computers. To do this, use the “Computers” panel, in which you can add and remove computers on the “Administration Server”. You can also view information about each computer on the network - its status, the time the databases with signatures were updated, the number of viruses found, etc.

Figure 23. Computers panel with the filtering panel expanded

To add a new computer, you need to click on the “Add computers” button, after which the wizard window will appear. The first step is to determine how to add client computers.

Figure 24. Window of the Add Client Computers Wizard

When manually adding computers, you need to specify the IP address or range of IP addresses of computers on the network. You can also import a list from a text file with a list of IP addresses.

Figure 25. Manually adding new computers

When adding automatically, you just need to specify the required computers from the list of detected computers on the network.

Figure 26. Window for adding computers detected by the administration server

If for some reason the computers were not distributed into administration groups, they remain in the folders of the “Unassigned computers” node. You can also apply tasks and configure policies to these computers. New computers found by the administration server when polling the Windows network, IP addresses and Active Directory groups are also placed in these folders. After finding new computers on the network, the administrator can move them to one of the existing groups.

Installing applications via Kaspersky Security Center

Kaspersky Security Center allows you to install various programs on computers on your local network. These may be Kaspersky Lab customer protection programs or third-party programs. To install the program on a client computer, you must create a task of the appropriate type and specify the computers for which it will be executed.

Installing programs through Kaspersky Security Center is primarily necessary to deploy protection on client computers when starting to use Kaspersky Lab solutions in an organization and when adding new computers for protection.

To organize protection on client computers, you first need to install administration agents and Kaspersky Endpoint Security 8. The installation package is installed using the Remote Installation Wizard, which is launched from the “Groups” panel by clicking on the “Start installation” button. Select the administration agent and click the “Next” button.

Figure 27. Selecting the program to install

We indicate that the program is installed “From a shared folder”. After installing the Administration Agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when adding a new computer to the network, the administrator will be able to run one task to install the entire list of necessary programs.

Figure 28. Selecting program installation options

In the next step, you can specify accounts that have administrator rights.

Figure 29. Selecting accounts with administrator rights on the target computer

After this, you will need to choose whether to restart the computer after installing the program and, if so, whether to force it or ask the user. At this point, the creation of the program installation task is completed and you can run it.

Figure 30. Running the application installation task

If for some reason installation over the network is not possible (for example, the network is disabled on the computer), then you can create an installation package and provide it to the user for independent installation.