This project entitled "Enterprise Endpoint Security Solution for Large Organization with High Availability (Active-Passive)", submitted by Allin Arzoo to the Department of Computer Science and Engineering, Daffodil International University, has been accepted as satisfactory in partial fulfillment of the requirements for the degree M.Sc. Department of Computer Science and Engineering Faculty of Natural Sciences and Information Technology Daffodil International University. I am really thankful and express our sincere thanks to Md Abbas Ali Khan, Senior Lecturer, Department of CSE Daffodil International University, Dhaka.
Touhid Bhuiyan, Professor and Head, Department of CSE, for his kind help in completing this project and also to other faculty members and the staff of the CSE Department of Daffodil International University. I would like to thank all our coursemates at Daffodil International University who participated in this discussion while completing the coursework. In this project we provide Enterprise Endpoint security solution for large organizations and also provide active passive solution for high availability.
In the first part of this paper we will discuss about endpoint security solution for large organizations that have separated internet and intranet connection and second part will active passive solution for high availability. Sometimes managing the endpoint security can be complicated due to the network architecture of certain organization and requirements that change to the network architecture. In this report we will discuss about endpoint security solution for an organization using separated internet and intranet connection network by using Kaspersky Endpoint security.
In this project we provide an Enterprise Endpoint security solution for active passive data center environment with Kaspersky Endpoint Security.
INTRODUCTION
Introduction
Objective
Passive Data Center Environment and KES Backup and Restore for Active-Passive Data Center Environment.
BACKGROUNG
Introduction
Why choose Kaspersky
Related work
Challenges
ENDPONT SECURITY REGULER STRUCTURE AND OUR PROPOSED STRUCTURE
- Introduction
- Endpoint Security
- Kaspersky Endpoint Security
- Kaspersky Security Center
- Kaspersky Endpoint software in client end
Kaspersky Endpoint security is a client-server based system, Kaspersky Security Center is installed on the server and all antivirus management is done with it. Signature updates can be downloaded and installed on computers via server or directly from the Internet. But in our environment internet is not available in distribution zone or more specifically there will be no internet after DMZ.
So here my solution is to install a server in DMZ zone which can connect internet but only Endpoint security vendor site with certain port which will download all updates from internet. After that there will be another server in the distribution zone and will connect to the DMZ zone server. The distribution server basically has two roles, one is to manage all the computers, and another is to download the updates from the DMZ server and distribute it to the computers.
Server for downloading signature updates from the Endpoint Security Company website and distributing is for distribution.
INSTALLATION AND OPERATION OF KES
- Introduction
- Installing Kaspersky Security Center
- Install Kaspersky Endpoint Security in client end
- Operation with Kaspersky Security Center
- Add Slave Server
- Proposed Solution for the Discussed environment: As per I mentioned earlier that we are proposing a solution where there is no internet after DMZ and internet and
Daffodil International University 10 Here I am installing Kaspersky Security Center 12.2, I need to make sure that I install with the administrator privilege. After the installation is complete, we can open Kaspersky Security Center using the console or web browser. In client device we need to install two software one in the Kaspersky Network Agent and another in Kaspersky Endpoint Security commonly known as KES.
Kaspersky Network Agent is the link between the user device and Kaspersky Security Center. During the installation of the network agent, we need to enter the server address or Kasperskysecurity center server address (IP address of the server) and then it will be able to connect to the server. For this project, we recommend that you create a mapping for the Kaspersky Security Center IP address and associate the hosts with the IP address of the mapping.
After installing the network agent, we need to add the device to the Kaspersky Security Center. After connecting the server to Kaspersky Security Center, we can install the KES software on the user's device remotely from Kaspersky Security Center or install it manually. Daffodil International University 15 After completing the installation we will find the following panel on the user's device.
We can activate the Antivirus license from Kaspersky Security Center or we can activate it or we can activate it manually from key file or license code, but Kaspersky recommends activation of license from Kaspersky Security Center. To manage the user devices, we need to add them in Kaspersky Security Center, but before adding the devices, we need to create a group for proper management and apply policy. Daffodil International University 20 After adding devices, we can see their status from the group under the managed server.
From the task, we can run various tasks in it, such as instant virus scan, update, add license, etc. The main role of the master server here is to download the virus database update from Kaspersky website and distribute in slave server or servers. For any kind of antivirus software virus update is a must and to download the updates we need internet but in this type of environment where there is no internet in the distribution zone how can we download the update.
The slave servers are located in the distribution zone where there is no internet, but although they are connected to the master, they can download the regular virus update and distribute it to the user devices. All user devices are managed from the slave server and the role of the master is to download the update and distribute it to the slave.
KASPERSKY SECURITY CENTER BACKUP
- Introduction
- Kaspersky Security Center Backup tool
- Active-Passive Datacenter concept
- Endpoint Security in Active Passive Datacenter Concept
- Our Solution for the Backup
- Pre-requisites of Backup and Restore of Active Passive Data Center
- Network Configuration
- Working Procedure of Backup
If the system shows any problem, we can restore Kaspersky Security Center from backup using this tool. Passive Active Data Center is a concept where there are two identical data centers for an organization and both data centers are connected to each other. The operation is performed from the main data center, but all data is stored in both data centers equally.
If the main data center fails, all services can run from the other data center with stored data. They do not have a tool or process to keep a backup of Kaspersky Security Center on another server or location. If a disaster occurs in the main data center, we will restore Kaspersky Security Center from the passive data center server.
Påskelilje International University 28 In order to take backup and restore, we need to make the same Kaspersky Security Center server in the main data center and the passive data center. On both sides, the Kaspersky Security Center server name will be the same, but the IP will be different. IP address mapping is a concept where there will be a private IP address against the IP address of the server or network device.
In the host PC or device, when the network agent is installed, we will set the privet IP address. After restoring the KSC server from passive data center, we need to change the real ip against mapping IP from active data center IP to passive data center IP by NAT. By doing this there will be no effect of KSC server IP changing at the host end.
In the backup tool we place the share location of the share folder of the passive data center server. Even though the hostname of both servers is the same, the recovery will be performed normally and as I said before, the host will connect to the server with an assigned IP address. We will change the assigned IP address of Kaspersky Security Center server from Active Datacenter Server IP to Passive Datacenter Server IP. Then the host can connect to the Kaspersky Security Center server on the passive data center side.
CONCLUSION AND FURTHER STUDY
Summary of the Study
Recommendations
In this project I have come with a backup solution of active-passive network structure and also restore it in future I will work for endpoint security backup and solution for Active- Active environment. 4] Backup and restore, available at <<https://csguide.cs.princeton.edu/storage/backup>>.
