Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Security
S N E A K   P R E V I E W  
McAfee Shores Up Your Defenses

  June 26, 2003
  By By Christopher T. Beers


TOC Issue TOC
Printer Print full article
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author

Every day brings another e-mail warning of malevolent viruses aiming to wreak network havoc. You know antivirus software, personal firewalls and other policing agents are a necessity, but running any such program without the proper maintenance and updates offers little to no protection. To achieve maximum security, you need a comprehensive plan to manage all these products completely.

Enter Network Associates' McAfee ePolicy Orchestrator (ePo) 3.0. This latest offering not only is capable of deploying security-protection products from a variety of vendors, including Symantec, it also manages and enforces security policies and produces detailed reports from a central console. In fact, ePo can manage your entire defense against malicious code and virus threats across your desktops, file servers, groupware servers and gateways, and it can manage desktop firewall software to boot. The software also can handle up to 250,000 clients from a single ePo console.

I tested a beta copy of ePo 3.0 on a Windows 2000 server in our Syracuse University Real-World Labs®. Syracuse has been using ePo 2.5 for the past year to manage desktop virus protection, and Network Computing editors here have offered improvement ideas to McAfee. The ePo software consists of the ePo server, which contains the database of managed clients; a console application used to manage the server from administrators' workstations; and an ePo agent installed on the managed machines. The software uses a Microsoft database back end that lets you choose between Microsoft SQL Desktop Engine (MSDE), included as part of the install, and Microsoft SQL Server.

I chose SQL Server 2000 because of the limitations with MSDE that would have confined me to managing a mere 5,000 clients.

I set up the server OS and SQL Server with patches and installed ePo easily. The software self-installs its required packages and creates the appropriate database structure, automatically detecting your installed database and adjusting itself appropriately.

To manage the software remotely, ePo contains a console-only client application that communicates to the server via ODBC and ePo client-server protocols. I installed console software on a remote desktop after creating the required ODBC connections to the server database.

I configured the software to deploy and manage products, manage machines, enforce the policies and report on compliance policies. Although deploying and managing software is much easier in an NT Domain environment, because of the trust relationships that are part of that structure, it is possible to use ePo without a domain. I installed the software I wanted to manage into the ePo server database and created the appropriate policies within console.

Enforcing Security

For security, McAfee offers ePo Fusion Services, which customizes third-party toolkits so ePo can manage almost any desktop-security product. I chose, however, to manage and deploy McAfee VirusScan Enterprise 7.0--one of the products ePo can manage out of the box.

Before deploying antivirus protection to managed machines, you must install the software into the master software repository. Once the managed software is imported into ePo, you can customize the default security policy's level of enforcement. I created a policy that forces managed clients to run VirusScan, update the virus definitions at start-up once per day and perform weekly virus scans of local hard drives during off-hours.

Good
• Single console scalable to 250,000 clients
• Automatically manages and thwarts virus outbreaks
• Excellent built-in graphical reporting

Bad
• Complex environment, but easily managed once configured
• Manages only those security products you have purchased and licensed
• Works best within a Microsoft NT Domain, requiring additional configuration when outside of a domain

McAfee ePolicy Orchestrator 3.0, starts at $24 per managed node. Network Associates, (972) 963-8000. www.mcafeesecurity.com
Next I deployed VirusScan to machines. First I had to install an ePo agent on each managed computer--this can be done from the server using appropriate credentials within the domain or manually using the silent install executable.

I created a group containing the server and a desktop computer, and created a task to deploy and manage VirusScan on this group. It was installed within minutes.

The ePo agent runs in the background, checking with the server on a regular basis to ensure that the policies you've set are enforced. To test this I modified the settings of VirusScan on a managed desktop, removing the setting that updates the virus definitions at start-up. The machine's agent checked in server as designated and reset the setting.

Emergency protection, such as when a new virus threat is detected on the Internet, is provided via optional Super Agent technology. During such an event, the Orchestrator notifies the Super Agents of new policies or software updates. This causes ePo on the Super Agents to enforce updates to all clients on their network. Orchestrator also will update managed clients without the Super Agents, but at significantly slower speeds using the server itself.

Writing Reports

The ePo's console reports compliance data, coverage information and virus trend analysis of all managed machines. The Orchestrator software can report on versions of agents, software and virus definitions; the top 10 viruses detected and actions taken to protect against them; and machines that are not conforming to security policy. With more than 30 preconfigured reports, that's a lot of information about your managed environment.

Christopher T. Beers is a Unix Systems Engineer at Syracuse University. Write to him at ctbeers@syr.edu.

Post a comment or question on this story.


Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll