Introduction to LANDesk Security Suite 9

LANDesk® Security Suite version 9 provides the tools you need to manage and protect devices and critical data on your enterprise network from a single console.

LANDesk Security Suite supports Windows NT*, Windows* 2000/2003, Macintosh*, and Linux* networks.

Security Suite is based on the primary LANDesk Management Suite functionality that lets you configure and manage network devices, and then enhances and focuses that functionality by adding specific security-related tools like Patch and Compliance, Antivirus, Endpoint Security, Network Access Control (NAC), Agent Watcher, and more; offering a comprehensive and layered security solution.

Read this section to learn about:

Overview: A Layered Security Solution

LANDesk Security Suite is a complete security management solution that lets you proactively monitor, defend, remediate, and fortify your network infrastructure and resources.

The fundamental Patch and Compliance tool enables you to scan for and remediate the prevalent types of security risks that continually threaten the health and performance of your managed devices, including: known operating system and application vulnerabilities, spyware, viruses, system configuration errors, unauthorized or prohibited applications, and other potential security exposures. LANDesk Antivirus lets you download the latest virus definition file updates; and configure virus scans that check managed devices for viruses and provide the end user with options for handling infected and quarantined objects. LANDesk Network Access Control (NAC) provides endpoint compliance security on your network; allowing you to create custom compliance security policies using the Patch and Compliance tool and enforce those policies, through a posture validation process, on devices attempting to access your network. Device Control allows you to monitor and restrict access to managed devices through network connections and I/O devices.

The table below shows how Security Suite tools complement each other and provide strong system defense:

Security concern / task LANDesk Security Suite solution
Knowledge and verification Console views:
- security content lists
- definition (and detection rule) properties
- patch and compliance scan information
- antivirus activity and status information
Alerts
Reports
Network Access Control
(authentication, security policy compliance)
LANDesk 802.1X NAC support
Vulnerability assessment and remediation
(custom security definitions)
Patch and Compliance
Patch management Patch and Compliance
Malware detection and repair Antivirus
Riskware scans
Anti-spyware
Real-time scans
Application blocker
Device configuration and lockdown Device Control
Host Intrusion Prevention (HIPS)
LANDesk Firewall protection
Agent Watcher
Unmanaged device scan and discovery Unmanaged Device Discovery
Extended Device Discovery (ARP and WAP)

Installing/activating Security Suite

LANDesk Security Suite and LANDesk Management Suite both use the same setup program to install the necessary components on your core server. As with other LANDesk software products, such as Management Suite and Inventory Manager, it's when you actually activate the core server with your LANDesk account information that the applicable Security Suite functionality is made available in the console. If you're account is licensed for LANDesk Security Suite, you'll see the tools and features described in this LANDesk Security Suite Users Guide when you log into the console.

As stated in the LANDesk Management Suite Users Guide, installing and deploying a system-wide application like LANDesk management software to a heterogeneous network requires a deliberate methodology and significant planning before you run the setup program. Because the network considerations are similar and the products use the same setup program, you should refer to that guide for detailed information on deployment strategies and step-by-step instructions for each phase of deployment, including: designing your management domain, preparing your database, installing the LANDesk core server, and configuring device agents.

NOTE: Security Suite doesn't include all Management Suite components
Keep in mind that some Management Suite components do not apply to a Security Suite implementation, such as OS deployment and rollup cores.

Once you've installed LANDesk Security Suite and activated your core server with a Security Suite license, you can refer to the sections in this guide for information on starting the console and using the available tools, including the security-specific tools and features listed below.

Security Suite content subscriptions

LANDesk Security Suite offers scanning and remediation support for several different types of security risks, including known OS and application vulnerabilities for supported device platforms, spyware, viruses, system configuration threats, unauthorized applications, and more. Each security risk, of any type, is characterized by definition files. A definition file is typically comprised of an ID, specific attributes, detection rule details, and patch file information if applicable. LANDesk Security Services maintains a database of security definition files, referred to as Security Suite content or security and patch content, that are continuously updated and are available via Web download.

In order to download security and patch content you must have an associated Security Suite content subscription. For information about Security Suite content subscriptions, contact your LANDesk reseller, or visit the LANDesk Web site.

The LANDesk User Community has user forums and best known methods for many LANDesk products and technologies. To access this valuable resource, go to: http://community.landesk.com

The Patch and Compliance section in this guide describes how to download the security and patch content for which you have subscriptions.

Security Suite tools and features

Security Suite's underlying tool is called Patch and Compliance. See a brief overview below. To learn more about security content and supported device platforms, and how to use Patch and Compliance to perform security and compliance scanning and remediation, view scan results, generate security reports, and configure ongoing system security, see Patch and Compliance.

The sections below are overviews of the security management tools provided by LANDesk Security Suite, with links to the tool's main section:

Patch and Compliance

Use Patch and Compliance to download the latest known vulnerability definitions (and other security content types' definitions) and their associated patches. Scan managed devices, as well as core servers and consoles, for LANDesk software updates. Configure and run customized security assessment scans for known platform-specific vulnerabilities, spyware, system configuration security threats, antivirus scanners, and blocked or unauthorized applications.

You can also:

NOTE: Patch and Compliance scans in a LANDesk Management Suite implementation
The Patch and Compliance tool is included by default in a LANDesk Management Suite installation (core server activation). However, initially you can scan only for LANDesk software updates and your own custom security definitions. To scan for and remediate additional security types, you must have the corresponding Security Suite content subscription.

For more information on scanning for and remediating security exposures on your managed devices, see Scanning and remediating devices.

CVE naming standard compliance

LANDesk security products support the CVE (Common Vulnerabilities and Exposures) naming standard. With Patch and Compliance you can search for vulnerabilities by their CVE names, and view CVE information for downloaded vulnerability definitions.

For more information about the CVE naming convention, LANDesk compatibility with the CVE standard, and how to use CVE identification to find individual vulnerabilities in Patch and Compliance, see Using CVE names.

Security Configurations

The new Security Configurations tool let you create and manage settings files for several security components and services. Configurations (i.e., settings files) control how security services operate on managed devices.

With the Security Configurations tool, you can deploy security agent/services and their associated settings to your managed devices as part of the initial agent configuration, separate install or update tasks, and change settings tasks.

For more information, see Security Configurations.

LANDesk Antivirus

LANDesk Antivirus lets you protect all of your managed devices from the latest known viruses as well as suspected infections. Antivirus scans can also check for riskware (via an extended database). LANDesk Antivirus is a configurable virus protection tool that is fully integrated with both Security Suite and LANDesk Management Suite.

LANDesk Antivirus provides a wide range of antivirus features, including: scheduled antivirus scans, on-demand scans, red-button scans, real-time file and email protection, automated downloading of virus definition file updates (the LANDesk virus signature database contains the very latest known virus definitions and is renewed several times a day), configuration of antivirus scan behavior and end user options, scan exclusions, as well as antivirus alerts and reports.

Additionally, you can view real-time antivirus information for scanned devices in both the main console and the Web console's executive dashboard to quickly identify virus outbreaks and see virus control over a specified period of time.

For more information, see LANDesk Antivirus.

Endpoint Security

The new Endpoint Security tool protects your managed devices from zero-day attacks, firewall intrusions, and unauthorized network and device connections.

Endpoint Security is comprised of customized settings files (saved feature and option configurations) that can be deployed to target devices) for these security components:

Host Intrusion Prevention (HIPS)

LANDesk Host Intrusion Prevention System (HIPS) provides an additional layer of protection that proactively secures systems and applications from zero-day attacks. Using customized rules and file certifications, HIPS monitors applications and blocks prohibited actions and behaviors, allowing you to protect the file system, registry, system startup, and even detect stealth rootkits.

For more information, see Host Intrusion Prevention System (HIPS).

LANDesk Firewall

LANDesk Firewall lets you create and configure proprietary firewall settings to prevent unauthorized application behavior on your managed devices.

NOTE: LANDesk Firewall and Windows Firewall
The LANDesk Firewall complements the Windows Firewall, and both can be enabled and running at the same time on managed devices.

For more information, see LANDesk Firewall.

Device Control

Device Control adds another level of security to your LANDesk network by allowing you to monitor and restrict access to managed devices through I/O devices. With Device Control, you can restrict the use of devices that allow data access to the device, such as ports, modems, drives, USB devices, and wireless connections.

For more information, see Device Control.

Security Activity

The new Security Activity tool lets you view critical activity and status information for several security components and services. Security Activity provides a single tool window where you can easily see antivirus scan results, HIPS preventions, Firewall preventions, blocked devices, and more.

For more information, see Security Activity.

Network Access Control (NAC)

Use Network Access Control (NAC) to implement compliance security on your network. LANDesk 802.1X NAC support is designed to extend the security of an existing 802.1X Radius server implementation on your network by adding authentication and compliance.

With LANDesk 802.1X NAC you can configure custom compliance security policies using the Patch and Compliance tool, and enforces those policies on devices attempting to access your network through a posture validation process. Healthy devices are granted access while unhealthy devices are quarantined, where they can be remediated and granted full access or given limited network access. You can also create and configure compliance-specific security scans that check currently connected devices for compliance to your security policy. Full compliance security scans can also be initiated by an antivirus scan when a virus can't be quarantined or removed.

IMPORTANT: LANDesk NAC requires additional hardware and software setup and a strong practical knowledge of 802.1X Radius server configuration, 802.1X authentication and health posture validation, as well as advanced networking infrastructure design principles and administration.

For more information, see Using LANDesk 802.1X NAC.

Additional common LANDesk tools included with LANDesk Security Suite

Common LANDesk tools provide the underlying device configuration and management capabilities in both Management Suite and Security Suite. The following tools are available in a LANDesk Security Suite implementation, appearing in the Tools menu. Note that some of these common tools have certain restrictions in a Security Suite license activation.

Agent Configuration

Use Agent Configuration to create custom agent configurations to deploy and install the necessary LANDesk agents required to manage and protect your network devices. These agents are the Standard LANDesk agent (that includes the inventory scanner, local scheduler, bandwidth detection, and security scanner), the software distribution agent, and the software license monitoring agent (used for application blocking).

NOTE: Agents not applicable to LANDesk Security Suite
The following LANDesk agents (components) are NOT applicable in a Security Suite installation: custom data forms, remote control, and OS deployment and profile migration.

Column Set Configuration

Use Column Set Configuration to customize the inventory data that displays in device lists and query results lists in the console network view.

Reports

Use the Reports tool to generate and publish a wide variety of specialized reports that provide useful information about your managed devices, including several predefined Patch and Compliance, Antivirus, and LANDesk NAC Compliance reports.

NOTE: Reports not applicable to LANDesk Security Suite
The following report categories are NOT applicable to the Security Suite: All Asset Reports, All SLM Reports, and All Remote Control Reports.

Scheduled Tasks

Use Scheduled Tasks to create recurring tasks specifically related to security and patch management, remediation, compliance security enforcement, antivirus scans, and more. You can configure the task's targeted devices and scheduling options.

NOTE: Scheduled tasks not applicable to LANDesk Security Suite
The following scheduled task (script) types are NOT applicable to the Security Suite: Custom data forms, Custom scripts, Handheld tasks, and OSD/Profile migration scripts. Also, the distribution package and delivery method task options aren't configurable with Security Suite.

Unmanaged Device Discovery

Use Unmanaged Device Discover (UDD) to locate devices on your network that haven't submitted an inventory scan to the core database.

Extended device discovery (XDD) works outside the normal scan-based discovery methods used by UDD. Managed devices with the extended device discovery agent on them listen for ARP (Address Resolution Protocol) broadcasts and maintain a cache (both in memory and in a file on the local drive) of devices that make them. Extended device discovery can also detect WAP (wireless access point) devices.

Web console executive dashboard

The executive dashboard provides important data to corporate officers and IT managers, enabling them to have continual oversight of the business in several key areas. This enhanced visibility of the business allows executives to make informed management decisions and quickly respond to critical issues.

User management with role-based administration and the local accounts tool

The Users and Local Accounts tools let you add users to Security Suite management roles, and configure their access to specific tools and managed devices based on their administrative role.

With role-based administration, you assign roles (with their associated rights) to determine the tasks users can perform, and scopes (based on device groups, queries, LDAP directories, or custom directories) to determine the devices a user can view and manage. Roles that are available with Security Suite include: Patch and Compliance, Network Access Control, Security Configurations, Software Distribution, Public Query Management, and Unmanaged Device Discovery.

NOTE: Roles and rights not applicable to LANDesk Security Suite
The following role-based administration rights are NOT applicable to the Security Suite: OS Deployment, Remote Control, Asset Configuration, Asset Data Entry, and Software License Monitoring.

Local accounts is an administrative tool used to manage the users and groups on local machines on your network. From the console, you can add and delete users and groups, add and remove users from groups, set and change passwords, edit user and group settings, and create tasks to reset passwords for multiple devices.

Other LANDesk management features included with Security Suite

In addition to the tools listed above that appear in the console Tools menu, Security Suite provides the following common LANDesk features:

NOTE: Custom data forms are not supported in LANDesk Security Suite
The Custom data forms tool is not available with a LANDesk Security Suite only license. You must have a full LANDesk Management Suite license in order to use custom data forms.

Where to go for more information

Following the specific security tool sections, the remainder of this guide includes sections from the LANDesk Management Suite Users Guide that cover the specific tools and features mentioned above, as well as information about understanding and using the LANDesk console and network view. Refer to the table of contents to find the appropriate sections to learn more about each tool.

The LANDesk User Community has user forums and best known methods for many LANDesk products and technologies. To access this valuable resource, go to: http://community.landesk.com