Blazingly fast Internet speeds boost business productivity, but they also propagate network viruses. F-Secure Corp.'s Anti-Virus Client Security 6.0 promises some relief, including e-mail and Web scanning, firewall with intrusion prevention, application control and central management. I tested the product in our Syracuse University Real-World Labs and found it to be a top-notch enterprise security bundle.
I installed the F-Secure Policy Manager Console (FSPMC) on a Windows 2000 Server (Linux Red Hat is also supported). Running the FSPMC for the first time launches a setup wizard to define your environment and initialize communication with the Policy Manager Server so an administration key pair can be generated. By default, a Root policy domain is created during installation; however, you can subsequently rename it or create a new one using the Edit menu.
|
Highlights
• Cisco NAC support
• LAN/WAN and internet quarantine • Integrated firewall with intrusion prevention • Spyware protection and Web traffic scanning
***F-Secure Anti Virus Client Security 6.0, $2,975 for 100 users. F-Secure, (408) 938-6700. www.f-secure.com/products/anti-virus/fsavcs/
|
I ran Autodiscovery in the Windows Host tab (Autodiscovery works only with Windows networks), and it resolved 30 network host devices from a total of 11 testing domain/workgroups. I was given details on each device, including system platform, agent version and installation results. To push the client installation to target hosts, I checked boxes to choose devices from the discovered-devices list, but you can also indicate a device by entering its WINS or DNS name or IP address. A restart is required after installation.
Config Snafu
It's never a good idea to let users make client-side configuration changes, but that's how the default option is set. We recommend tightening up security options from the Policy Manager by clicking on the lock symbol beside the settings and then clicking on "Final," to prevent users from changing anything.
I changed settings to restrict user access to the antivirus client, blocked the URLs for eBay and Whazit, and blocked pop-up windows. Then I saved my policy and distributed it. This worked in that my test computers couldn't connect to www.ebay.com and configuration changes could no longer be made on the client side.
Not all pop-up windows were blocked, though, and I realized I had some word filters set so pop-ups from certain sites would be allowed. I stripped the application of these settings, then went to sites loaded with pop-ups. I didn't receive any. An administrator can deactivate or reactivate the pop-up blocker option at any time.
Viruses, Spyware and Other Nasties
With a combination of four scanning engines--F-Secure's proprietary Orion and Libra engines and the licensed AVP (Kaspersky) and Draco (Lavasoft)--every virus test file I sent was caught.
For spyware protection, F-Secure licenses Lavasoft's antispyware product, which you can set to remove and quarantine spyware automatically. Although Lavasoft offers a decent product, I recommend investing in an additional spyware removal tool--even the highest-rated spyware products don't catch everything. You can create Internet Shields levels (F-Secure's name for firewall) for mobile, home or office at strict, normal, custom and network quarantine.
Reports
Policy Manager Web Reporting is integrated with the Policy Manager Server and can be remotely accessed by Web browser. I found it a very good tool for generating detailed graphs on trend data, network attacks and unprotected computers. Reports can also be printed or exported, but there isn't a report that will let admins see default policy options they may have changed.
The only thing I don't like is that Policy Manager's great flexibility and functionality can overwhelm an admin and make remote policy management a bit convoluted.
Joanne VanAuken is a technology editor for Secure Enterprise. She has 14 years' experience in computer operations and systems administration. Write to her at [email protected].