IP-guard 3 User Manual v2.0
Contents
1. Chapter 6 Policy P 73 Policy 2 Add another Mail policy to allow specified sender to send emails out Policy Name Allow teclink com hk only Mode Allow Sender teclink com hk E Ra Audit 3 Events Log Y Basic Policy i Advanced Policy Y Monitoring EJ Mainten Property TALL Property Value Bees Network IM File Document Removable Stor Nas Allow teclink com 5 A Pa G Time All Day Email Policy 0090993999 Mode Allow Time Name Alert O a Block All anais baini A O Lock Eege O Only offline O Expiring Time lt Always gt From teclink com hk To Subject Has Attachment O Figure 6 12 Mail Policy Policy Example 1 2nd policy e Requirements All Enterprises must not allow staff communicating with competitors IP guard can block all outgoing emails which the recipients are competitors Policy 1 Add a Mail policy to block all emails which the recipients are competitors Policy Name Block emails to send to competitors Mode Block Alert optional Warning optional Recipients yahoo 4 M T Audit 3 Events Log i Y Basic Polio P Advanced Policy aa Monitoring if 5 Manten b oaen vous vax u Bandwidth Network IM File Document Removable Storage Name Block emails to s e 8 G Time All Day Email Policy 00099309 Mode Block Time Name Alert O Mv Al Day Al2. Property AX Disk Type Network Property Fa File Name 192 168 0 156 Name only can access 192 168 COUP before modify m Time All Day Backup when copy cut to m Mode Block Backup when copy cut from F Alert IM E before delete O Alert Level Critical KB Waming M Maximum Size lt KE 100000 Waming Message You are not allowed to mo Application AN Lock Computer EI e Only offline iO Expiring Time o Always gt Operating Type Modify Delete Read iO Modify Delete Figure 6 15 Document Policy Policy Example 1 Figure 6 16 Document Policy Policy Example 1 Warning message OH Alert Document Policy TESTING TECLINKDEVELOPM Administrator Action Block Alert Warming Operation Delete Disk Type Network File Path SEH 168 0 156 share testiMSDE_upgrade_to_SQL_Server_2000_Ent doc Figure 6 17 Document Policy Policy Example 1 Alert message Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 80 Requirements Similar to the Example Policy 1 however to facilitate the network shared resources some staff is allowed to modify delete files folders from shared network drive but System administrator is afraid that some files are deleted maliciously or by human error In this case backup options should be checked in a document control policy Policy Settings Policy 1 Add a Document Control policy
3. Combine the use of CTRL and SHIFT keys to set the download policies for multiple patches or computers Control functions System administrator can set the order of download scanning file or patches in the COnsole Download Scanning File Click the button Q gt to select the option Download Scanning file server will download the latest scanning file immediately Download All Patches Click the button to select the option Download All Patches server will download the required patch files immediately Scan Now Click the button O to select the option Scan Now all agent computers will scan the patch once immediately Scan for system patches If only one agent computer to scan the patch right click the computer and select Scan for system patches then only the specified computer will be scanned Computer Range Click the button to select group or individual computer to check the patch Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 118 installation situation Table 9 10 Control Functions 9 2 1 Patch Mode Patch Log Contents Under Patch mode all patches scanned from agent computers will be listed including Ordinal Severity Rating Bulletin ID Patch ID Name Not Installed Auto downloading and Download Sate Severity Rating 5 different ratings Low Moderate Important Critical and Unknown Bulletin ID Mic
4. Edit view Tools Window Community Help E ia IP 8CB455746EE9 SQL Server 9 0 3042 IP 8CB 5 Y Databases w A System Databases J OCULAR3 Ba y IP 8CB455746EE9 Databases OCULAR3 LY Data New Database a Ca Tables New Query E LA Views ida Name cript Database as 3 Synor P A Database Diagrams a O Progra Tasks S E A Secur O Security Reports gt O Server Object A Replication Rename D Management Delete Restore gt Refresh Generate Scripts Properties y Figure 11 3 Detach Database OCULAR3 5 Inthe Back Up Database OCULAR3 window add a destination path with backup file name e g IP guard_full_backup bak Click the button OK to confirm see Figure 11 4 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 145 E Back Up Database OCULAR3 LA General 4 Options Connection Server IP 8CB455746EE9 Connection IP 8CB455746EE Mteclink View connection properties Progress ES Script h Help Source Database OCULAR3 Recovery model SIMPL Backup type Backup component Database and filegroup Backup set Name OCULAR3 Full Database Backup Description Backup set will expire After O On Destination Back up to Disk CAOCULAR3_20080101_2008053041P gua
5. Search conditions Tool By default it is set to All To specify IM tool can select from the drop down menu User ID or Nickname Query the IM contents with specified either local user ID or nickname or another party s account ID or nickname Conient Query the IM contents with specified the keywords input e g mail The input contents will be highlight with red color in the results Table 7 2 IM Search Conditions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 87 7 2 Email Monitoring Email contents can be logged from every agent Support email types Normal mail Exchange mail Web mail and Lotus mail Note that only normal and Exchange mail types can log all incoming and outgoing emails web mail and Lotus mail types can only log the outgoing mail Sender carmenh teclink com hk Recipients daniely teclink com hk Subject polyu notebook promotion 2008 http www sunlite hk share promotion polyu2008 Best regards Carmen Hau Project Management Executive Teclink Development Limited AMEREARAA Tel 852 2950 0067 Fax 852 2950 0709 E mail CarmenH Zteclink com hk ES DA Y ES TORN ER Ia moed anna 90 54 Time Computer Subject Recipients Sender Size E 2008 07 29 15 07 21 TONY Please help to register IP carmenh teclnkcomhk kelvinOhkkyoc 73 2 El 2008 07 29 15 02 41 TONY Re e mail in Enquiry cynthia emezing toys c nik teclnkco
6. Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 12 Server IP Name 192 168 0 11 192 168 16 1 Setup File Full Path C Documents and Settings Administrator Desktop agent_2428 exe M silent Installation Try the below accout if we failed to get administrator privilege when we setup gt Domaini JUser name Password Create Setup File Cancel Figure 2 6 Agent Generator Input the following fields finally click Create Setup File button to generate the agent program Server IP Address Default is the IP of the local machine If more than one IP addresses you can input using comma to separate the IPs e g 192 168 1 223 58 177 209 222 Static IP or Dynamic DNS is allowed to input Setup File Full Path Input or Select the path and filename of the Agent setup file to be created Silent Mode if selected no user interface will show up during optional installation Login amp Password if the logon windows account is not administrator the optional created agent program may not setup successfully If so you should input the administrator s login and password before the program packed Table 2 3 Settings of Agent Generator 2 4 2 Remote Installation How to Using Remote Installation tool can help you install agents remotely and massively at a time On the IP guard server click Start gt All Programs gt IP guar
7. Applications Search D carmenhau homei Figure 4 1 Interface of Application Statistics Function Button Mode Administrator can select different application statistic view mode Options include By Class By Name By Detail or By Group Expand In By Class view mode if an application classes have sub classes use this button to expand and view the sub classes For group view expand button can expand the computer group or user group to view the computers or users within the group This button will turn grey and be disabled in detail view a Show Control number of records to display Options include All Top 10 Top 20 and Custom This button will turn grey and be disabled when selected by class mode and expand Table 4 1 Statistics Functional Buttons Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 33 In Application Statistic the startup time and working time are default collected statistical data Startup time means that the agent computer starts running after logging to Windows the working time means the operations of mouse and keyboard controlled by agent computer There are 4 modes in Application Statistics 1 By Class In this mode System Administrator can query the statistics by class The application class can be defined in Tools gt Classes Management gt Applications Using this mode can facilitate to
8. 2008 07 28 15 50 14 VPN TESTI Administrator Download details NET Framework http Awww microsoftcom dow 2008 07 28 15 50 03 YPN TESTI Administrator download netfx 2 0 Google H833 http Avww google com hk sean 2008 07 28 15 49 52 YPN TESTI Administrator Google Microsoft Intemet Explorer http Ave google com hk Figure 5 3 Web Logs Di Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 48 5 4 Document Operation Log Select Log gt Documents to view all document operation logs of the agents Document Operation Types Include create access modify rename copy move delete restore and upload send Table 5 8 Document Operation Log Document Operation Types Disk types Support Fixed Floppy CD ROM Removable and Network Table 5 9 Document Operation Log Disk Types Log Contents The document operation log contents include document operation Type Time Computer User Source Filename File size Path Disk Type Application and Caption Source Filename The file operated by agent computer user Path The details of file operation path When user copies moves rename the file the details of source and destination of the file path are also displayed Disk Type The location of the document which may be on the fixed disk network drive removable storage or CD ROM When user copies moves rename the file
9. Search Conditions Time and Range Input specified date time and range to filter the search result Type By default it is set to All also can select specified types startup shutdown login logoff Dialup Patched or Deployment Description Input any contents to query the target log support wildcard input Table 5 3 Basic Event Log Search Conditions 4 T Auch 3 Events Log Y Basic Policy Advanced Policy 2 Monitoring g Maintenance b Application Web Document Shared File Printing Removable Storage Asset Changes Daci ron Aro basic EVent Logs Di Operating Type Time Computer User Description Login 2008 08 25 17 12 36 TESTING TECLINKDEVELO TECLINKDEVELOPM administrator IPatch saming 2008 08 24 12 46 15 TESTING Patch sanning successfully D Patch scanning 2008 08 24 12 43 59 TESTING Begin to scan patch Logoff 2008 08 20 15 26 42 TESTING TECLINKDEYELO TECLINKDEVELOPM Administrator 8 Login 2008 08 20 14 56 32 TESTING TECLINKDEYELO TECLINKDEVELOPM Administrator Logoff 2008 08 19 14 52 22 TESTING TECLINKDEYELO TECLINKDEVELOPM administrator Login 2008 08 19 11 37 58 TESTING TECLINKDEYELO TECLINKDEVELOPM administrator Logoff 2008 08 18 20 10 56 TESTING TECLINKDEYELO TECLINKDEVELOPM administrator Figure 5 1 Basic Event Log 5 2 Application Log Select Log gt Applications administrator can view all applications start stop window change and titl
10. el 2008 07 03 17 04 37 TONY 192 168 0 156 it_mgr Account Login el 2008 07 03 17 04 31 TONY 192 168 0 156 Admin Account Logoff j 3 Administrator E 2008 07 03 17 04 28 TONY 192 168 0 156 Admin Operation Modify Type Panel ll 2008 07 03 17 04 28 TONY 192 168 0 156 Admin Operation Modify Type description el 2008 07 03 17 04 28 TONY 192 168 0 156 Admin Operation Modify Type E 2008 07 03 17 04 28 TONY 192 168 0 156 Admin Operation Modify Type El 2008 07 03 17 04 10 TONY 192 168 0 156 Admin Account Login 2008 07 03 17 04 06 TONY 192 168 0 156 itmg Account Lost el 2008 07 03 17 03 55 TONY 192 168 0 156 it_mgr Account Login el 2008 07 03 17 03 49 TONY 192 168 0 156 Audit Account Logoff el 2008 07 03 17 03 42 TONY 192 168 0 156 Audit Account Login El 2008 07 03 17 03 31 TONY 192 168 0 156 Admin Operation AddManager El 2008 07 03 17 03 31 TONY 192 168 0 156 Admin Operation AddManager el 2008 07 03 17 03 31 TONY 192 168 0 156 Admin Operation AddManager E 2008 07 03 17 03 31 TONY 192 168 0 156 Operation AddManager 5 Data Panel Manager name 7 Status bar Figure 14 2 Audit Console Interface The administrator panel lists all administrators and IP guard Console users the corresponding operation logs displayed in the data panel once the user selected from the administrator panel IP guard Audit Console provides print and export functions to reserve the useful logs also provide delete function to delete
11. 5 7 Removable storage Log Select Log gt Removable storage to view the log of all agent computers removable storage plug in and plug off actions Log Contents The removable storage log contents include Type Time Computer User Disk Type Volume ID Description and Volume Label Volume ID The volume ID is an unique ID of every removable storage device this data can also be found in Removable storage class Description The details information of the removable storage device Volume Label The name of removable drive Table 5 17 Removable storage Log Log Contents Administrator can input time and range removable storage name and operation type to filter the search result Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Removable Storage Specified the removable storage class for part of query conditions Select the button Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 53 EJ to specify the application class Operation Type By default it is set to All Specified removable storage type can be selected from the drop down menu including Plug in and Plug out Table 5 18 Removable storage Log Search Conditions 5 8 Assets Change Log Select Log gt Asset Changes administrator can view the asset change log of hardware and softwar
12. Command ultravne_S etup_1 O3R C6 exe Deploy Mode Install Run Mode Running on user s desktop File List Ordi File Name File Size Modified ultravne_Set 1876KB_ 2007 08 13 16 47 49 Copy to Command Line SS Figure 9 13 Deploy Package File Conditions Checkup conditions and Necessary conditions 1 Purposes of Checkup conditions and Necessary conditions Checkup conditions Only enabled under Install mode The checkup conditions are used for agent to check the required installation conditions Once satisfied agent will install the program automatically Necessary conditions Prerequisite checking before distributing programs or files Once satisfied all specified files or programs will distribute to agents Otherwise no actions taken Table 9 16 Purposes of Checkup conditions and Necessary conditions 2 Setting of Checkup conditions and Necessary conditions There are 5 types in checkup conditions File File Version RegKey RegValue and Installed software File Determine the file exists or not required to input complete path File Version Determine the file and its version required to input complete path RegKey Determine specified register key exists or not RegValue Determine specified register value exists or not Installed software Normally the installed software means that windows Control Panel gt Add Remove Programs Update By Ryan Lee La
13. Control Buttons Only enable under user mode select target user to check the device Remote Control Start Stop Select target service right click to select Start or Stop to control system service set Automatic Manual and Disabled Startup Type Select target service right click to select Startup Type There are three types can be Table 8 5 Service Controls 4 i T Audit 3 Events Log Y Basic Policy b Advanced Policy Monitorine l e Mainte gt Applications Processes Performance Device Manager Disk Shared Schedule Name Description Status Startup Type Log On As E Adobe LM Service AdobeLM Service Manual Local ystem Sy Adobe Version Cu Started Automatic LocalSystem Eg Application Exper Process application compatibility look Started Automatic LocalSystem Ey Alerter Notifies selected users and computers Disabled NT AUTHO Sy Application Layer Provides support for 21d party protoc Manual NT AUTHO So Application Mana Processes installation removal and en Manual LocalSystem SR ASP NET State Se Provides support for out of process se Manual NT AUTHO e Windows Audio Manages audio devices for Windows Manual LocalSystem Eg Background Intell Transfers files in the background usin Manual LocalSystem Figure 8 6 Remote Maintenance System Services 8 1 6 Disk Hi e Path A CAProgra CAProgra CAWINDC CAWINDC CAWINDC CA
14. E HKU CS intranet cs ko Ak 10 15 50 E Sina TV ty sina com hk 08 26 00 By Group E Google video google com 04 52 30 E vonlive www uonlive com 03 46 50 E Yahoo hk yahoo com 03 29 40 SI www ip gvard com 02 02 40 E camenhau homeip net 01 33 20 E Yahoo hk arch yahoo com 01 30 50 Figure 4 11 Web Statistics By Detail 3 By Group In this mode it analyzes the website and its percentage usage based on selected computer group or user group By default all statistical data is listed Computer All Y By Class gy Unclassified 67 05 00 By Detail Y CARMEN DESKTOP 55 43 30 Y TONY 11 21 30 Y TEMPO PC 00 00 00 YY CARMEN SAMSUNG 00 00 00 gh Total 67 05 00 Figure 4 12 Web Statistics By Group To query other web classes usage should be selected from Search Panel gt Classes field and click the button LJ the following windows will popup Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 38 Select Website Classes Website Class Unclassified E Search Engine E University Portal E Newspaper E Webmail Video Online Banking Online Radio Online Community F Online Mao Selected E Search Engine 5 Webmail video Ca Figure 4 13 Web Statistics Web Classes Selection Windows For example refer to above figure to get the statistics of Search Engine Webmail and Video web classes by specified co
15. General Webmail mail Ey Online Community Ey Online Map E Online Radio E Search Engine E University Portal E Video oT Figure 13 4 Website Classes Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 162 13 5 3 Removable storage Class Go to Tools gt Classes Management gt Removable storage to open the Removable storage Classes windows By default there is a class called Unclassified System administrator required to create classes manually There are two methods to gather the Removable storage information 1 From Agent All removable storages used by agent computers all information is collected and placed in Unclassified class System administrator can move them to another self defined classes 2 From Console System administrator can plug in any removable storages to a computer which installed with Console Select Operation gt Local Removable storage or click a the button to open Local removable storage disk information windows to see the connecting devices information If the icon e 7 it represents that that removable storage still not saved in the removable storage database an Set the removable storage class click this button to classify the connecting storage to self defined class Notes that adding remarks information to facilitate System administrator to review and identify the storage H Click this button to confirm and save the removable stora
16. OTD IP guard 3 User Manual v2 0 Copyright TEC Solutions Limited All rights reserved v2 0Rev20111208 Copyright Copyright Copyright 2008 TEC Solutions Limited All rights reserved No part of this document may be reproduced stored in a retrieval system transmitted in any form or by any means electronic mechanical photocopying recording chemical handwriting or otherwise or translated into any language or computer language without the prior permission in writing of TEC Solutions Limited Note The information in this document is subject to change without notice and should not be construed as a commitment by TEC Solutions Limited While every effort has been made to assure the accuracy of the information contained herein TEC Solutions Limited assumes no responsibility for errors or omissions TEC Solutions Limited assumes no liability for errors in this document or damages resulting from the use of the information contained in this document Table of Contents Table of Contents Chapter Page 1 Introduction of IP guard ANO er e EE 1 1 2 Major en 1 2 IP guard Installation ANE TEE A 2 2 Software Requirement ccccccccceceeeeeeceeeeeeeeseneeeseeeeeseeeeeeeeeesseaeeeseaeeseeaeeseneeeee 5 2 3 installation EE 5 2 3 1 Database Installati n EEN 5 2 3 2 Server and Console Installation 0 cece eee eee eee ee nono ron cnnnnannnnncans 7 2 3 3 Server Registration soen eee e
17. RunOnce will not be run Log off or restart is required for effective Network Modify Network Property Restrict user to modify the network property The button Properties will be disable in the LAN Status windows Display Network Places If the mode is block My Network Places will be hidden Log off or restart is required for effective Modify Internet Options Restrict user to modify Internet Options settings Default Netshare If the mode is block the default Netshare will be blocked Netshare If the mode is block the user cannot share folders or files Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 60 Add Netshare If the mode is block the user is not allowed to add Netshare IP MAC Binding Change IP MAC Property Using this option to prohibit user to change the IP settings Once the prohibited policy is set the current settings of IP MAC are saved If any changes found it will be resumed to reserved IP MAC settings if required to change IP the prohibited policy should be deleted first ActiveX Chat ActiveX Restrict user to use chat Activex Media ActiveX Restrict user to use Media ActiveX Generally this kind of ActiveX is applied for playing music or video on Internet Prohibit this option to stop user listening or watching online media Game Activex Some online games may requi
18. 30 ryanl teclink com hk Send test mail Application Policy Demo Teclink LJ J The relation between computer range and user range is or Icon Ej x Email Subject Max Alert Min Alert Level Send Interval To Send as attachment Unzip Password Alert Type Computer Range User Range Operation Create New Mail Report Setting Delete Existing Mail Report Setting The subject of mail alert notification Maximum Number of alert to trigger mail notification Alert Level which trigger mail notification Mail notification will send out in certain period Email Address which will receive the alert notification If there is multiple receiver address administrator can use 4 9 semi colon to separate Mail Notification can send out as attachment The attachment require password to unzip Set which module policy requires to send out mail notification Set which IP guard agent computer requires to send out mail notification Set which IP guard agent user requires to send out mail notification Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 160 13 5 Classes Management System administrator can set different classes including Application Class Web Class Removable storage Class Time Type Class Network IP Address Class and Network IP Port Class to facilitate the query statistics and policy s
19. 93 7 6 1 Screen Snapshot Viewer 93 Ke KE EU EE 94 76 3 Vie EE 94 7 624 Search Bal zeegt Seege n an in a Tee ee 94 VGD EXPONE ici iiss ahah ee a e Sade eras ceo Seth Sa 95 8 Remote Maintenance 8 1 Remote Maintenance NEEN 96 8 1 1 APplicatioNS caida dire E 96 D lg 97 8 1 3 Performances ege abi ica 98 8 1 4 Device Manager rasno iin ad eet E avila acini 99 B21 Deeg id a 100 8 1 6 Disk cuota rad he A Ee 100 De ocio Aa iii 101 821 8 Schedule ici ee i a 102 8 1 9 Usersiand Groups eebe hua eth cet ee Sh oe cee heen Sates een 103 8 2 Remote Control eii iade i ae eai iei ii 104 3 2 1 Remote Control 2 ici alas 104 3 2 2 Remote File Transfer nepunn inanon e eee 106 9 Assets Management 9 1 Assets Management ccoo ira air eesti 108 9 1 1 Assets Types and Property AE 108 9 1 2 Assets Classes Management 110 9 1 3 Hardware QUery ocioteca dt tia id keel ab dia Adin deed ts 113 9 1 4 Hardware Change ss seed 115 9 1 5 Software TEE 116 9 1 6 Software Chenge cocina 116 Table of Contents 9 1 7 Other ASSets cocina ia oi 116 9 2 Patches Management 117 9 2 1 Patch Meder eetensde sees EES EEN EEN ENEE 118 9 2 2 Computer Mode cositas aiii teta dr 119 9 3 Vulnerability CheckK 0 cocina eds 121 9 3 1 VulnerabilityMOdE cve circa Ge diatieai din dni eA SE 121 9 3 2 Computer Mode as 121 EEES EN O 122 9 4 1 Package Deplovment AAA 122 9 4 2 Task Distribution 4 23108 sche ee ea a inti ee in 127
20. Chapter 7 Monitoring P 94 7 6 2 Display Select Show gt Play to start to play the screen snapshot history gt Play the screen snapshot history continuously 00 Stop a Display the Previous capture Ai Display the Next capture Table 7 9 Screen Snapshot History Viewer Functional Buttons Except using the control buttons System administrator can also control the time line bar to point to the specified capture directly 7 6 3 View Menu From the menu bar the view menu includes Toolbar Status bar Original Size Fit to Window Full screen and Play Speed System administrator can select their desired options to meet their needs such as fitting the windows size or display in full screen mode Also there are 3 options in Play Speed Slow Normal and Fast It can be adjusted for playing the screen snapshot history 7 6 4 Search Bar According to the specified Application User Screen and Time line to display the matched screen snapshot history Application By default it is set to All To specify viewed application can select from the drop down menu Once selected only the specified application snapshot will be showed User By default it is set to All To specify the user can select from the drop down menu Once selected only the specified user snapshot will be showed Screen If agent side has more than one display card installed or a display card with multiple connected interfac
21. Configuration Name SSS res Send Server Info SMTP Server IP Port SMTP Account Password Send Server Info Send Mail Nickname Matched Mailbox Mailbox smtp teclink com hk 25 Fts ryanl teclink com hk admin Please input the email suffix collection in this field and separate each email suffix with a E G hotmail com gmail com Icon Sender Mail Display Name Matched Mailbox Matched Mailbox Proxy Setting Test Operation Email address which is used to send out the alert notification The title of the sender Mail Email Domain which allows send out the alert notification Email domain which allows send out the alert notification Administrator can set socks4 or socks5 type proxy server Administrator can check the mail server setting whether is correct or not Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 159 2 Mail Report Setting Administrator can set which receiver address to receive the IP guard mail alert via IP guard Console In IP guard Console Tools Mail Report Setting Mail Report Settings Report Settings E S Detailed Settings Name Name Mail Configurations1 Email Subject Max Alert Min Alert Level Send Interval Min To Send as attact Attachment Alert Type Computer Range User Range Mail Configurations1 IP guard Alert 10 Important
22. IP guard frequently checks Windows patches lt automatically downloads distributes and installs the patch to agents if new patch is found Also it scans for vulnerability frequently with analytical information and repair suggestions Software Deployment IP guard provides a simple way to distribute documents and deploy third party software to internal computers within the corporation to lighten the workload of administrator and enhance efficiency at the same time Update By Ryan Lee Last update v2 0Rev20120809 Chapter 1 Introduction P 3 Characteristics of IP guard include Powerful data compression archiving and viewing features Optimized data compress algorithm to ensure high efficiency data access Historical screen snapshot information is stored in the internal archive system of the server using a specialized compression format System administrator can backup the archived data to backup storage device Authorized users can search and view the historical data by selecting the target computer and its recording period Data Encryption Data transfer between workstation and server are encrypted using DES algorithm With this encryption technology data is protected from illegal data capture System Authentication Authentication is required for communication between server agent and console Agent workstation can only respond to authenticated server to prevent unauthenticated server connecting to the network to steal da
23. System administrator can use the Computer Management Console Tools gt Computers to check out the information The list contains the following information Name Computer Agent ID IP Address MAC Address Group of Agent First Appeared Time Last Appeared Time Agent Installed Version Number and Agent Installation Date Computers Management Condtion DESEN Ordinal Name Computer ID IP Address MAC Address Group of Agent Fi a DEMOAGENT1 DEMOAGENT1 66815 192 168 0 222 00 0C 6E D2 4B 7E 192 Unclassified 2 a VPN TESTING VPN TESTING 66818 192 168 0 10 D0 11 2F 72 41 C7 192 Unclassified 2 a TESTING TESTING 66820 192 168 16 1 00 1D 60 6F 5E 95 192 Unclassified 2 a SERVER SERVER 67371 192 168 0 22 D0 0C 29 18 E9 E4 192 Unclassified 2 lt License Figure 13 2 Computers Management Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 156 List of Computer Information Represents a license is granted to the agent If this icon not appears in the highlighted agent it means that it is over the licenses range No more available license can be granted to that agent Name The name of agent displayed in the Console Computer The computer name of agent ID Agent ID generated by IP guard IP Address Agent s IP address MAC Address Agent s MAC address Group of Agent Agents belonging group First Appeared The first appeared time of the agent Last Appeared
24. The update period of the screen snapshot could be configured in Tools gt Options gt Console Settings gt Information gt Interval of tracing frames seconds Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 92 7 5 Query Screen Snapshot History Select Tools gt Search Screen History to search the screen snapshot history Search conditions Begin End Date Query the screen snapshot history with specified begin and end date Name Query the screen snapshot history with computer name Support wildcard input e g TEC Then the resulting query will only include all screen snapshot history with computer name TEC IP address Query the screen snapshot history with specified IP address Either input a IP address or a IP address range e g 192 168 1 100 192 168 1 200 Table 7 7 Screen Snapshot Search Conditions Snapshot History Search Condition Begin 1 7 2008 Name or IP address Ordi Date T Computer Begin Time End Time File Name H 2008 07 15 CARMEN DESKTOP 0 00 00 03 00 40 15 200807150001000300000000 2008 07 14 CARMEN DESKTOP 0 00 00 00 23 59 48 200807140001000300000000 2008 07 13 CARMEN DESKTOP 0 00 00 05 23 59 40 200807130001000300000000 2008 07 12 CARMEN DESKTOP 0 00 05 54 23 59 49 200807120001000300000000 2008 07 11 CARMEN DESKTOP 0 00 00 31 22 09 35 200807110001000300000000 2008 07 10 CARMEN DESKTOP 0 00 00 14 23 59 59 200807 100001000300000000 2008 07
25. demo ipguard SQLDebugger vmware usr fTest VPN TESTINGS Built in account for Internet Informati This is a vendor s account for the Help Has all permissions from the user temp Has access to network printers shared Has all permissions from the mobile us Has unrestricted access to the server an This account is used by the server to p This account is used by the server to r This user account is used by the Visual VMware User Figure 8 10 Remote Maintenance Users and Groups Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 104 8 2 Remote Control 8 2 1 Remote Control Select target agent computer from the network tree then select Maintenance gt Remote Control or right click to select Control gt Remote Control There are 2 types of authorization methods for remote control agent user authorization and password authorization Agent User Authorization Select target computer select Maintenance gt Remote Control or right click to select Control gt Remote Control a popup windows from Console requests authorization from agent side see Figure 8 11 click Yes Then a popup window appears in agent computer to ask for authorization from remote side see Figure 8 12 If the agent user answers Yes System administrator can control the agent computer immediately from the Console IP guard Y3 Console 2 Remote control must have agent authority
26. the user should not be able to change the IP settings A Important Basic Policy Functions Only effective for Computer group settings The following functions are only effective for Computer group settings Change IP MAC Property System Restore and Netshare Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 61 6 3 Device Control Policy The device control policies support the followings Storage Communication Device Dial USB Device Network Device and other devices Storage Floppy Floppy Drive Control Cannot use floppy if it is prohibited CDROM DVD CD ROM Drive Control Burning Device The burning disks action but the device still can read Tape Tape drive Control Moveable Device Includes USB Flash drive removable drive memory stick smart card MO and ZIP drive control But not includes the device with IDE SCSI and SATA interface Communication Device COM COM Ports Control LTP LTP Ports Control USB Controller USB Controller Control SCSI Controller SCSI Controller Control 1394 Controller 1394 Controller Control Infrared Infrared device Control PCMCIA PCMCIA Card Control Bluetooth Bluetooth device Control MODEM Modem device Control Direct Lines Direct connection control between two computers using USB cable COM port or Serial cables Dial Dial up Co
27. 10 Intrusion Detection 10 1 Startup Intrusion Detectton canon cnn nan ccnnanncananccanns 129 10 2 Startup Intrusion Blocking cnn non nnccnnrr nan r cc r rra 132 10 3 Other Setting Funchons nn nrn cnn carac rca cria 133 10 3 1 Intrusion Detection Agent Gelectton rare nnn cnn 133 10 3 2 Pre defined Computer and Type 134 10 3 3 Search and Delete Computers 135 11 Removable Storage Management TErDISKENGYPU cda 136 11 2 Format Encrypted Disks into Non encrypted Disks AA 137 11 3 Removable storage Information nono nannnnnnnnninnnnaninns 139 11 3 1 Account Management 139 11 3 2 Removable Storage Log 140 11 3 3 Removable Storage Policy 141 11 4 Change Volume ID 142 12 Database Backup 8 Data Recovery 12 Database Ba kup DE 143 12 2 Using IP guard Console for Data Backup amp Review 147 12 2 1 Backups Manageme nt cocine ad dci 147 12 2 2 Schedule Backup iu csicscoccccccecesccsectncansscaseancetennsn ee ctecev cod nn seri esi eavaveasenveeas 151 12 2 3 Review Backup Data 152 13 Tools 13 1 AcCOUNt Mana SING ING osc scsess cee ceed sdes codes laicidad adan 153 13 2 Computer Management 155 Table of Contents TRSAT Message ies emite 157 13 4 Mall Report e 157 13 5 Glasses Management cistitis iio 160 Nk Ree lege r aliada 160 135 2 WED CLASS ss cs5a25 02s date as chscines cchictbecvay sepia E a a a a 161 13 5 3 Removable storage Class 163 13 5 4 Time Types Class rs 163 13 5 5 Network IP Address Cl
28. 11 27 33 N Modify 2008 08 05 11 27 29 Create 2008 08 05 11 27 29 sl Delete 2008 08 05 11 26 50 sl Delete 2008 08 05 11 07 45 N Modify 2008 08 05 11 07 14 Create 2008 08 05 11 07 14 5 6 Printing Log Computer Remote Host TONY TONY TONY TONY TONY TONY TONY TONY TONY TONY 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 192 168 0 11 Source filename msde_uperade_to_sqgl MSDE_uperade_to_ MSDE_uperade_to_ MSDE_uperade_to_ MSDE_uperade_to_ MSDE_uperade_to_ msde_uperade_to_sgl DE_uperade_to_ 0 DE_upgrade_to_SQ DE_upgrade_to_SQ Figure 5 6 Shared Files Log O Path 1192 168 0 1565HAREMestinsale_up W192 168 0 156 SHARE estiMSDE_x W192 168 0 156 SHARE estiMSDE_x W192 168 0 156 SHARE esttMSDE_x W192 168 0 156 SHARE estiMSDE_x 1192 168 0 156 5H4REMestiMSDE_1 1192 168 0 1565HAREMestinale_up 1192 168 0 156 SHAREWestr DE_9 1192 168 0 156 SHAREWestr DE_9 1192 168 0 156 SHAREWestr DE_9 Select Log gt Printing administrator can view the printing log of the agent including usage of local printer shared printer network printer and virtual printer Log Contents Caption and Application The printing log contents include Printer Type Time Computer User Printing Task Printer Name Pages Printing Task Printed document name Printer Name The printer used to print out
29. 29 3 5 2 Print and Print Preview iii ti 29 4 Statistics 4 1 Application Stat SOS e jae caia 32 42 Web Statistics near eaaa on aa e a O 35 SD EE E EE 39 5 Event Log 5 1 Basic Event Log c i85 tisk ri aa ee 44 5 2 Application Eog aie a E 45 5 3 Web 8 e BEE 47 5 4 Document Operation L g piitsa ane tations aettieh as 48 5 5 Shared HUH DEE 50 5 6 Printing Log BET 51 5 7 Removable storage Log 52 5 8 Assets Change Leger nd ed ees 53 5 9 Policy Ee BET 54 510 SystemiLOg iio ic 55 6 Policy 6 1 Policy Introductton nana cnn nrnannncancnns 56 6 2 Basic POM CY E 59 6 3 Device Control Policy 61 6 4 Application PollcY ccscteeiccnsted etnies aged ase spanned E 63 G25 WEB POI CY euer ec ea ss ees a sce ccc ageet dee bad ch wee ees Bb css ne Ha es cewek ee 64 6 6 Screen Snapshot Policy 65 6 7 Logging We UE 66 6 8 Remote Control Policy cocaina das 68 6 9 Alert Rolle eessen heelen te antes 69 6 10 Bandwidth Policy 70 6 11 Network Polley EE 71 6 12 Mail Kelte sg eege eva elie a sks no a 74 6 13 IM File POlICY eroa aeaee AAA nate alin 76 6 14 Document Operation Policy 78 Table of Contents EE Oe MT EN 6 16 Removable Storage Policy 83 7 Monitoring 7 1 Instant Message Monttortng A 85 7 2 EMall Mentoring ii io a ees cave ods ede Mae da afan 87 7 3 Real time Screen Gnapshot 89 7 4 Multi Screen Monitoring 90 7 5 Query Screen Snapshot History 92 7 6 View Screen Snapshot History
30. By Ryan Lee Last update v2 0Rev20120809 Chapter 14 Audit Console P 173 Chapter 14 Audit Console 14 1 Logon to Audit Console Audit Console major audits all IP guard Console System Administrators Users and logs all operations done by them in the Console such as Account Login Logoff when they create modify delete policies etc operations The Audit administrator can easily view that information in the Audit Console How to 1 Open the IP guard Console from Start gt All Programs gt IP guard V3 gt IP guard V3 Console 2 Logon into audit console using audit as logon name By default the password is blank S Login EN IP guard K Server 127 0 0 1 v Account audit Password cme Figure 14 1 Login Audit Console Update By Ryan Lee Last update v2 0Rev20120809 Chapter 14 Audit Console P 174 14 2 Audit Console Interface Audit console includes the title bar menu bar the Toolbar the administrator column the data panel searching panel and the status bar 4 Title bar Time Computer IP Address Manager Description Audit log 2008 07 03 17 08 08 TONY 192 168 0 156 Audit Account Login From E 2008 07 03 17 08 02 TONY 192 168 0 156 sales mer Account Logoff E 2008 07 03 17 06 51 TONY 192 168 0 156 sales mer Account Login E 2008 07 03 17 06 33 TONY 192 168 0 156 it_ mer Modify Policy Policy Ty E 2008 07 03 17 06 28 TONY 192 168 0 156 it mgr Modify Policy Policy Ty
31. Chapter 9 Assets Management P 117 Printer Buy date Printer Price all of these properties will show in the results Click the add button DI to enter the property s value one by one to record the Printer information Query Custom Asset After completing to add the asset and its properties System administrator can create query condition Select File gt New Query to set the conditions e g Printer Price gt 1000 and the result list includes Printer Model Printer Department Printer Buy date Printer Price The resulting query will only show the printer which the price is above or equal to 1000 9 2 Patches Management Patch Management function scans all patches status of all agent computers and based on the agent computer requirements to install patches automatically and manually to enhance the security Patches Scanning Download and Insiall The patches updater is running on the IP guard server it will automatically download and update the patch scanning file wsusscan cab This file will be downloaded to agent computer after the agent program installed in client computer at the first time Select Asset gt Patches to check the agent computers patches situation Also System administrator requires to set the download policies to download the patches to the server and then install patches to agent computer Agent computers base on the server settings to get the patches file and process the installation automatically Hints
32. ESFE RamBo UltraDiskPro Plug 2008 12 02 12 56 18 TECLINK teclink 344B 6F80 RamBo UltraDiskPro ES Plug In 2008 12 02 12 56 13 TECLINK teclink 344B 6F80 RamBo UltraDiskPro Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 141 11 3 3 Removable Storage Policy System administrator can apply removable storage policy to assign different rights to removable storages as shown in the following illustration Property Value Removable Storage E Xx Name Removable Storage Policy_1 Approved Time All Day a 88D8 3721 Only offline O Expiring Time lt Always gt Encrypt disk type Encrypt disk Read Iv Decrypt when Reading v Write Iv Encrypt when Writing iw Removable Storage Approved Cancel By Default Encrypted Disk Type is All including two types Encrypted Disk and Non encrypted Disk Select Encrypted Disk in the drop down list box which indicates that this policy is only effective for encrypted disks System administrator can limit the operation authorities of specified removable storage by checking the checkboxes of Read Decrypt when Reading Write and Encrypt when Writing For details please refer to Removable Storage Policy The use privilege of encrypted disks is the same as non encrypted disks Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 142 11 4 Change Volume ID in
33. EW irtual Machines 0 C Program Files Microsoft 0 Windows Small Business CAWINDO WSisystem32 c 0 C Program FilestExchsrwr O Exchange message tracking C web 0 CADocuments and Settings 0 Figure 8 8 Remote Maintenance Network Shares Control Buttons Only enable under user mode select target user to check the network shares status Remote Control x t Share Select target network share right click to select Delete share to delete the shared S Sessions Select this mode to check agent s shared files is being remote accessed by remote computers or not The information includes User Computer Type Open File Connect Time Idle Time and Guest see Figure 8 7 Select this mode to check the files operation details which are being remote SES accessed including Open File Visitor Locked and mode System administrator can select target file right click to select Close Open File or Close All Open Files Table 8 7 Shared Controls Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 102 on ZRS 4 T Audit 3 Events Log a Basic Policy Advanced Policy 2 Monitorine r E Maintenance b The Whole Network TN h Fiancial Applications Processes Performance Device Manager Services Disk Schedule Users and Groups gy IT ARE 8 y Unclassified id TL DEMOAGENTI User Computer Type Open file Connect Time Idle
34. ICMP System administration can add the specified Port range manually or selected from defined Network Ports class Direction The network bandwidth direction Traffic Sent means from agent to remote computer vice versa Total Bandwidth Traffic Sent Traffic Received Limited Speed To limit the bandwidth speed unit is KB s This is only enabled under Limited Traffic mode Table 6 9 Traffic Policy Properties If the mode is Limited Traffic with specified IP range port range and direction which is over the limited speed the agent will be temporarily stop to download or upload until the speed is lower than the specified limited speed If the mode is Ignore with no other actions specified the limited speed has no effective If the IP range port range are set and the user actions such as Alert Warning or Lock Computer are specified when the speed is over those actions will be invoked but the speed will not be limited 5 Requirements GC Set a bandwidth policy to control the Internet traffic Policy 1 Add a traffic policy to control the traffic Policy Name Limit the agent traffic Mode Limited Traffic IP range Internet IP port All Direction Traffic Limited Speed 20 k s 50 Requirement lt GC Set a bandwidth policy to prohibit FTP download Policy 1 Add a traffic policy to prohibit FTP download Policy Name Prohibit FTP download Mode Limited Traffic IP range All IP port
35. If the disk is successfully encrypted the icon will be ore It represents that the operation is not saved If saved the icon willbe ZZ 11 2 Format Encrypted Disks into Non encrypted Disks 1 Encrypted disks are only can be normally used in computers with IP guard agents installed When they are used in computers without agents installed a dialogue box will pop up to prompt the user to format them If YES is clicked the user will format them into non encrypted disks manually and the inside data will be completely deleted Disk is not formatted A The disk in drive J is not formatted Do you want to Format it now Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 138 2 Plug in any encrypted disks select Operation Local Removable storage to open Local removable storage disk information window to see the connecting devices information Administrator can format any encrypted disks into non encrypted disks Local removable storage disk information List of connecting removable storage i E Yolumn ID Description Volume Capcity Class Volume Lable Format as Normal disk Call 4934 B719 RamBo UltraDiskPro 248M Unclassified Select an encrypted disk this button will light up Click it to format the encrypted disk into a non encrypted disk Once succeed the disk icon will be and its volume ID will be changed too For console computers encrypted disks ca
36. Network Mail IM File Printing Time Name gt R Figure 3 15 Import Policies Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup 4 HM Audit b 3 Events Log Y Basic Policy qa Advanced Policy 2 Monitoring 1 A gt Traffic Network Mail IM File Printing Remoyable Storage Document Policy Time Name X All Day block jpg X AllDay block MP3 A Figure 3 16 Save Imported Policies A Important The imported type of policies must be as same as exported one otherwise the policies cannot be imported successfully 3 5 2 Print and Print Preview All data logs in IP guard Console can print out Select File gt Print to start to print your target data or select File gt Print Preview to preview the output before printing Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 32 Chapter 4 Statistics IP guard assists management people to evaluate staff s working performance according to the collected statistics reports on application usage Internet browsing and network traffic 4 1 Application Statistics Application statistics provide powerful statistical functions to focus on the computer daily operations and application usage to provide detailed records and complete analysis report The statistical data provides reference to managerial people to assess employees working behavior Select Statistic gt Application to q
37. Query conditions of Instance Property and Classific Property Same as query if a condition includes asset A s Instance property first the following conditions cannot include another Asset B s Instance properties all other Instance properties will be hidden automatically in this case only classific property conditions can be added for the followings input conditions Save Delete Query Settings To facilitate the query the settings can be saved after completing the conditions input In the Query windows input the Name and click this Save button to save the current query Select from the drop down menu to select the saved query Click this Delete button to delete the saved query Set Default Click this Set Default button to set the current query as default Next time when open the Asset Management windows the default query results will be displayed Table 9 6 Save Delete Query Settings Add Custom Property Value According to the previous example CPU Repair date set a query condition CPU repair date Not exist and the result lists include Computer Summary CPU Brief and CPU Repair date The resulting query shows that the CPU Repair date is empty If you want to add the Repair date click the CPU Repair date column the field becomes editable Now you can add the value one by one Ordinal Computer CPU CPU Repair dat Y SI Unclassified DEMO Intel R Celeron R CPU 2 666 Hz SE Unclassifi
38. Removable Storage 1 Login IP guard Console 2 Click the removable storage icon BS wa a TS sett di Advance Paicv iB monitorra GB Maintenance Ready 3 Click the Set Volume ID icon Local removable storage disk information List of connecting removable storage The Whole Network D 3 a dA Yolumn ID Er D875 8D68 Description Lenovo USB Flash Drive 492 M lt Remark Yolum Class Remarks Volume L Unclassified 4 You can generate the Volume ID Change Removable Storage Device ID You can change the removable storage device ID From here ps75 8065 Volume ID indomly Genere CANCEL Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Data Recovery P 143 Chapter 12 Database Backup amp Data Recovery The difference between Main Backup in the following Section 11 1 and Data Backup in Section 11 2 are The Main Backup refer to Section 11 1 can be used to recover the IP guard server in case of Database crashed or other accidents that caused the server cannot work properly or complete migration We strongly recommend to do complete full backup once after the server is in production stage since all computer and user groupings classes management policy settings etc are settled The meaning of Data Backup refer to Section 11 2 is to backup the data such as screen snapshot history document mail printing and key da
39. Removable storage Classes windows Third select Operation Local removable storage to open Local removable storage disk information windows to see the connecting devices information r If the icon is it represents that the removable storage is not saved in the removable storage database Local removable storage disk information EN List of connecting removable storage Jade __ voum Remarks Inform Yolume La eil 88D8 3721 RamBo UltraDiskPro 247 M Unclassified Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 137 Refresh local removable storage disk information manually an Classify removable storages When a removable storage is plugged into computers with IP guard agent installed at the first time P guard will classify the removable storage into Unclassified class by default Click this button to classify them into self defined classes Hi Click this button to confirm and save the removable storage information System administrator can classify disk add notes format and encrypt disk while saving de Click this button to format and encrypt the selected disk Once the selected disk is formatted and encrypted all saved information will be deleted and the disk can only be used in those computers with agents installed Caution 1 Encryption function is only valid for users who registered IP guard with register IDs Otherwise this button is gray and disable 2
40. Statistics Pie Chart 4 3 Traffic Statistics The Network Traffic Statistics help Network Administrator to quickly trace the network obstruction problems so that they can make the appropriate response measures to fix the problems Network traffic statistics include both sides of the communications network address ports and bandwidth such information help Network Administrators to view the current network status Select Statistic gt Traffic to view the use of network traffic The interface of Traffic Statistics is divided into 4 parts 1 Computer or User column 2 Statistical Data Panel 3 Chart Panel and 4 Search Panel see Figure 4 18 Computer A 4 Lay Audit 3 Events Log a Basic Policy a Advanced Policy 2 Monitoring E Maintenance gt Search E SJ The Whole Network gt x ely Unclassified Basic Application Web Traffic Time and Range A CARMEN DESK TOP c baii From s P CARMEN SAMSUNG gt e l mE na Y TEMPO PC Protocol All Total Y Intranet Total Intemet Total A Y TONY Y TCP 110 696 0B 696 a io 4 TCP 139 476 476 0B D z Y TCP 17152 33G 0B 33G Tia a TCP 80 256 66 0 M 246 D ath TCP 445 808 7 M 808 7 M DB All Day ei 4 TCP 8237 621 6 M OB 621 6 M 2 Range SS Ye TCP 443 4179M 0B 4179M f TCP 1433 3512M 0B 3512M The Whole Network ka Ak TCP 5900 302 4 M 156 9 M 1456M at TCP 3389 185 3 M 184M 166 9 M Traffic Y TCP 2322 1741M OB 174 1M
41. TCP UDP Mail Web and Network Share The classes All ICMP TCP and UDP cannot be added or amended their settings while others can add and amend Except the default classes System administrator can create port classes and input the target control ports manually All defaults port settings cannot be deleted or renamed however the manual added classes can be deleted or renamed Network Port Classes Classes ES Network Ports All TCP 25 ICMP TCP 110 TCP TCP 145 UDP Web Network share Figure 13 8 Network Port Classes Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 166 13 6 Server Management Select Tools gt Server Management System administrator can check the server information using Console including Basic Information Database file Directory and Disk Space Server Management Server Basic Information Startup Time 2008 08 08 10 33 54 Running 101 08 07 Communication 0 0 0 0 Database file Name Path Size Ma OCULAR3_Data C Program Files TEC IPquard3 OCULAR3_Data MDF 113664 KB A OCULAR3_DOC_Data C Program Files TEC IPquard3 OCULAR3_DOC_Data 3200 KB ACEH ANA DATAT make FD mo El Tl Inn IOLA ANS amr one anana 10m Directory Name Path Size Backups En 35976511 KB Mail E 35976511 KB Screen history ES 35976511 KB Patches of Micro C Program Files TEC IPquard3 KB 10917 KB Deployment C Program Files TEC IPquard3 SwD OKB Disk Space Volumn Fil
42. TCP 21 Direction Traffic Limited Speed 0 k s Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 71 6 11 Network Policy Network policy can effectively control the communications between agent computers and other illegal computers also some malicious network ports or download ports can be blocked to prevent the virus attack Notes that network policy is only effective for Computer group but not User group Policy Properties Direction 3 options Both Out or In Outbound and inbound relative to the agent computer i e if the agent computer takes the initiative to connect other computers it represents outbound Port Range By default it is set lt All gt the default settings include TCP 0 65535 UDP 0 65535 ICMP System administration can add the specified Port range manually or selected from defined Network Ports class IP Range Set the Remote IP address range By default it is set lt All gt System administrator can add the specified IP range manually or selected from defined Network Address class Remote is Agent Determine the remote connection computer is agent or not The following options are only enabled when this option is checked Belong to the same group The same group means the current agent belonging group here not included the parent group or the following subgroups Belong to the selected group The selected group means the control between agents and sele
43. Task Select any application from Application List right click and select End Task to stop the running application program Table 8 1 Application List Controls Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 97 8 1 2 Processes Select Maintenance gt Processes can check the agent s all real time processes including time CPU CPU Time Memory Virtual Memory Priority Handle Thread Count and Path File Name System Idle P System T smss exe Jesrss exe M winlogon exe M services exe lass ewe PID 320 376 400 448 460 Time Sess 2008 08 2008 08 2008 08 2008 08 2008 08 0 0 0 0 0 0 0 CPU 98 4 0 0 0 0 0 0 0 0 0 0 0 8 CPU Ti 391 01 16 00 14 11 00 00 00 00 00 09 00 25 53 01 18 35 00 08 38 Memory Virtual Priority 28K OK Lack 3172 K OK Normal 260 K 132K Normal 1604 K 2172 K Normal 6004K 10616K High 6660 K 6760 K Normal 28756 K 41136K Normal Figure 8 2 Remote Maintenance Process Filename PID Handle 0 3061 27 1247 632 567 1342 Thre Time Startup time of the process Path Details path of the process Other Other properties are like the processes running in Explorer exe their meanings are similar Table 8 2 Process List Contents Control Buttons Only enable under user mode see Figure 8 3 select target user to check
44. There are 2 types of authorization methods for remote control agent user authorization and password authorization which are same as Remote Control details please refer to Section 8 2 1 Remote File Transfer Interface It includes menu bar toolbar local and remote view panels and status bar Refer to the following figure 8 15 the left hand side panel is local view and the right hand side panel is remote view Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 107 TE Remote File Transfer TESTING DAR File Transfer View MAME O a Da D 0 0 Name Size Type Modified Size Type Modified Ba Ok mn EBEN 40957684 k Se XPD 93249260 k DE Ok y E Ok Se Data 0 385977656 k Ok 51199120 k Ok 192988812 k Ok File Operations Transfering file Local view is active Figure 8 15 Remote File Transfer System administrator can directly click the folder and access the following sub folders or select File gt Up to move up to previous level also the folder or file path can be input in the address bar directly Some basic file operations such as create rename delete are also available in this function File Transfer Local to Remote Select the target files folders from local and select the destination folder in remote side and then select Transfer gt Local to Remote the file will be transferred from local to remote immediately See the status bar to determine
45. VPN TESTI Administrator WinYNC exe D Program Files Ulta Y NC WinY C3 Start 2008 07 28 18 29 55 VPN TESTI Administrator sa lmangr exe D Program Files Microsoft SQL C3 Start 2008 07 28 18 29 55 VPN TESTI Administrator WinYNC exe D Program Files Ultra Y NC ze Cx Start 2008 07 28 18 29 55 VPN TESTI Administrator PRONoMer exe D Program Files Inte lNCSPROS C3 Start 2008 07 28 18 29 55 VPN TESTI Administrator Win NC exe D Program Files Ultra NC Win C3 Start 2008 07 28 18 29 54 VPN TESTI Administrator oylseryr exe D Program Files Microsoft SQL CA Stop 2008 07 28 18 22 35 VPN TESTI Administrator Win NC exe D Program Files UltraV NC Win C3 Start 2008 07 28 18 22 25 VPN TESTI Administrator sqlmangr exe D Program Files Microsoft SQL Cx Start 2008 07 28 18 22 25 VPN TESTI Administrator Win NC exe D Program Files Ultra NC Win Figure 5 2 Application Logs Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 47 5 3 Web Log Select Log gt Web administrator can view the web browsing log Web log supports different browsers including IE Firefox Netscape and Opera etc Log Contents Caption Website caption URL Detailed URL Table 5 6 Web Log Log Contents Hints Administrator can input time and range enter specific URL or web class and Window Title to filter the search result Input string support wildcard character Search Condi
46. all controls can only be done in Computer mode but not in User mode 3 4 1 Notification IP guard can send notification to a computer or a group Select Control gt Notify to notify the selected computer or group In Notify dialogue box enter the message and click Send to notify the target computer or group 3 4 2 Lock Unlock Computer IP guard can lock the computer or the whole group of computers to prevent users on the agent computer to use the keyboard and mouse in case of abnormal event happened Select Control gt Lock Computer to lock The locked computer will show that it is locked in its basic information Select Control gt Unlock to unlock the computer The target computer will once again be able to use the mouse and keyboard 3 4 3 Log Off Power Down Restart Computer Administrator can turn off log off restart any running agent computers Select Log Of Restart or Power Down from the Control menu he agent will execute the order immediately until the computer re started or logon again 3 5 Supplementary Functions In IP guard Console there are some other common functions that often used the followings introduced the detailed functions and descriptions 3 5 1 Export and Import Export Data In IP guard the data such as statistics event logs policies instant message contents emails and asset management all can be exported and saved as HTML Excel Text csv files Export Current Page In any event logs right c
47. and SQL Server 2005 is installed together with SP1 If IP guard server cannot startup properly please go to Windows Control Panel gt Administrative Tools gt Event Viewer gt Application Log to confirm the version of SQL Server MSDE Installation How to 1 Double click the MSDE setup file and then it will display a default path for file extraction please select a path and extract the setup files 2 Open the directory where the setup files extracted under the MSDE folder there is a file named setup ini Default content of setup ini Options Please edit the file by adding the follow line Options BLANKSAPWD 1 Save the setup ini after editing 3 Run the setup exe under the MSDE folder to start the installation 4 Run the SQL Server Network Utility Open a command prompt and type ca svrnet exe Make sure that Name Pipes protocol is enabled SQL Server 2005 Express Installation We recommend installing Express Edition with Advanced Service version Prerequisite 1 IIS 5 0 or above If your Windows does not install with IIS please go to Windows Control Panel gt Add or Remove Programs gt Add or Remove Windows Components to install IIS 2 NET Framework 2 0 Please go to Microsoft website to download NET Framework 2 0 x86 and install 3 Windows Installer 3 1 Please go to Microsoft website to download Windows Installer 3 1 and install How to 1 Download SQL Server 2005 Express Edition wit
48. and then press ocularat to open the agent tool ag Too x Operate Clear all policies Exit Figure 13 10 Agent Tool 2 Select Clear all policies and then click the Generate button 3 a window Check confirm code will popup the agent user is required to report the Operate Code to System administrator Check confirm code x input Operate Code 363202749555 Please tell administrator the operate code to generate Confirm Code Figure 13 11 Check confirm code 4 System administrator is required to login Console select Tools gt Agent Tool gt Confirm code generator to input the operate code reported from agent user and click Parse button to analyse the agent information Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 168 Confimm Code Generator Confirm Code Generator co You can generate confirm code of the agent Please input the operate code generated by agent S Agent Operate Code 363202749555 Operate code Agent ID 66820 Name TESTING Content Clear all policies Figure 13 12 Confirm Code Generator 5 System administrator is required to click Generate button to get the code generated by system Confirm Code Information Confirm code info Please tell the confirm code to agent it will You have generated confirm code successfully e complete the agent operation Confirm Code DO000000 Figur
49. are same as Sender Has attachments Control the email with without attachments If this option is checked it means the control is only effective for email with attachment If this option is unchecked it means the control is effective for all emails whatever the email has attachments or not Attachment Control the email with specified attachment name Input rules are same as Sender Mail size Control the email with specified size By default it is set to O which represents all Input the gt mail size with gt value for conditional control Table 6 11 Mail Policy Properties Mail Policy Example 1 lt A Requirements Some enterprises may limit the sender only allow staff using internal email account to send email others will be prohibited Policy 1 Add a Mail policy to block all emails Policy Name Block all emails Email Size gt KB Figure 6 11 Mail Policy Policy Example 1 1st policy Mode Block 4 T Audit 3 Events Log Y Basic Policy amp Advanced Policy dB Monitoring E Mainten Property vax i Property Value Bandwidth Network Emai IMFile Document Printing Removable Storage emm Block All emails Time All Day Mode Block Time Name Alert O X All Day Block All emails Waming O Lock Computer O Only offline O Expiring Time lt Always gt From To Subject Has Attachment O 0 Update By Ryan Lee Last update v2 0Rev20120809
50. create other user accounts to access P guard with different access rights Select from menu bar Tools gt Accounts System administrator can view the existing users or create new users Accounts Management Ej X General Authorities Computer Groups User Groups Name Description Type 2 e it_mar e marketing_mgr e sales_mar e fimancial_mgr Input computer name example pc 1 pc 2 Figure 13 1 Account Management ES Create user account also can input the Description DE Delete user account Notes that Admin account cannot be deleted Accounts Management has 4 settings including General Authorities Computer Groups and User Groups General Specify the type of account and login mode Authorities Specify the functions access rights of the account please read the following table for details Computer Groups User Groups Either to limit the management range in Computer Groups or User Groups if Computer Group is selected User Group cannot be selected or vice versa If Computer Groups is set to All User Group is also set to All by default Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 154 Functions Access Rights File Limit the operation rights on Computer tree or User tree such as create move rename or delete computers users Also limit the print and export functions Control Limit the agent control rights including Lock Unlock No
51. interval to refresh application list seconds is set to 2 the interval to refresh process list seconds is set to 2 the interval to refresh performance information seconds is set to 2 Remote control Default to lock remote computer s keyboard and mouse Default not to operate remote computer Alert Alert Dialog the max number item of showing logs in alert dialog is 500 Settings the option popup alert bubble is checked and the lowest alert level of popup bubble is set to Low if this option is enabled real time alert bubbles are popped up in the Console when policies invoked Table 13 11 Options Console Settings Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 170 13 8 2 Server Settings Patch Default Settings 1 Install patches on new agents automatically If this option is checked all new agents will install all downloaded patches Otherwise no patches will be installed on new agents default is unchecked 2 Download new patch automatically If this option is checked all new scanned patches will be downloaded automatically Otherwise the new scanned patched will not be downloaded default is unchecked Data Removal If any items are checked and input the Days for keeping range 5 180 days the data will only keep the latest specified days the older data which is out of the specified days will be deleted automatically the data ty
52. methods to specify the website 1 Direct Input In the Web Setting windows click the button to input either a complete URL e g www google com or wildcard input e g mail game etc 2 Select from Web Classes In the Web Setting windows click the button D and the Web Class Selection windows popup Check the web classes you want to control How to customize the Web Class please refer to Chapter 12 4 2 zm Requirement CC To control user not access prohibited websites System administrator can set a web policy to prohibit some websites or only allow accessing specified website The following policies only allow accessing specified websites Policy 1 Add a policy to block lt All gt websites first d Ma Audit 3 Events Lor By Basic Policy amp Advanced Policy GEE EE Property Value Basic Device Application Screen Snapshot Logging Alert ll Name Block all websites D e a P Time All Day ED Tf e y wW Mode Block Time Name Alert O Y AND Only allo ing C s internal website Y lay y Ke ompany s in websi W oO Block all websites Lock Computer O Only offline O Expiring Time lt Always gt Website lt All gt Figure 6 5 Web Policy Example 1 1st Policy Policy 2 Add another policy to allow specified e g defined internal web class website 4 3 Audit 3 Events Lor Y Basic Policy Advanced Policy z eae n Property Value Basic Device Application Screen Snapshot L
53. multiple inputs Backup before modify Backup files before modify This option is only enabled when Modify is checked Backup when copy out to Backup files when copy cut to specified disk This option is only enabled when Modify is checked Backup when copy out from Backup files when copy cut from specified disk This option is only enabled when Modify is checked Backup before delete This option is only enabled when Delete is checked Minimum Size gt KB Maximum Size lt KB If the above Backup options are checked the file size can specify to decide the file will be backup or not If out of the specified range the file will not be backup Application Specify the document operations done on application software Table 6 12 Document Policy Properties Document Operation Policy Example 1 Requirements 722 files Policy Settings Policy 1 Add a Document Control policy to block the operating types modify delete to specified network shared drive Policy Name Cannot modify delete network_path Mode Block Alert optional Warning optional Some important files folders from shared network drive are required to restrict not all users can modify or delete the Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy Operating types check modify delete Disk type Network File Name network_path
54. one of the email first the details will be showed at the bottom part Save emails Table 7 3 Mail Log Contents To save the email contents select the desired records press Ctrl for multiple selections and then right click to select Save As EML File to save the email contents in eml format If multiple records are selected each one will be saved in individual file Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 88 Search Conditions Type By default it is set to All To specify email type can select from the drop down menu Send Receive By default it is set to All Or either query send or receive only Email address Query specified email address Subject Query email with specified keywords input about the email subject Content Query the email contents with specified the keywords input e g mail The input contents will be highlight with red color in the results Attachment If this option is checked all email with without attachment will be queried If this option is not checked only email with attachment will be queried Attachment name Query email with specified keywords input about the attachment Size Query email with specified email size range Table 7 4 Mail Search Conditions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 89 7 3 Real time Screen Snapshot System administrator can monitor and trac
55. or IP guard is required to install on a new server the last Checkcode must be input after the re installation completed Otherwise those existing agents could not be connected to the new setup server because their checkcode are not matched In this case all agents must be re installed a If agents not appear in the Console please go to IP guard Console gt Events Log gt System to check whether it is checkcode error or not 2 3 5 Server Log To examine the IP guard server activity in details please go to Windows Event Log System Administrator may use the information to analyze the server problems Checkcode Service Start Service Stop Refresh service v Auto start service when OS starts Exit Je 12 49 Pr Figure 2 5 View Event Logs How to Right click the Service Manager popup menu Tools gt Event Log Click the Application from the left hand side panel of the Event Viewer to check the OSERVERS process logs including the startup stop or error status of oserver3 exe 2 4 Agent Deployment There are three installation methods to install agents Direct Remote and Logon Script Installation methods Depends on the deployment environment system administrator can choose either one for the agent deployment 2 4 1 Direct Installation To generate executable agent program on IP guard server Start gt All Programs gt IP guard V3 gt Agent Install Generator showed as following
56. query defined application usage Details refer to Chapter 12 Section 12 4 1 To choose this option click the Mode button and then select By Class By default it shows all statistics of defined application classes each record contains the following details Class The name of application class defined in the Application Class Management Time The total usage time of that particular application class Percent The total percentage used by particular application class Class Running Time Working Time Microsoft Office IM Intemnet Browser Z Windows Application 2 By Name Table 4 2 Statistics By Class Time 19 25 50 04 42 20 01 48 30 01 12 50 00 57 20 00 21 50 Figure 4 2 Application Statistics By Class Percent 100 38 4 25 8 20 3 717 e eo In this mode it lists in the order of all statistics of application usage with application executable name usage of time and its percentage of selected computer group or user group To choose this option click the Mode button and then select By Name Application Running Time Working Time 7 WIN WORD EXE T menmsgr exe T iexplore exe Explorer EXE IOC opene exe OUTLOOK EXE EXCEL EXE Figure 4 3 Application Statistics By Name Time 20 39 40 05 01 50 01 23 40 01 14 00 01 08 10 00 18 30 00 14 00 00 12 50 00 11 00 Percent 100 27 7 24 5 22 6 6 1 46 43 3 6 By
57. should tell the Confirm Code to the agent user Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 18 6 Once the agent user gets the Confirm Code input it in the field of Confirm Code to process the un installation immediately A Important a Notices that only uninstall agent not exactly delete the agent as the agent license has not been released indeed according to the above methods 2a and 2b If you only uninstall the agent you will find that the agent still appearing in the IP guard Console i e The Whole Network tree and its icon displayed in dark gray color To delete the agent completely after uninstalled 1 Go to IP guard Console gt Tools gt Computers select the agent from the list that you want to delete completely 2 Click Delete button This action implied that the agent completely deleted and removed from IP guard Notices that if you only click the Uninstall button this action implied that the agent will only be uninstalled without releasing the agent license To check the agent is deleted completely or not E The agent will not appear in The Whole Network Tree a Go to IP guard Console gt Tools gt Computers the agent should not be listed and the total number of licenses should be decreased Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 19 Chapter 3 IP guard Startup 3 1 IP guard Console 3 1 1 Logon Console
58. the audit data Functions Print Print Preview Select from File gt Print Print Preview to print the current log page Export Select from File gt Export to export the audit log or right click from the Data Panel to select Export gt 1 Records of Current Pages 2 All Matched Records Delete Select from File gt Delete to delete the audit log or right click from the Data Panel to select Delete gt 1 Selected Records 2 Records of Current Page or 3 All Matched Records Table 14 1 Audit Console Common Functions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 14 Audit Console P 175 14 3 Using Audit Console Audit Log Time Recorded time for corresponding operation Computer Logon Computer Name IP Address Logon Computer IP Address Manager Administrator Account Name Description Descriptions of the operations done in IP guard Console by Administrator Table 14 2 Audit Log Audit Query Date Range For the designated date range the default start time and end time are not clicked that is all log data are searched and display as results To specify the date range click the start time and end time Icon Descriptions 4 Select the date as the start time from the calendar k Select the date as the end time from the calendar Restore to default setting Manager Name Search with specified administrator Description According to the description of the audit log information to query spec
59. the original logon script Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 15 ff Logon Scripts Manager 3 0 806 BME ES User list O E zhangwei USER Domain Users O E yinping USER Domain Users OE yanck USER Domain Users DIE wuh USER Domain Users OR won IPGLgn V3 exe USER Domain Users O wucl USER Domain Users O wenhui USER Domain Users DIE wangy USER Domain Users O wangyan USER Dornain Users O e wangliang USER Domain Users Oftest IPGLgny3 exe USER Domain Users DIE renbo USER Domain Users OE print USER Dornain Users DIE panby USER Dornain Users DIE many USER Domain Users OE uoma USER Domain Users OE liuro USER Domain Users OE lijm USER Domain Users DE unn USER Domain Users D kuanojun3 ADMIN Domain Admi O kuangjun2 USER Domain Users DIE kuanojun USER Domain Users DE krbtat USER Domain Users WHET OE jianozb USER Domain Users O nuyu Domain Users S D Remove Scripts Unset Scripts Refresh List Close Figure 2 7 Logon Script Manager Functionality Set Scripts Add our installation command in logon scripts of selected users Unset Scripts Delete our installation command in logon scripts of selected users Refresh List Rescan user list Remove Scripts Set selected users as having no logon script It will not delete logon script Close Exit the program Table 2 5 Logon Script Manager Functional Buttons A Imp
60. with specified matrix size Next matrix of computers will be updated after a period of time Functional Buttons First page of screen matrix Previous page of screen matrix Next page of screen matrix Last page of screen matrix Us US Full screen mode to display one or multiple screen snapshots Double click one of the screen snapshot to view it individually Press ESC on the keyboard to resume to windows mode Specify the required monitored computer or computer group Close to exit the Multi screen viewer ZU Table 7 6 Screen Snapshot Viewer Functional Buttons Lock Function You could lock on one of the screen of a computer by using the lock on function Right click on the target computer screen snapshot and then select Lock When the screen is locked the background of the title of that screen snapshot will change to yellow Once the screen is locked it will stay right here even the screen switch to next group after a period of time If you want to release the screen click the Lock button again to release the screen IS Multi Screen Monitoring HA pe D 2 x2 Figure 7 4 Multiple Screen Monitoring Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 91 Screen Snapshot information When mouse moves to one of the snapshot it will display the agent information including Computer name IP address User and online status Refresh Interval Setting
61. wusetup exe wuauclt exe nsum exe NSCM exe wmsperfmon exe nspm exe NSPMON exe DWTRIG20 EXE WinYNC exe vinnetdhep exe vmnetdhep exe vinserverd Win32 exe vinserverd Win32 exe vmware exe vmnat exe vmnat exe vmware authd exe vmware authd exe DoR Description Yahoo Messenger Tray WMDM PMSP Service WLLoginProxy exe WinRAR archiver Windows Update Setup Windows Update Automatic Updates Windows Media Unicast Service Windows Media Station Service Windows Media Services Perfmon Mod Windows Media Program Service Windows Media Monitor Service Watson Subscriber for SENS Network N YNC server for Win32 VMware VMnet DHCP service VMware VMnet DHCP service VMware VirtualCenter Agent VMware VirtualCenter Agent VMware Virtual Machine Console VMware NAT Service VMware NAT Service VMware Authorization Service VMware Authorization Service Application Classes Figure 13 3 Application Classes Number 202 System administrator can create different classes and classified the applications from Unclassified into customized classes New class Sub class can be created under a class Select Operation gt New or under the Application Classes tree right click to New a Move to multiple selections Select Operation gt Move to or using drag and drop method to move the application from Unclassified to specified customized class Press Ctrl button for Update By Ryan Lee Last update v2 0Rev2012
62. 0622 Information Shrinking the database OCULAR3 Information Finished deleting files which were backuped in folder Folder Q IP guard Backup SCREEN Information Began to delete files which were backuped Folder Q IP guard Backup SCREEN Information Finished deleting records which were backuped in table SCREEN_FRAME Figure 12 10 Backup Task Details 3 Inthe Database Backup windows the following settings should be set a select the required date range start time and end time b select the required backup data including major IP guard key data compulsory document optional email optional and screen history optional c Ifthe option Delete the data after completion of the data backup is selected the files document email and screen history saved in IP guard server will be removed automatically Otherwise those data will remain at the IP guard server root folder d The size of the database will not be shrunk even after the data mentioned in b are backup If required to release the space of database you should select the option Release the database space it may take longer time to complete the action Otherwise the database will not be shrunk automatically e Select the backup path f Click the button OK to confirm Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 150 Create Backup Task You can create new backup tasks amd specify the data
63. 0809 Chapter 13 Tools P 161 Search Select Operation gt Search can search specified application programs and class location Input by application name file name or descriptions Table 13 6 Application Classes Management Operations A Caution About Unclassified and Windows Applications classes Unclassified and Windows Applications classes cannot be deleted and create sub classes 13 5 2 Web Class Go to Tools gt Classes Management gt Websites to open the Website Classes windows By default no class is created System administrator required to create classes and identity manually The websites identity supports wildcard input New Website Class Select Operation gt New gt Website Class and rename the class Can create sub classes under a main class New Website Identity Select Operation gt New gt Website Identity and input the name and website address The website address can be complete URL or wildcard input e g sina mail game etc Search Select Operation gt Search or click the button to search the specified website belonging to which classes or determine the website address or classes exist or not Table 13 7 Website Classes Management Website Class Operation View Bx Website Class Name Website Ey Famous Portal Yahoo Mail mail yahoo D Forum Hotmail hotmail E Newspaper Google Mail mail google E Online Banking
64. 09 CARMEN DESKTOP 0 00 00 03 23 59 57 200807090001000300000000 2008 07 08 CARMEN DESKTOP 0 00 00 10 23 59 48 200807080001000300000000 2008 07 07 CARMEN DESKTOP 0 00 00 03 23 59 54 200807070001000300000000 2008 07 06 CARMEN DESKTOP 0 00 02 47 23 59 48 200807060001000300000000 2008 07 05 CARMEN DESKTOP 0 00 00 03 13 08 34 200807050001000300000000 2008 07 04 CARMEN DESKTOP 0 00 00 08 23 59 48 200807040001000300000000 2008 07 03 CARMEN DESKTOP 0 00 00 15 23 59 53 200807030001000300000000 E KRG K EN CARMFN NFSKTAP n 14 48 53 27 50 50 ANNAaNTNANNAN AAASAAAAAANAN G lt Figure 7 5 Snapshot History Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 93 History Log Properties The log information include Date Computer Session Begin Time End Time and File Name Date The recording date of the screen snapshot history Basic unit is Day a file is used to store one day snapshot history Computer Computer name for corresponding screen snapshot history Session If only one user logon the session ID is 0 The second logon user the session ID is 1 Every session ID would have its own file to store the snapshot history Notes that the first user logon session ID is 1 under Windows Vista Begin End Time The start and end time of snapshot history File Name The file name shows as lt SQLs it represents that the screen snapshot data is stored inside the SQL server If the screen snapshot
65. 18 20 32 0 LSTDESIGN Administrator 2008 06 21 10 12 02 0 E teclink 2008 06 24 16 19 55 2008 06 25 18 20 37 0 TECLINKDEVELOPM Administrator 2008 06 26 16 10 44 2008 06 26 16 20 58 2 TECLINKDEVELOPM Wemo 2008 06 21 10 11 26 0 TECLINKDEVELOPMtipgvard 2008 06 21 10 11 26 0 Figure 3 13 User Basic Information Expended Information 3 3 2 Grouping By default all new installed agent will be grouped into Unclassified group To facilitate the computer user management System administrator can create some groups and classify them into target groups New Groups Computers and users are displayed in the console tree Groups can be set according to the actual situation Then assign users and computers into different groups From computer groups and user groups of the Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 28 console computers and users under the group can be managed Select the whole network or any group select File gt New Group will add a new group in the console tree and allow administrators to name the new group Administrator can define multi level groups for the organization The operation of user group is identical Assign to group or changing groups To assign a computer or user to a group we can select the computer or user select File gt Move to and choose the target group Then the computer and user will be moved to the selected group Alternatively we can also
66. 1P Ranges Y TCP 8236 152 4 M 74M 1450M TCP 1218 1498 M 1498 M 0B Al Intranet Internet AL TCP 27383 541M OB 54 1 M 4 TCP 13826 53 0 M 0B 530M Port Range TCP 24936 521M 0B 52 1 M vg S di sli gj Le IW Bar Chart vax 10 e MA Tcr 110 4 9 WW 1CP 139 8 3 P 1Cp 17152 7 E Iran 6 DW CA i MM TcP 8237 3 E CA 2 E 1cp 1433 1 E TcP 5900 TCP 3389 Computer 8 User Intranet Intemet Ready The Whole Network 2 4 carmenhau homei Figure 4 18 Interface of Traffic Statistics Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 40 Function Button Mode Administrator can select different traffic statistics view mode By IP By Port By IP Classes By Port Classes By Computer IP Classes or By Computer Port Classes CL Direction Traffic directions Total Sent or Received Expand In by IP classes or by Port classes view mode if IP Port classes have sub classes use this button to expand and view the sub classes In By Computer IP classes view or By Computer Port classes view expand button can expand the computer group to view the computer detail within the group This button will turn grey and be disabled in IP Port detail view CL Show Control number of records to display Options include All Top 10 Top 20 and Custom This button will turn grey and be disabled when selected by class mode and expand Table 4 4 Traffic Statistics Fu
67. 2 1 Basic System Architecture of IP guard Server functions Search the network periodically manage all the computer with Agent installed and send policy settings and commands to Agents Collect Agent data and save it to the database Backup log history Provide convenient log history management such as reading archiving and searching Console functions Real time screen capturing on agent computer Single or multiple real time screens monitoring able to display screen snapshots of multiple targets at the same time Set up monitor and control policy Play screen history saved in the Server database Search screen history by designated computer on designated date Agent functions Collect and save data periodically Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation PS Send the collected data to the Server periodically Respond to the real time screen snapshot capturing request from Console Control the operation of the user and computer according to the system policy 2 2 Software Requirements Module System Requirement Database SQL Server 2000 SP4 or above SQL Server 2005 SP1 or above MSDE SP4 SQL Server 2005 Express Server OS Win2000 SP4 XP SP2 2003 SP1 Vista Minimum Pentium III 500 256MB 10GB Hard disk space Recommended Pentium 4 2G 512MB 50GB Hard disk space Console OS Win2000 SP4 XP 2003 Vista Minimum Pentium 166 64MB 10MB Hard disk space Re
68. 40 T E intranetes hku hk 00 13 30 ao Y E www google com hk 00 08 00 El www ip guard com 00 07 50 me DN El www ppshk com 00 05 20 All Day v E www cscmu edo 00 04 40 E E en wikipedia org 00 04 10 SI dictionary yahoo com 00 02 50 The Whole Network C E www sundayprinting com 00 02 00 E hk yahoo com 00 01 30 Web E mail google com 00 01 20 E sundayprinting com 00 00 50 Classes E hk news yahoo com 00 00 40 3 E login live com 00 00 40 www fruity mix com 00 00 40 r EEE EEN Y Pie Chart vax 4 1 HB www google com E intranets ku lk E ww google comhk 3 ww ip guard com RW www ppshkcom MA vww cscmv edo E enwikipedia org O hi dictionary yahoo com www sundayprinting com y Computer 8 User ee Ready The Whole Network 2 4 carmenhau homek Figure 4 9 Interface of Web Statistics Function Button Mode Administrator can select different web statistic view mode Options include By Class By Deiail or By Group 8 Expand In By Class view mode if a web classes have sub classes use this button to expand and view the sub classes For group view expand button can expand the computer group or user group to view the computers or users within the group This button will turn grey and be disabled in detail view CL Show Control number of records to display Options include All Top 10 Top 20 and Custom This button will turn grey and be disabled when selected by class mode and exp
69. 5 16 Printing Log Search Conditions d T Audit 3 Events Log Y Basic Policy b Advanced Policy es Monitoring GG Maintenance b Basic Events Application Web Document Shared File Removable Storage Asset Changes a sl Printer Type Time Com User Printing Task Printer Na Pages Caption ES Shared Printer 2008 08 26 12 35 48 TONY Admin Status report 2008 192 1680 1 25 Sy Virtual Printer 2008 08 26 12 35 31 TONY Admin Microsoft Word FinePrint 2 Status_report_20080 a Shared Printer 2008 08 26 11 27 35 TONY Admin Microsoft Word 192 168 0 1 Leave Application_4 2 Shared Printer 2008 08 26 11 23 15 TONY Admin Status report_2008 192 168 0 1 FinePrint 2 A 1 CA Virtual Printer 2008 08 26 11 22 11 TONY Admin Microsoft Word FinePrint 2 Status_report_20080 C Virtual Printer 2008 08 20 15 29 24 TONY Admin Microsoft Word Adobe PDF 3 End point Security d C Virtual Printer 2008 08 20 11 22 01 TONY Admin Microsoft Word I Adobe PDF 7 IP guard_MSDE_up C Virtual Printer 2008 08 20 11 22 01 TONY Admin Microsoft Word I Adobe PDF 13 IP guard_MSDE_up C Virtual Printer 2008 08 18 15 56 32 TONY Admin Microsoft Word Adobe PDF 3 Web Management d C Virtual Printer 2008 08 18 15 54 47 TONY Admin Microsoft Word Adobe PDF 3 Web Management d Sy Virtual Printer 2008 08 18 15 43 08 TONY Admin Microsoft Word Adobe PDF 2 Web Managementd Figure 5 7 Printing Log
70. 7 04 13 11 40 46 E sn Mes xyz test2 Henry Ho 2007 04 13 10 32 41 2007 04 13 10 33 34 5 MSN Mes xyz test2 Henry Ho 2007 04 12 17 27 31 2007 04 12 17 27 36 EE YaHoo xyz teclinktest Henry Ho hokk 2007 04 12 16 32 17 2007 04 12 16 32 38 3 YAHOO xyz teclinktest Ho Henry hokk 2007 04 12 16 00 01 2007 04 12 16 26 12 62 MSN Mes xyz test Henry Ho 2007 04 12 14 48 47 2007 04 12 16 05 36 1 MSN Mes xyz test2 Henry Ho 2007 04 12 12 40 50 2007 04 12 12 57 46 ls lt Figure7 1 Instant Message The Instant Message log includes IM tools Computer Local user Contact User Begin Time End Time no of Statement and the Instant Message contents IM Tool Show which IM tool is used Computer Show the computer name Local User Show the IM login account Contact User Show the another chatting party s user account Begin Time Show the start time of chat End Time Show the end time of chat Statement Show the total numbers of chat statement IM Content Show the details of IM contents with recorded time Table 7 1 IM Log Contents Save IM Contents To save the IM contents select the desired records press Ctrl for multiple selections and then right click to select Save As HTML File to save the IM contents in htm or html format If multiple records are selected each one will be saved in individual file Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 86
71. 8 it indicates that IP guard server is still in initial stage not completely running In this case please wait until the color of the icon changed to a If the status of the Service Manager is 8 it indicates that IP guard server is stop In this case right click Service Manager gt Service Start to start IP guard server 3 1 2 Change Password You can change password to prevent others using your account to login to the system and perform illegal operations Logon to the Console select Tools gt Change Password see Figure 3 2 In Change Password dialogue box input the old password the password is blank for the first time Then enter New Password In Confirm field re enter the same new password to make sure the new password is entered correctly User can only change password of the current login account The new password will be activated after it is saved in the server module Change Password Account Old Password New Password Confirm Figure 3 2 Change Password Windows 3 2 Using IP guard Console After login to the console user will see the following user interface see Figure 3 3 The user interface consists of menu tool bar status bar and main area The left side of the main area is the console tree of computer group and user group on the network The right side of the main area is the data view Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3
72. 8237 TCP 443 TCP 1433 TCP 5900 TCP 3389 Intranet 20 OUUUHRRURRR Figure 4 26 Traffic Statistics Pie Chart A Important Traffic statistics can only be applied to computers mode It does not support in user mode Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 44 Chapter 5 Event Log IP guard log the all operation logs from agent computers including user logon logout application log web log document operation log shared document log printing log removable storage log asset changes log etc There are some common functions provided in each log for example after selecting one of the log records right click to select Print Print Preview Export Delete View Screen History and Property Common Log Function Print Print Preview Every page log can print review and print out Export Export the current or selected page logs to HTML CSV XLS format There are two options Records of Current Page and All Matched Records Delete Right click to select Delete from the log to delete the target log There are three options Selected Records Records of Current Page and All Matched Records View Screen History System administrator can view the corresponding screen history of the log Select one of the log records right click to select View Screen History the corresponding screen history will display in the viewer If no Screen Snapshot policy
73. 9 54 TESTING TECLINKD mms3270 d11 312KB C Program Files Comme Y Access 2008 08 13 14 49 54 TESTING TECLINKD mms3270 d1 312KB C Program Files Comme y Modify 2008 08 11 12 59 01 TESTING TECLINKD IP guardv3 0_In 6 455KB C Documents and Settin zg Delete 2008 08 05 11 28 28 TESTING TECLINKD made upgrade t 570 KB 192 168 0 156 sharettes E Copy 2008 08 05 11 28 24 TESTING TECLINKD MSDE_uperade 570 KB CiDocuments and Settin E Delete 2008 08 05 11 20 02 TESTING TECLINKD msle_upgrade_t S70 KB 192 168 0 156 share tes E QCopy 2008 08 05 11 19 59 TESTING TECLINKD MSDE_upgrade S70 KB CADocuments and Settin E Delete 2008 08 05 11 19 47 TESTING TECLINKD temp DER cWocuments and setting e Restore 2008 08 05 11 19 44 TESTING TECLINKD temp DER c documents and setting el Restore 2008 08 05 11 19 44 TESTING TECLINKD test DER c documents and setting z Delete 2008 08 05 11 19 19 TESTING TECLINKD made uperade t 572 KB 192 168 0 156 share tes Create 2008 08 05 10 59 34 TESTING TECLINKD share on 192 16 DER cWocuments and settings Figure 5 5 Document Operation Log 5 5 Shared File Log Select Log gt Shares administrator can view log of shared files in the agent that had been operated by others Logged operations include create rename modify and delete Shared File Operation Types Include create modify rename copy delete BUT access copy and move operations not supported Ta
74. Active Time The last active time means the recorded time of the last activities of the logon user done in Windows Table 3 7 User Basic Information Fields Descriptions If the user logons to different computers using the same account all information about the logon computers and logon time will also display below the Last Logon Computer see Figure 3 11 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 27 Name Last Active Time Last Online Sessions e Administrator 2009 06 22 14 27 55 2009 06 22 14 28 13 2 e Toshiba 2009 06 22 14 28 39 2009 06 22 14 29 01 1 Figure 3 11 Same user account logons to different computers 4 User Group Basic Information Select a user group will display all user status under the selected group including user name last online time last active time and number of computers login see Figure 3 12 Name f Last Active Time Last Online Sessions EB Test Administrator 2009 06 22 14 29 39 2009 06 22 14 30 02 0 e Toshiba 2009 06 22 14 38 49 2009 06 22 14 39 05 S23 Unclassified 8 corion 2009 06 17 17 57 35 0 e Ryan 2009 05 25 10 33 19 0 Figure 3 12 User Basic Information User Group If The Whole Network selected IP guard Console displays all user groups Click the 3 button can view all users belonged to that group see Figure 3 13 Mame Last Active Time Last Online Sessions Unclassified Administrator 2008 06 23 17 36 57 2008 06 25
75. Are you sure to request for authority Agent s desktop will pop up dialog for requesting authority Figure 8 11 Console requests authorization from agent side Remote Control x 0 Do you allow Admin from 192 168 0 156 TONY control your e machine remotely Figure 8 12 Ask for authorization from remote request Password Authorization Select target computer select Maintenance gt Remote Control or right click to select Control gt Remote Control a popup window see Figure 8 13 appears in the Console to request to input the password If the password is correct System administrator can control the agent computer immediately Otherwise the control is ended Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 105 Password Ask Authorization Figure 8 13 Input password for remote control The method to preset the password from agent computer is Press cirl alt shift ocularrm from the keyboard then a popup window see Figure 8 14 would appear in the agent computer input the password twice to confirm Remote Control Password x Password Password Confirm Cancel Figure 8 14 Set remote password in agent computer To protect the agent users against the preset password method System administrator can set a policy in Remote Control Policy to force all authorizations must be granted from agent users even the agent computer has set the passw
76. B IP 0 06B 1459 Add 2008 08 23 23 35 58 CARMEN Software Changes QOS eR Hh 159 Add 2008 08 23 23 31 46 CARMEN Software Changes QOS BEARS ee Delete 2008 08 20 17 57 17 CARMEN Hardware Changes Generic DVD ROM SCSI CdRom De z Add 2008 08 20 17 56 52 CARMEN Hardware Changes Disk drive 238GB USB s Add 2008 08 20 17 56 47 CARMEN Hardware Changes Disk 2 Partition 0 z Change 2008 08 20 17 56 42 CARMEN Hardware Changes N 0 0GB IP 0 0GB gt Q NTI zer Delete 2008 08 20 17 56 12 CARMEN Hardware Changes D346PRT SCSI Controller 5 Add 2008 08 06 16 46 21 CARMEN Software Changes Hong Kong Toolbar 3 2 0 0 45 Add 2008 07 27 12 55 14 CARMEN Software Changes Intemet Explorer 1 Delete 2008 07 27 12 49 47 CARMEN Software Changes Intemet Explorer 15 Add 2008 07 21 11 34 16 CARMEN Software Changes MSNShell 4 Figure 5 8 Assets Change Log Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 54 5 9 Policy Log Select Log gt Policies administrator can view the log trigger by policy setting Log Contents The policy log contents include Alert Level Time Computer User Policy and Description Alert Level There are three alert levels Low Important and Critical The alert level settings can be done in each policy Policy The corresponding policy triggered by agent Description The information of triggered policy Table 5 20 Policy Log Log Conten
77. Before starting the console IP guard server must be running How to 1 Go to IP guard default folder and click OConsole3 exe OR Go to Start gt All Programs gt IP guard V3 gt IP guard V3 Console The Logon windows popped up see Figure 3 1 Omri EN IP guard Ve Server 127 0 0 1 X Y Account Admin Password Figure 3 1 IP guard Login Windows Server Input IP address Computer Name or Dynamic Domain Name Account By default the account for administrator is admin and the account for auditor is audit After logon to the Console the administrator can create different accounts with different access rights IP guard Console gt Tools gt Accounts Password By default the password for admin is empty After logon to the Console the administrator can edit the password from Tools gt Change Password 2 Input correct account and password click OK to logon to Console When IP guard connection is disconnected or you need to logon to another IP guard server or you need to use another role to logon IP guard please go to Tools gt Relogin to logout current session and re login based on your need Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 20 A Important Make sure the server is running properly the color of the Service Manager should be like this GC a If the status of the Service Manager is
78. Class By Detail By Group Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 34 3 By Detail In this mode it listed in the order of the details of application not by process For example there are two different versions of MSN program running in different agents the process name are the same called msnmsgr exe Using By Detail mode they are counted as two different versions of MSN However if using By Name mode the usage time of those two versions will be counted together To choose this option click the Mode button and then select By Detail Application Time 7 Percent By Class T Ruming Time 20 39 40 By Name T Working Time 05 01 50 100 Microsoft Office Word 01 23 40 27 7 L C Windows Live Messenger 01 14 00 24 5 By Group JIntemet Explorer 01 08 10 22 5 Figure 4 3 Application Statistics By Detail 4 By Group In this mode it analyzes the application and its percentage usage based on selected computer group or user group By default the statistical data are working time and running time Computer Running Ti Working Time By Class Y Unclassified 20 39 40 05 01 50 By Name Y TONY 13 17 20 03 50 20 By Detail d CARMEN DESKTOP 07 22 20 01 11 30 y TEMPO PC 00 00 00 00 00 00 Y CARMEN SAMSUNG 00 00 00 00 00 00 gy Total 20 39 40 05 01 50 Figure 4 4 Application Statistics By Group To query other application classes usage should be selected fro
79. Date Back up to Backup Task Bacup 2012 08 08 cA Load 2012 08 08 C Next execution time Data range Click To create Schedule Backup AR3_DATA 20100514 o A e eea rn AR3_DATA 20110623 2012 08 09 15 07 34 Information Backing up table BASIC_LOG Backed up pieces 2012 08 09 15 07 35 Waming Backup task has been canceled Figure 12 12 In the Schedule backup interface you have to select the backup cycle the backup data time range and the backup path Automatic backup Every 2012 08 09 Before Month Back up the copy of document Browsing Log Printing Log Back up printed content Application Log Policy Log System Events Log Screen history O O O E O E o Oo Back up email content Delete the original data Back up to Path Figure 12 13 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 152 12 2 3 Review Backup Data To review the backup data System Administrator easily adds the backup data folder back to IP guard console Notes that loading the backup data is only to restore backup data to the server it does not undermine the existing data How to 1 Select from IP guard Console gt Tools gt Server Management gt Backups Management 2 Inthe upper menu Select the Load Options see Figure 12 13 i Load Backups E Documents and Settings O Da
80. IP guard Startup P 21 DER SJ The Whole Network a gly Unclassified Class Time Percent Z Ruming Time 60 35 30 7 Working Time 00 12 00 100 Unclassified 00 09 10 76 3 7 Windows Application 00 02 50 23 6 ss 00 00 00 0 0 All Day 00 00 00 0 0 00 00 00 0 0 Time and Range From Bea Time Range The Whole Network Applications a Classes 9 Chart Panel Unclassified Windows Application IM oes Google Le Computer Ready The Whole Network 1 2 ka 127 0 0 1 Figure 3 3 IP guard Console Functionality IP guard Console Panel 1 Toolbar Includes all system menu 2 Menu bar includes the common functions 3 Agent Panel In the left window to display all installed agents list under The Whole Network tree and the corresponding computer grouping 4 User Panel In the left window to display all agents logon account user list under The Whole Network and the corresponding user grouping 5 Navigation Main Menu Quick access to the main functions Audit Events Log Basic Policy Advanced Policy Monitoring Maintenance 6 Navigation Sub menu Quick access to the specific functions belonging its grouping 7 Functional Button Panel Provide different functional buttons e g for data sorting add delete apply policy etc 8 Data Display Panel Core view all data display here 9 Chart Panel For audit functions with statisti
81. Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Operating Type By default it is set to All Specified type can be selected from the drop down menu including Create Copy Move Rename Restore Delete Access Modify and Upload Send Drive By default it is set to All Specified drive can be selected from the drop down menu including Fixed Floppy CDROM Removable and Network Filename Based on the filename to filter the query Support wildcard input Size Specify the file size to query the target document log Application Input the application name directly or specified the application class for part of query conditions c input the application name directly System administrator can input the application name directly e g qq exe or game exe d specified application class Select the button to specify the application class Has Backup Check this Has Backup box to query the document log with backup only Table 5 12 Document Operation Log Search Conditions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 50 d H Auch Y Events Log a Basic Policy b Advanced Policy 2 Monitoring E Maintenance gt Basic Events Application Web Shared File Printing Removable Storage Asset Changes 90 Type Time Computer User Source filename File Size Path iv Access 2008 08 13 14 4
82. Install patches on new agents automatically and Download new patches automatically By default these two options are not checked Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management Console Settings Logs Information Alert S Server settings Data Remowal Error Report Default Settings _ Install patchs on new agents automatically C Download new patchs automatically Figure 9 9 Options Patches 9 2 2 Computer Mode Computer Mode Contents Under computer mode check all agent computers information and patches installation situation including Computer IP address Operating System Last Scanned Time and Auto installing Computer Agent Computer belonging group and computer Name IP address Agent computer IP address OS Agent computer Operating System Last Scanned Time The last scanned patch time of the agent computer Auto Installing Auto install or not Table 9 12 Computer Mode Contents Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 120 Y Assets Management File Assets Patches Vulnerabilities UALR Task vax o A e Ordinal Hardware Hardware Chan Software Software Chan Others Patches Patch Mode lt E Computer Mode Vulnerability a Dei Vulnerability Mo v2 v3 Computer Mode Yi Deployment v5 Packages Tasks K v3 Y 10 Yi Y 12 lt Computer Deploym
83. Removable Storage Name Block all outgoing fi 01009 Ge Ce Mode Block Time Name Alert O All Day Block all outg f with specified file extensions Wami O Y Al Dan Backup all outgoing files A Lock Computer O Only offline O Expiring Time lt Always gt File Name doc pdf pg Limited Size gt KB 0 Backup O Figure 6 14 IM Policy Policy Example 1 2nd Policy Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 78 6 14 Document Operation Policy Document Control Policy is used to control and limit the agent users accessing confidential information or assign different rights to different agent users Also the backup function prevents some important files are deleted maliciously or by human error Policy Properties Operating Type There are 3 kinds of operating types separated Read Modify and Delete allow Modify means also allow to Read allow Delete means also allow to Read and Modify Read Read files Modify Includes all operations expect read and delete i e create rename modify copy move and restore Delete Delete files Disk Type By default it is set to lt All gt Press Ctrl A to select all or none File Name Specify the required control filename also can input the folder path e g E work it represents all files under this work folder take effective of that particular policy Support wildcard input using and as separators for
84. The last appeared time of the agent Version Agent s current installed version Install Date Agent s installation date Table 13 2 Computer Management List of Computer Information Searching Conditions All By default all agents are listed By IP address Search by specifying the IP range By First Appeared Search by specifying the first appeared time range By Last Appeared Search by specifying the last appeared time range By Agent ID Search by specifying agent ID By Name Search by specifying computer name support wildcard input Table 13 3 Computers Management Searching Conditions Operations Delete This option includes two actions uninstall agent automatically and release the agent license The agent will not appear in the computer tree Uninstall To uninstall agent not include releasing the license The agent still appears in the computer tree Table 13 4 Computers Management Operations After the above action is selected click OK to confirm the action Otherwise if only Delete or Uninstall button is clicked no actual actions take effective unless to click OK button to confirm Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 157 13 3 Alert Message Select from Tools gt Alert all real time invoked policies alert messages are logged in the popup windows If popup alert bubble is checked in Tools gt Options wh
85. Time Guest SERVER T TESTING 2 D VPN TESTING Figure 8 7 Remote Maintenance Network Shares Sessions Mode ESTELAS TAEL 4 3 Events Log Y Basic Policy b Advanced Policy ED Motore H Maintenance b SJ The Whole Network r gi Fiancial Applications Processes Performance Device Manager Services Disk Schedule ai vit Jpen file ED B A Unclassified 1 DEMOAGENTI Open file visitor Locked Mode Y SERVER CADocuments and SettinesiAdministratorDesktopiDirectMail ADMINISTRATOR 0 Read T TESTING 2 Y VPN TESTING Figure 8 8 Remote Maintenance Network Shares Open File Mode 8 1 8 Schedule Select Maintenance gt Schedule can check the agents computers schedule list including Name Schedule Application Next Run Time Last Run Time Status Last Result and Creator 4 Ma Audit 3 Events Log My Basic Policy l Advanced Policy amp monitorin 8 Maintenance b Applications Processes Performance Device Manager Services Disk Shared Schedule Users and Groups Name Schedule Application Next Run Time Last Run Time Status Last Result At7 00 AM ever CAWINDOWSisystem32ws 2008 08 15 07 00 00 2008 08 14 12 00 00 Figure 8 9 Remote Maintenance Schedule Select the schedule task right click to select Delete to delete the schedule Control Buttons Only enable under user mode select target user to check the schedule status Table 8 8 Schedule Controls Upda
86. Under Asset Management select Vulnerabilities gt System Vulnerabilities or Computer Mode click the vulnerability management button e to execute the vulnerability scanning immediately Click the computer button to view a computer group or individual computer vulnerability information 9 3 1 Vulnerability Mode Under vulnerability mode Vulnerabilities gt System Vulnerabilities can check the list of vulnerability information of corresponding agent computers The list includes the following information Ordinal Severity Rating Name Vulnerability Pass and other detailed information Severity Rating 3 different ratings Information Normal and Critical Name Summary of the vulnerability Vulnerability Total number of agent computers having the corresponding vulnerability Pass Total number of agent computers having no vulnerability Other detailed information Double click any vulnerability from the list to see the details Apart from the details of the vulnerability system also provides solutions for System administrator to solve the particular vulnerability problem Table 9 13 Vulnerability Mode 9 3 2 Computer Mode Under Vulnerabilities gt Computer mode to view and check the agent computer information and corresponding vulnerability information including Computer IP Address OS Last Scanning Time and Auto Installing Double click any vulnerability from the list to see the details and find out the
87. WINDC CAWINDC CAWINDC CAWINDC Select Maintenance Disk can check the agent s disk usage situation including disk Volume File System Capacity Free Space and Usage Control Buttons Only enable under user mode select target user to check the disk information Table 8 6 Disk Controls Update By Ryan Lee Last update v2 0Rev20 120809 Chapter 8 Remote Maintenance P 101 4 i T Audit 3 Events Log Ki Basic Policy amp Advanced Policy ES Monitarin e Mainte Applications Volume ae CN sp EN Processes Performance Device Manager Services Shared Schedule File System Capacity Free Space Usage NTFS 52427 M 18902 M 63 9 NTFS 197620 M 160706 M 18 6 Figure 8 7 Remote Maintenance Disk 8 1 7 Shared Select Maintenance gt Shared to check the agents network shared situation including shared folders shared Path Client Connections and Comments 4 T Audit 3 Events Log a Basic Policy amp Advanced Policy a Monitor e Maintenance Applications Processes Performance Device Manager Services Disk Schedule Users and Groups Shared Folders A print CIE guard Migration Rc G shared Virtual Machines Aclients A t lient GE TESTING LOG G web E DirectMail 25 a e Shared Path Client Comment CAWINDO WSiseystem32 s D Printer Drivers Sessions i EAIP guard Migration 0 Open Files CH QO Default share C Documents and Settings 0
88. abled when this is checked Decrypt when reading this option is only enabled when Read is checked the files are only decrypted using Explorer exe to copy files from removable storage to local or network disks Using other application programs to read the encrypted files cannot be decrypted Write free to write any files to removable storages when the action Write is prohibited any files cannot be copied or saved to removable storages also all files in the removable storages cannot be deleted or renamed Encrypt when writing this option is only enabled when Write is checked Prohibit any application programs to copy any files to removable storages except using Explorer exe Removable Storage By default it is set to lt All gt To specify removable storages corresponding classes must be selected Please refer to Section 12 4 3 about Removable storage class management Table 6 14 Removable storage Policy Properties Removable storage Policy Example 1 5 Requirements How to control users that only can use company s provided removable devices Policy Settings Policy 1 Add a Removable Storage policy to block all unclassified devices Policy Name Block all unclassified devices Read unchecked Removable Storage select Unclassified class Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 84 Property Property Name Time Only offline Expir
89. age By default it is set to All System administrator can select the target language from the drop down menu Table 9 14 Package General Condition Settings Deploy Package Gene Generar File Conditions Name New packagew Created Modified Windows 95 Windows 98 Windows ME Windows NT4 Windows 2000 Windows XP Windows 2003 Windows VISTA M M M M M E E E z Language Figure 9 12 Deploy Package General Condition Settings File Conditions Settings From the left panel select File to switch to File Conditions Settings General Size The size can be checked after successful creation of the deployment package Computer The computer used to create the deployment package using Console Path The complete file path Parameters Command This command parameter is used to install software or execute program during package mode There are two methods to input this field 1 right click the software installation item from the File List to click Copy to Command Line see the following figure or 2 Input the name manually Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management File List Ej Ordinal File Name File Size Modified Version ultravne_Set L876 KB 2007 08 13 16 47 49 L Copy to Command Line Deploy Mode There are three modes Install Execute once and Deploy File Install Distribute application so
90. agent done in Windows Installed Time The first installed time of agent IP MAC The agent s IP MAC address Last Logon User The last logon user in that agent computer The status of idle or lock also displayed here Table 3 6 Computer Basic Information Fields Descriptions Windows server allows more than one concurrent connections connected in this case the Basic Information also displays all current connections logon user information and the logon time see Figure 3 7 computer vax 4 al Audit f 3 Events Log Y Basic Policy de Advanced Policy l amp P Mor Y The Whole Network D A Testing Basic Application Web Traffic d TE DEMO EE 2 d TOSHIBA M5 Name Value d WINDOWS gt Nene TESTING gly Undassified gt Computer TESTING IP Address 192 168 0 11 Status Running Idle Version 3 11 0512 0 OS Windows 2003 Server Running Time 2009 06 22 13 01 49 gt Last Online 2009 06 22 14 16 43 gt Last Active Time 2009 06 22 13 11 41 Installed Time 2009 06 22 13 00 18 IP MAC 00 00 21 DC 90 9E 192 168 0 11 00 1D 60 6F 5E 95 Last Logon User Administrator e User has not logged on Idle Figure 3 7 Computer Basic Information Concurrent Logon Information 2 Computer Group Basic Information Select a computer group will display all computer status under the selected group including computer name IP address operating system and number of user login to the comp
91. al resources human resources intangible assets such as intellectual property information and goodwill are also very important IP guard provides effective monitoring and managing capabilities to help corporations minimize their risks in information security IP guard is an application to effectively monitor and manage corporate network activities including Running Statistics IP guard can generate statistics reports on every application process website browsing and network flow in order to evaluate the behavior of staffs Real time Monitoring With IP guard administrator can monitor computer usage including application usage website browsing history document operation printing screen snapshots instant messages and email contents in real time Policy Control Computer restrictions including application usage website browsing document operation and printing network usage bandwidth and devices can securely protect corporation information enhance staff efficiency and allow corporation to plan resources reasonably Real time Maintenance System administrators can monitor computers remotely with IP guard lt controls computers analyzes and solves computer problems remotely Asset Management IP guard records hardware and software asset information in detail Alert can be sent when there is any change in software or hardware Asset information can be searched from custom built query Patch and Vulnerability Management
92. and Table 4 3 Web Statistics Functional Buttons There are 3 modes in Web Statistics 1 By Class In this mode System Administrator can query the statistics by class The web class can be defined in Tools gt Classes Management gt Web Using this mode can facilitate to query defined web usage Details refer to Chapter 12 Section 12 4 2 To choose this option click the Mode button and then select By Class By default it shows all statistics of defined web classes All websites not classified are grouped into a class called Unclassified Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 37 Class Time E Unclassified 15 02 40 By Detail E University Portal 14 40 00 By Group Search Engine 09 36 50 E Video 08 32 00 Famous Portal 06 47 30 E Online Radio 05 40 00 E Online Banking 02 03 20 E Webmail 01 42 20 Figure 4 10 Web Statistics By Class 2 By Detail In this mode it listed in the order of all details of website If the website belongs to one of the web classes the format of the representation is Website Identity Website For example a Website Identity is Google if www google com visited it listed as Google www google com If none of any web classes it belongs to it shows the URL directly and analyzed by its domain name To choose this option click the Mode button and then select By Detail eso Website Time Y By Class
93. ass 164 13 5 6 Network IP Port Class io ias 165 13 6 Server Management 166 Tor AgeN LO EE 167 13 7 1 Confirm code Generator 167 KE Me EE 169 13 8 1 Console Settings venid nei eek Bethea 169 kl ET 170 14 Audit Console 14 1 Logon to Audit Console nc nono n cnn rca rr 173 14 2 Audit Console Interface circos 174 14 3 Using Audit Console cn conocio non cc cnn cana n cnn nn nc nana nc rnnnns 175 Chapter 1 Introduction P 1 Chapter 1 Introduction of IP guard 1 1 Introduction Corporate information becomes more important under the era of intellectual economy The critical factor for success is to protect information effectively With the fast growth in information technology internet becomes an important channel to communicate between customers and corporations Despite its convenience information is more easily leaked As important information leakage brings loss to corporations a comprehensive control of computer usage is important It controls and reduces the risk of loss caused by leakage of the confidential information and or abuse of corporate resources and intellectual property More and more employees spend their time in browsing websites that are unrelated to work during working hour Such behavior decreases productivity Many employees may think that the office computers are their personal property they can do whatever they want with the computers Corporations should control and monitor their behaviors in or
94. ault Connection 1 Bandwidth settings between server and agent the range is limited from 1 to 102400kb s If server is in LAN environment this setting is not required However it may apply in VPN environment 2 Active Polling By default this option is checked because it prevents some agents do not know server IP address and cannot communicate with server normally make sure this option is enable When no search range is set in Search Range and this option is checked it means server will only scan local network When search range is set and this option is checked it means server will scan local network and also the specified input search range if this option is not enable some agents may never communicate with server as they are missing server information Directory By default all directories are located under P guard installation path System administrator can change the patches and backup paths including deployment Backup email Screen history Document Backup and Microsoft Product Patches Any directory paths changed the data will not automatically move to new directory IP guard server must be stopped and then move the data to new directory as required Restart server is required after changing any paths N Select target object and then click this button to open the Directory Settings select the new path Click OK button to save the setting The new path setting becomes effective after se
95. ble 5 13 Shared File Log Operating Types Log Contents The shared file log contents include document operation Type Time Computer Remote Host Source Filename and Path Remote Host Remote Computers IP address Source Filename The file operated by agent computer user Path The details of file operation path Table 5 14 Shared File Log Log Contents Administrator can input time and range select operating type file name and remote computer name or IP address to filter the search result Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Operating Type By default it is set to All Specified type can be selected from the drop down menu including Create Rename Delete and Modify Name Based on the filename to filter the query Support wildcard input Remote IP Name Specify the remote IP or computer name to filter the query Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log Table 5 15 Shared File Log Search Conditions d T Audit 3 Events Log Y Basic Policy b Advanced Policy amp P Monitoring g Maintenance b Basic Events Application Web Document Shared File Printing Removable Storage Asset Changes Type Time gt Delete 2008 08 05 11 36 02 N Modify 2008 08 05 11 35 56 Create 2008 08 05 11 35 56 gt Delete 2008 08 05
96. cal Disk H FAT 1 9GB II FAT 0 0GB IZ D Add 2008 08 16 23 08 12 TESTING CDROM JM 1 USB Flash Disk USB Device Time lt p Add 2008 08 16 23 07 58 TESTING Logical Disk G CDFS 0 0GB Al Day lt gt Delete 2008 08 15 12 26 01 TESTING Disk Drive Multi Flash Reader USB Device 0GB add 2008 08 15 12 25 56 TESTING Disk Partition Disk 0 Partition 0 Disk 0 Partitio RELE wm Add 2008 08 15 12 25 40 TESTING Memory DIMMO 1024MB IDIMM1 1024MB The Whole Network P aaa 2008 08 15 12 25 36 TESTING Cache L1 64KB IL2 1024KB ILX OKB Reset Tyo te Add 2008 08 15 12 25 31 TESTING CPU Intel R Pentium R Dual CPU E216 Y Aaa 2008 08 15 12 25 06 TESTING System Slot PCIEX1_1 IPCIEX16 IPCI_1 IPCI_2 jada 2008 08 15 12 25 01 TESTING Motherboard PSGC MX EEN 2008 08 15 12 24 51 TESTING BIOS American Megatrends Inc all E Delete 2008 08 15 12 05 57 TESTING Computer TESTING y e Content Search Figure 9 7 Hardware Change Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 116 Query Conditions Select File gt New Query to open the search panel System administrator can set different conditions to filter Time amp Range Common query conditions Asset Type By default it is set to All Select Asset Type from the drop down menu to specify the type to filter the query result Content Specify asset contents Support wildcard input Table 9 8 Hardware Change Quer
97. cal data the corresponding chart displays here 10 Searching Panel Property Panel Searching Panel For searching purpose in audit events log IM and email monitoring Property Panel For policy settings purpose 11 Status Bar Display current system status Table 3 1 IP guard Console Interface Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 22 Color Representations of Agent Icons Light Blue Agent is running 2 Light Grey The computer agent module is not running The computer may be turned off or not connected to the network 2 Deep Grey The agent is un installed Table 3 2 Color Representations of Agent Icons Color Representations of User Icons Light Blue The agent user is running A Light Grey The agent user is not running The user may not logon to the agent computer Table 3 3 Color Representations of User Icons Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 23 Common Search Conditions Search x Time and Range From qr amp El vu e el To Bayz je Time All Day o ly Range Testing laa Figure 3 4 Common Search Panel Date Range For the designated date range the default start time and end time are not clicked that is all log data are searched and display as results To specify the date range click the start time and end time Icon De
98. ce Policy Audio Figure 6 1 Device Policy Example 1 Property 5 Requirements gt GC To prevent some important files leakage System administrator can set a policy to prohibit the use of Burning devices removable device Policy 1 add a policy to block some Storage Floppy CDROM and Moveable Device Communication Bluetooth as File transfer between local computer and Mobile Phone PDA may be done through Bluetooth and USB devices USB Storage and USB Hard disk and set the effective time as All Day Property vax Property Value Name Block devices to prevent Time All Day Mode Block Only offline oO Expiring Time lt Always gt Device Policy Floppy Burning Device Move Figure 6 2 Device Policy Example 2 Property Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 63 6 4 Application Policy Many Enterprises prohibit their staff to install their own application software such as BT chatting and online games software Application policy control can limit the use of unwanted applications To add a policy by default the application is lt All gt There are two methods to specify the application Property vax Property Value Name Application Policy_1 Time Al Day Mode Ignore Alert iL Alert Level Los Warning O Lock Computer O Only offline O Expiring Time lt Always gt Ap
99. commended Pentium III 1G 256MB 100MB Hard disk space Agent OS Win Me NT4 2000 XP 2003 Vista Minimum Pentium 166 64MB 10MB Hard disk space Recommended Pentium III 500 128MB Hard disk space A Important Server amp SQL Requirements Table 2 1 Software Requirements a If the Server is installed on Windows 2000 SP4 please make sure the system is updated with service patch Win2000 KB891861 v2x86 exe a If you are using Microsoft Server 2000 please make sure that it is updated with Service Pack 4 SQL2000 KB884525 SP4x86 ENU exe 2 3 Installation 2 3 1 Database Installation Prior to IP guard installation database must be installed on the IP guard server P guard supports SQL Server 2000 SP4 or later SQL Server 2005 SP1 or later for database If licensed SQL Server is not available please install the free MSDE SP4 or SQL Express 2005 provided by Microsoft Below are the instructions for installing MSDE A Important SQL Server Limitations a The limitation of Database size on free MSDE and SQL Express 2005 are 2G and 4G respectively With this limitation it would affect the stabilities of server We strongly recommend using Enterprise Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation Po version if there are many agents and too much data has to be stored in the database a Please ensure that SQL Server 2000 is installed together with SP4
100. crypted disks Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 140 Ej AS General Authorities Computer Groups User Groups Name e Admin 8 wuh e caoyl hehuan Description Policy Monitoring Maintenance Assets Management Patches O Vulnerability O Deployment O Intrusion Detection All Classes Management O Delete O Backup O setting Generate agent s confirmed code Manage Encrypt disk Format as Encrypt disk AE EE 200 DE Ee ee a Admin account is a super administrator which has the highest rights to use all functions while other accounts do not have the permission to use these two functions unless they are granted 11 3 2 Removable Storage Log Select Log Removable storage to view the log of plug in and plug out actions of all removable storages in agent computers If the Disk Type is empty that represents the removable storage type is non encrypted disk Type Time Computer User Disk Type Yolumn ID Description Volume Lable Plug In 2008 12 02 17 06 28 TECLINK teclink 142C 0503 SanDisk Cruzer Plug In 2008 12 02 17 06 21 TECLINK teclimk Encrypt disk 4934 ESFE RamBo UltraDiskPro d S plug ve 2008 12 02 15 46 35 TECLINK teclink Encrypt disk 4934 ESFE RamBo UltraDiskPro EA Plug In 2008 12 02 15 46 06 TECLINK teclimk Encrypt disk 4934
101. cted group agents The following 2 options Group of agent and Include subgroup are only enabled if this option is checked Group of agent Specify the belonging group of remote computers The following option Include subgroup is only enabled if this is specified Include subgroup Check this option to specify to include subgroup or not Table 6 10 Network Policy Properties Network Policy Example 1 2 Requirements GC To prohibit user accessing website and FTP download Policy 1 Add a Network policy to block the ports 80 and 21 Policy Name Block the ports 80 and 21 Mode Block IP port TCP 80 TCP 21 IP range All Network Policy Example 2 4 Requirements a GC In the Enterprise there are some important departments which may have many sensitive data However to facilitate the staff workflow they may use net share to share the working files In this case how to protect these departments shared resources away from other departments illegal access Policy 1 Add a Network policy to block the IP range Intranet first Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 72 Policy Name Block all intranet communications Mode Block IP port All IP range Intranet 4 hi Audit 3 Events Log Y Basic Polic f a Advanced Policy Monitoring Property Dll Property Valve Traffic Network y Mail IM File Document Printing Remo
102. ction Yiew Help e OB 3 SOL Server 2005 Network Configuratior S SOI Native Client Conhigigation El Client Protocols 3 Alases 2 Make sure the Name Pipes is Enabled 1 Make sure you are configuring MSSQLSERVER Figure 2 2 SQL Server Configuration 11 Expend the SQL Native Client Configuration and then click the Client Protocols double click Named Pipes to make the status Enabled 2 3 2 Server and Console Installation Make sure the SQL Server or MSDE is started up How to 1 Double click IPguard3 exe select the installation language and then click Next 2 Main installation interface will show up click Next 3 The installation process prompts the default installation path Users can select another path for installation Please select a partition with a larger storage size for IP guard server installation Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 8 4 The installation process prompts the types and components Users can select IP guard server and console as they need Click Next 5 Select the path of short cut inside the Start menu Click Next 6 After verifying the settings click Install and wait for the installation process to complete Then click Finish to end the installation The server will startup and the IP guard Service Manager ic will be displayed on the task bar A Important During the server installation i
103. d V3 gt Agent Remote Installer to start the installation Functionality 1 Scanning Seitings By default the system only scans all computers from IP guard server s network segment If you want to extend the searching area go to File gt Scanning Settings In the opened dialogue you can add the IP range 2 Color Representation of the computer icons Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 13 Icon Color Window Window Online Agent NT4 0 2000 XP 95 98 me OF not Installed or not a Deep blue Yes No Yes No a Deep blue No Yes Yes No B Gray Yes No No No Ei Gray No Yes No No a Light Blue Yes No Yes Yes al Light Blue No Yes Yes Yes Table 2 4 Color Representation of the computer icons 3 Installation Click which computers you would like to install the agent After selected go to Operation gt Install to start the installation During installation the administrator login and password are required if the current logon session is not administrator The near bottom panel showing the details of installation status if any failures happened the panel will show you the description and corresponding error code FAQ If failure occurred during remote installation please check the following items are available in your targeted computer 1 If the current logon session does not grant administrator right at this time the sys
104. der to enhance productivity and minimize the risk of misuse of computer resources According to researches of the Gartner Group and Forrester Research nearly 50 of time within the MIS department has been spent on computer installation and software upgrading which occupy a large proportion of the computer cost System administrators spend 70 80 of time working on daily maintenance tasks which increase the cost of computers Moreover productivity drops when computer problems cannot be solved immediately Therefore it is necessary to reduce the workload of system administrators on minor tasks to increase their productivity so that they can concentrate on computer management tasks and information system enhancement IP guard is powerful software to solve the above problems for corporations P guard can monitor and record the utilization of every computer Its functions include daily operation statistics policy management screen snapshot real time recording asset management system patch management software distribution and remote control etc IP guard can automatically record screen snapshots record computer utilization and playback records With all these functions corporations can realize the computer resources utilization secure corporation information and enhance productivity Update By Ryan Lee Last update v2 0Rev20120809 Chapter 1 Introduction P 2 1 2 Major Functions Corporations nowadays not only protect their physic
105. e 2 40 Y MA Intemet Browser 2 20 E m 2 00 E Unelassified 1 40 MM Windows Application 1 20 y MA Download 1a cb 02 CT Media Player O Disc Burning Time Figure 4 7 Application Statistics Bar Chart Pie Chart Xx Microsoft Office Intemet Browser IM Unclassified Windows Application Download Game Media Player Dis Buming minini i Amini i7 43 i Time Figure 4 8 Application Statistics Pie Chart 4 2 Web Statistics Web statistics provide statistics on users what websites they visited The statistical data provides reference to easily understand user web browsing behavior Select Statistic gt Web to query the web usage of computer group or user group in a given period of time Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 36 By default it queries today s statistics of web usage The interface of Web Statistics is divided into 4 parts 1 Computer or User column 2 Statistical Data Panel 3 Chart Panel and 4 Search Panel see Figure 4 9 Computer AS 4 B Audit 3 Events Log 4 Basic Policy a Advanced Policy 2 Monitoring Maintenance gt Search E 4 The Whole Network np a z gly Unclassified Basic Application Web Traffic Time and Range 2 CARMEN DESKTOP e ron o 9 CARMEN SAMSUNG A a7 12008 E Y TEMPO PC Website Time a Y TONY E www google com 00 24
106. e 13 13 Confirm Code Information 6 System administrator tells the generated confirm code to agent user and ask him her to input the confirm code 7 Agent user clicks OK to confirm The normal way to uninstall agent please refer to Section 2 6 2 Uninstall Agent Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 169 13 8 Options Select Tools gt Options System administrator can check or amend existing Console and Server settings The following tables show all default values Options Console Settings Console S Logs Monitor Alert Interval of tracing frames second Server settings Patches Data Removal Show visible screen only Range Connection Maintenance Interval of auto cycle second Directory Interval to refresh application list second Performance Error Report Interval to refresh process list second Interval to refresh performance information second Remote Control Default to lock remote computer s keyboard and mouse C Default not to operate remote computer OK J Cancel Figure 13 8 Server Options 13 8 1 Console Settings Log Search logs the max records show in logs on each page is set to 20 Quick Settings Option for user to quit console program or minimize windows to system tray area Information Monitor the interval of tracing frames seconds is set to 2 the interval of auto cycle Seconds is set to 8 Maintenance the
107. e Last update v2 0Rev20120809 Chapter 6 Policy P 73 For the enterprise computers installed with agent network policy should be set to allow only communicating remote is agent This policy prevents some external computers accessing the internal enterprise computers For the enterprise computers not installed with agent System administrator can enable the Intrusion Blocking function with set some specified computers as Protected This function will block all communications between Illegal all other external computers are treated as illegal which are not listed in the Intrusion Detection windows and Protected computers Details of Intrusion Detection function please refer to Section 10 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 74 6 12 Mail Policy Mail policy is used to prevent Enterprise internal information data leakage through sending email Mail policy is used to control outgoing email but cannot control incoming email Also IP guard cannot control webmail and Lotus emails whatever is incoming or outgoing Notes that mail policy Policy Properties is only effective for computer group but not user group From Control the sender email address Support wildcard and multiple inputs use and 5 as separators To Control the recipients email address including CC and BCC email addresses Input rules are same as Sender Subject Control the email subject Input rules
108. e System Capacity Free Space Usage C NTFS 49999 MB 18092 MB 63 E NTFS 188465 MB 153262 MB 18 Figure 13 9 Server Management Basic Information Includes server startup time running time and real time bandwidth Startup Time The time of server startup time Running The total running time after server startup Communication The real time bandwidth flow send receive between server and agent in KB Database File The name path size and maximum capacity of Database file Directory Includes Backup Mail Screen history Patches and Deployment folders information name path number of files and file size Disk Space Server disk space information including volume type of file system capacity free space and percentage usage Table 13 10 Server Management Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 167 13 7 Agent Tools 13 7 1 Confirm code Generator In case of any emergency while the agent cannot communicate with server scenario no Internet connection some strict policies such as cannot decrypt presentation PowerPoint or prohibit using USB devices are still running In this case how the System administrator help to release policies or uninstall agent from the client computer is using Confirm code generator The followings are the procedures to release all policies or uninstall agent under approval 1 Ask the agent user to press Ctrl Alt Shift
109. e change login and logoff event Log Types Start Stop Log the status of application start and stop Windows Changes When user changes the application system records the windows changes log Title Changes When user uses an application it may have different windows or titles such as browser Table 5 4 Application Log Log Type Hints Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 46 Administrator can input time and range type in path or window title and enter specific application or application class to filter the search result Input string support wildcard character Search Conditions Path Title Input the application path or title for part of query conditions Application Input the application name directly or specified the application class for part of query conditions a input the application name directly System administrator can input the application name directly e g qq exe or game exe b specified application class Select the button J to specify the application class Table 5 5 Application Log Search Conditions Basic Events Application Web Document Shared File Printing Removable Storage Asset Changes 4 i hi Auch E Events Log i Y Basic Policy amp Advanced Policy Monitoring f E Maintenance b D Operating Time Computer User Application Path Title Ca Stop 2008 07 28 18 30 05
110. e including add delete and change Log Contents The asset log contents include Operating Type Time Computer Type and Description Operating Type Add Delete and Change of the asset Type Identify the change is Software or Hardware Description The information of asset changes Table 5 18 Assets Change Log Log Contents Administrator can input time and range and asset description to filter the search result Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Type By default it is set to All Specified removable storage type can be selected from the drop down menu including Hardware Changes and Software Changes Operation Type By default it is set to All Specified removable storage type can be selected from the drop down menu including Add Delete or Change Description Specify the asset description to filter the query Support wildcard input Table 5 19 Assets Change Log Search Conditions 4 T Audit 3 Events Log A Basic Policy b Advanced Policy 2 Monitoring H Maintenance b Basic Events Application Web Document Shared File Printing Removable Storage Asset Changes a Operating Type Time Computer Type Description Sr Add 2008 08 24 03 29 38 CARMEN Hardware Changes Generic D D ROM SCSI CdRom De ze Add 2008 08 24 03 29 03 CARMEN Hardware Changes N 0 06
111. ect Patches gt Computer Mode it shows the agent computer list and the details of patches installation By default the patches download and installation are not automatically System administrator required to set the settings manually Select one of the computers to right click to set Install or Not Install agents set with Install the patches will be automatically downloaded and installed while agents set with Not Install will not do anything In the detailed list of patches under computer mode System administrator can specify patches to download for individual computer Select the desired patches using CTRL key for multiple selections and then right click to set Install or Not Install For the coming new agents System administrator can set the patches download option automatically or not from the Console select Tools gt Options gt Server Settings gt Patches there are two options there Install patches on new agents automatically and Download new patches automatically By default these two options are not checked Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 121 9 3 Vulnerability Check Vulnerability check function automatically scans the internal network computers and process analysis to help System administrator to check and trace the vulnerability problems Follow the resulting suggestion to take timely response measures to enhance the security of all internal computers
112. ed TESTING Intel R Pentium R Dual CPU E2160 KI Unclassified TESTING Intel R Pentium R Dual CPU E2160 Figure 9 6 Hardware Assets Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 115 A Caution i The result list must include CPU Repair date also any one of the CPU instance properties must be included Otherwise the property value may not be added The reason is that CPU Repair date belong Instance property we cannot add the same value for all instance properties for a computer 9 1 4 Hardware Change Hardware Change log all hardware changes made from agent computers including add delete and change Select Assets gt Hardware Changes to view the hardware changes log Hardware Change Contents The contents include Type Time Computer Asset and Description Type Type of asset change Add Delete or Change Asset Asset classes such as CDROM CPU BIOS etc Description More detailed information about the asset shows in this column Table 9 7 Hardware Change Contents Hardware Change ogg Type Time Computer Asset Description A Change 2008 08 18 16 29 17 TESTING CDROM JM 1 USB Flash Disk USB Device gt lt Add 2008 08 18 16 29 12 TESTING Disk Drive Multi Flash Reader USB Device 0GB pada 2008 08 18 16 29 07 TESTING Disk Partition Disk 2 Partition 0 Disk 1 Partitio lt gt Add 2008 08 18 16 29 02 TESTING Logi
113. ee Edi eoi vate Senos 8 2 3 4 Checkcode Setting eege ea a ads dace pe eed LS 10 2 3 5 Serveto seei riian e n TEE 11 2 4 Agent Deployment 55655 seeded aro opt 11 2 4 1 DirectiInstallation 2 22 ices Seaweed tie Sad ame cian aise egies dad Aina 11 2 4 2 Remote Installation E 12 2 4 3 Logon Script Installation 0 cc teeters rnncnnn cnn 14 2 5 Syst m Upgrade civic eG a ea ve ee ek aari 16 2 5 1 Server and Console Upgrade eee e eect eee eee tenet a een een ee neta eeeeseaeeneeteaes 16 2 5 2 DE e LC EEN 16 2 6 Uninstall IP guard ENNEN ee eed eis eee 16 2 6 1 Uninstall IP guard Server and Console 0 0ccceceeeeeeeeee een teens ne ene eae eeeeneeeneeeenaten 16 2 6 2 Uninstall IP guard Agent cece cece ee eee eee e eee eee e eee ese essen eee eee eseeeteeeeieeeeees 16 3 IP guard Startup 3 1 IP guard Kei E EE 19 3 1 1 LOGON Console hoen Hie Hi een A A a ene 19 3 1 2 Change Password en vied cd di ee E 20 3 2 Using IP guard Console iiaiai ea a anii iaiia 20 3 3 Computer and User Operations ca nancnncnnn ca nanncnnns 24 3 3 1 Basic Informatlon ica A i ES 24 3 3 2 GROUPING isc tte tin 27 3 9 9 FING BEE 28 KH 28 3 3 5 Rename ee 28 K D e Tu lge tinh lll lected alcoba 28 Table of Contents KR Rer EE 28 3 4 2 Lock Unlock Computer 28 3 4 3 Log Off Power Down Restart Computer 29 3 5 Supplementary Functlons nono ccnono no nono nn nan nno nan n cn nan cnnraneracanncinns 29 3 5 1 Export and IMPONE ata
114. en some agents invoked some policies the alert bubble will popup in the right bottom corner click the alert bubble to see the details of alert message In the alert message windows the maximum display records are 500 this setting can be set from Tools gt Options gt Console Settings gt Alert gt Alert Dialog to change the maximum display records Notice that when Console is closed or re login these messages will be clear To review the history go to Log gt Policy Logs 13 4 Mail Report IP guard Mail Report function allow administrator send the email notification to internal or external email account as the reference Administrator can set the email alert notification via IP guard Console 1 Mail Server Setting Administrator needs to setup the SMTP server for the email notification In IP guard Console Tools gt Options Mail Report Server Setting gt Setting List Mail Report Ser Setting List EF xX ef Server settings Name From Matched Email Patches Y Data Cleanup Server settin admin lt All gt Error Report Mail Report Server Settings Setting List Icon Operation EF Create New Mail Server Setting List x Delete Existing Mail Server Setting List ef Edit Existing Mail Server Setting List y Set as Default Mail Server Cancel the Default Mail Server Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 158 Mail Server Setting Basic Info
115. ent View IP Address Unclassified SERVER 192 168 0 22 Unclessified DEMO 192 168 0 222 Unclassified WPN T 192 168 0 10 Unclassified TESTING 192 168 16 1 Critical Critical Important Moderate Important Low Important Critical Critical Important Critical Moderate Ordinal Severity Rating Bulletin ID MS07 017 MS07 021 MSO7 022 MS07 020 MSO7 012 MS07 034 MS07 031 MS07 035 MS06 078 MS07 047 MS07 050 MS07 042 GM last Scanned Time Auto installing Windows 2003 Server 2 7 29 17 36 38 Windows 2000 Server 2008 08 02 12 09 46 Windows 2000 Professio 2008 08 03 17 21 11 Windows 2003 Server 2008 08 24 12 46 34 PatchID 925902 930178 931784 932168 924667 929123 935840 935839 925398 936782 938127 936021 Name 8 Security Update for Windows Server 2003 KB925 Security Update for Windows Server 2003 KB930 Security Update for Windows Server 2003 KB931 Security Update for Windows Server 2003 KB932 Security Update for Windows Server 2003 KB9241 Cumulative Security Update for Outlook Express fo Security Update for Windows Server 2003 KB935 Security Update for Windows Server 2003 KB935 KB925398 Windows Media Player 6 4 HZ HE Security Update for Windows Server 2003 KB936 Security Update for Windows Server 2003 KB938 Security Update for Windows Server 2003 KB9361 w gt Figure 9 10 Patch Management Computer Mode Computer Patch Install Setting Under Asset Management sel
116. ents gt e Some Enterprises may allow staff using IM tools for communications However they are also afraid that some information is sent out through these tools Using IM policy to prohibit user to send files out and backup all trial outgoing files Policy 1 Add an IM File policy to backup all outgoing files Policy Name Backup all outgoing files Mode Allow 4 M Audit Events Log Basic Poic GA Advanced Policy E Monitoring 18 A Property mox s Property Value Traffic Network Mail IM File Document Printing Removable Storage reg Backup all outen e Time All Day Mode Allow Time Heme Sc 1 i AND Backup all outgoing file eve aw Mv ay ackup all outgoing files A Waming O Lock Computer Only offline Expiring Time lt Always gt File Name Backup Y Minimum Size gt KB 0 Maximum Size lt KB 100000 Figure 6 14 IM Policy Policy Example 1 1st Policy Policy 2 Add another IM File policy to block all outgoing files with specified file extensions Policy Name Backup all outgoing files with specified file extensions Mode Block Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 77 Alert optional Warning optional File Name doc pdf zip rar jpg 4 B Audit 3 Events Log Y Basic Polio amp Advanced Policy 2 Monitoring gt Property EE Property Value Traffic Network Mail IMFile Document Printing
117. er Slot and Summary DDR SDRAM etc There are two types of properties Classific Property and Instance Property Classific Statistical properties of assets For example memory a type of attributes such as the Current Installed Number of Memory Slot Number Max Capacity Current Capacity and Capacity per Slot Yi Asset Information DEMOAGENTI Operation Show View pre Ll DEMOAGENTI Name Content 4 lt A BIOS ab Summary DIMMO 512MB DIMM2 512MB ca d Bus 12 Number 2 HY Cache 12 Slot Number 4 o A CDROM 12 Max Capacity 4096 mu CPU 12 Current Capacity 1024 gi em Disk Drive 12 Capacity per Slot 1024 ce Floppy a Za Keyboard e Logical Disk wa Memory wa DIMMO 512MB wa DIMM2 512MB Instance Instance of asset class for each memory it has attributes such as Device Locator Capacity and Type etc fi Asset Information DEMOAGENTI Operation Show View pim E DEMOAGENTI Name Content ce lt BIOS ab Brief DIMMO 512MB d Bus ab Manufacturer a d Cache ab Device Locator DIMMO e A CDROM ab Type SDRAM gp CPU 12 Capacity 512 e Disk Drive E Floppy Qa Keyboard 4 ze Logical Disk BM Memory EL DIMMO 512MB wa DIMM2 512MB if the asset class is Computer it has only Classific Property Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 110 Asset Property Property Type Classific Property As
118. ers scanned by Intrusion Detection Agent System administrator can add a new computer manually and also preset the type for pre control purpose Select Operation gt Add to add computer see Figure 10 6 Administrator can set IP MAC type or either IP or MAC type see Figure 10 6 the functions are described in Table 10 3 Machine Name IP Address MAC Address Type Unspecified First Appeared Last Appeared Group Figure 10 6 Add a New Computer IP MAC A computer specified with IP MAC address and type If this computer is scanned the type will be automatically updated to predefined type IP Only specified with IP address and type lf a computer without type setting scanned that matched with pre defined computer then the type will be updated to pre defined type automatically For example pre defined IP address 192 168 1 1 set as authorized Once the computer IP address is 192 168 1 1 scanned out whatever the MAC address is this IP address is set to be authorized MAC Only specified with MAC address and type If a computer without type setting scanned that matched with pre defined computer then the type will be updated to pre defined type automatically For example pre defined MAC address 00 F0 4C 8C DE 6A as Illegal Once the computer MAC address is 00 F0 4C 8C DE 6A is scanned out this MAC address is set to be illegal Table 10 3 IP MAC Settings Update By Ryan Lee Last update
119. ers to desired backup storage device Name Size Type C oC Fie Folder mal File Folder SCREEN File Folder Figure 12 8 Backup Data Folders Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 148 12 2 Using IP guard Console for Data Backup amp Review 12 2 1 Backup Management IP guard Console provides a function for data backup using this function can easily backup data to backup storage devices to prevent hard disk full How to 1 Select from IP guard Console gt Tools gt Server Management gt Backups Management Di 2 Inthe upper menu click the button L to create a backup task see Figure 12 9 it Server Management Backups Management Category Management View Tools O Task B y Beginning Date Ending Date Ba 5 2012 07 24 2012 07 25 Click this button to create New Bakcup Task Figure 12 9 Create Backup Task Other Operations in Backups Management Windows S Create New Backup Task Cancel Backup Task Create Schedule Backup Task E b E y Refresh the Backup Task List Table 12 2 Button Function for Data Backup and Review Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 149 MM Backuped task Details Time Type Message Content 09 23 44 Information Backup task completes successfully 09 25 41 Information Shrinking the database OCULAR3_20080612 2008
120. es one of them can be specified to play Time line Display the current time frame drag the slider to a designated location to view the current frame of the screen When mouse is over the time line pointer the basic information Time User Application and Caption will appear Table 7 10 Screen Snapshot History Viewer Functional Buttons Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 95 7 6 5 Export Select from Tools gt Save as Video Files to save the screen snapshot history in wmv format There are 4 options provided before saved From To Time Drag the slider to designated from and to time only the specified time range record will be exported Application If this is checked the default is set to All To specify the Application can select from the drop down menu Once selected only the specified Application record will be exported User If this is checked the default is set to All To specify the User can select from the drop down menu Once selected only the specified User record will be exported All If this is checked all screen snapshot history will be exported Table 7 11 Screen Snapshot Export Function Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 96 Chapter 8 Remote Maintenance According to the research analysis many internal IT department staff esp technical support staff may spend 70 80
121. ettings 13 5 1 Application Class Go to Tools gt Classes Management Applications to open the Application Classes windows By default there are two classes there Unclassified and Windows Application Unclassified All application programs are collected from agents the program is classified into Unclassified when it is first scanned System administrator can create other classes and using drag and drop method to move the program located in Unclassified Windows Application Includes Windows system related applications Table 13 5 Application Classes Management Default Classes ER Application Classes Operation View PIE ES Application Classes E Email Gem E IM E Windows Application al Name E Yahoo Messenger Tray E WMDM PMSP Service E WLLoginProxy exe E WinRAR archiver Windows Update Setup E Windows Update Automatic U E Windows Media Unicast Service E Windows Media Station Service Windows Media Services Perf E Windows Media Program Ser E Windows Media Monitor Serv Watson Subscriber for SENS RN server for Win32 E VMware VMnet DHCP service E VMware YMnet DHCP service E VMware VirtualCenter Agent EF VMware VirtualCenter Agent A VMware Virtual Machine Con E VMware NAT Service E VMware NAT Service EF VMware Authorization Service E VMware Authorization Service File Name ymsgr_tray exe mspmspsv exe WLLoginProxy exe WinRAR exe
122. ev20120809 Chapter 6 Policy P 82 4 3 Audit 3 Events Log 9 Basic Poio 8 Advanced Policy e Monitoring Property Property Traffic Network Mail IMFile Document Removable Storage Name Printing Polic 6000090 am Alert All Day MX Al Den Block all local printers Warming Lock Computer Only offline Expiring Time E Printer Type Local Printer Shared Printer Network Printer Virtual Printer Printer description Application wax Value Only allow specified server All Day Allow lt Always gt hared Printer Network Pri Y RED 1192 168 0 721 lt All gt Figure 6 20 Printing Policy Policy Example 1 2nd Policy Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 83 6 16 Removable Storage Policy To prevent information leakage through removable devices System administrator can apply removable storage policy to assign different rights to removable storages Also the files can be encrypted when writing to the removable storages only authorized computer agents can decrypt the files To manage specified removable storages go to Tools gt Classes Management gt Removable Storage or refer to Section 12 4 3 to see how to custom the Removable storage classes Policy Properties Read free to read any files from removable storages The following 3 options i e Decrypt when reading Write and Encrypt when writing are en
123. filename Supports wildcard input e g not record txt gt log Application Application for file operations Printing Printing log Printer Type Select to record or not record specified printer types Application Application for file operations Shared Files Shared files log File Name Shared file name Support wildcard input IP Range IP Range for remote access agents shared files System administrator can set a range to not record those IP ranges access operations Mail Log the email contents Control policies can be set to record or not record the email Sender Email sender address Supports wildcard input Recipients Email recipient address Supports wildcard input Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 67 Mail Size If it is set it means if email is over the specified size will not be logged gt KB Not Record This option only enabled under the mode Record If it is checked the email Attachment attachments will not be logged In the Console Monitoring gt Mail the properties of email will tell you if it has attachments however cannot be retrieved Instant Message The instant message conversation contents System administrator can select which IM applications are targeted to log Application Statistics Application usage data Web Statistics Web browsing data Traffic Statistics Network Traffic data Table 6 6 Logging Policy Pro
124. files the first policy matched i e alert popup and then the following second policy will also be matched too i e determine the accessing action is copy or not If it is copy action prohibited Action While the policy is executing there are 3 types of actions are also taking action alert warning and lock computer Alert When a matched policy with alert option is executed the console can receive a popup message to alert administrator The popup alert can be set from Tools gt Option gt Real Time Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 57 Alert gt Popup Bubble to set rather to have popup alert bubble There are three types of alert Low Important and Critical Meanwhile the server will record the alerts and can be viewed from policy log or alert log Warning When a matched policy with warning option is executed a dialog box will pop up on the agent computer The content of the warning message can be set in each policy Lock computer When a matched policy with lock computer option is executed the agent computer will be locked To unlock select from toolbar Control gt Unlock or highlight the target agent from the network tree and then right click to select from the menu Control gt Unlock Expiring Time By default the expiry date setting is Always In other words the policy always keeps active never expired A policy will always be effective before it
125. files are stored under the SCREEN directory the file name is initialized at date Table 7 8 Screen Snapshot History Log Properties 7 6 View Screen Snapshot History Double click one of the resulting records or click View button after a record selected The Screen History Viewer will open Notes that the viewer cannot run individually it must be run during IP guard console is running 7 6 1 Screen Snapshot Viewer In the Screen Snapshot Viewer it includes the menu bar tool bar searching bar time line bar display panel as well as the status bar E Screen History Yiewer 2008 07 10 10 06 44 19 34 55 Show View Tools v Screen A Di f ne d a My Computer CoOL application_l tm2008previ Tencent QQ VI ry 4 IPgUpgrade Y z E amp o Recycle Bin iexplore exe Flashmedia3 app_log evt designi doc che Unlock Computer Windows Server 2003 for Small Business Server Copyright 1985 2003 Microsoft Corporation Microsoft vee Flashmedia app_log zip Outlook dis This computer is in use and has been locked Continue Setup IP Adobe Reader ex Only TECLINKDEYELOPM administrator Administrator or an o administrator can unlock this computer User name administrator Password I A A A Read 2008 07 10 10 06 44 TECLINKDEYELOPM Administrator TESTING IP 192 168 16 1 Figure 7 6 Screen Snapshot History Viewer Update By Ryan Lee Last update v2 0Rev20120809
126. ftware installation program to agents and process installation Execute once Execute the distributed program once only in agent side Deploy File Deploy file s to agent the default destination path is sd deploy files it can be changed manually Notes that sd means System Drive if OS is located in D windows it is D More details please refer to the following table 9 19 Run Mode Run mode means there are some interactions required between the installation process and the user user should be able to see the installation and execution interface during installation If this option is not checked it means it is silent installation user cannot see the installation and execution process However if the program itself does not support silent mode installation it may cause installation failure File List Click the button E to select required file s or folder if multiple files are selected they must be placed in the same folder Every time click the button E to create a new file list which will automatically override the previous created file list The information of the file list includes File Name File Size Modified and Version Table 9 15 Deploy Package File Condition Settings Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 125 Deploy Package ES Fie File Conditions General Size Computer Path D Download Parameters
127. g Functions 10 3 1 Intrusion Detection Agent Selection The computer indicated with red flag L represented as Intrusion Detection Agent this agent is responsible for scanning its belonging subnets online computer and executing corresponding policies to block all illegal type computers communication in the network To facilitate System Administrator to manage all computers administrator can select one or more than one stable computers e g a computer does not install with Firewall and not always power off to become Intrusion Detection Agent so that one of them would be assigned to become Intrusion Detection Agent Select Operations gt Set to detect agent represented as L Only Normal type computers can be set to be Intrusion Detection Agent System administrator can specify computers that they cannot be Intrusion Detection Agent Select Operation gt Not to be detect agent represented as A Important Only one Intrusion Detection Agent appears in each subnet Set with Set to detect agent only means that those computers have higher priorities to be Intrusion Detection Agent IP guard system would make the final decision which computer becomes Intrusion Detection Agent but you have right to select which computers cannot be Intrusion Detection Agent Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 134 10 3 2 Pre defined Computer and Type Except the comput
128. ge information Table 13 8 Removable storage Classes Management Local removable storage disk information List of connecting removable storage A Volumn ID Description volum Class Remarks Infor Yolume Le e Fi FE9F 60DD RamBo UltraDiskPro 247 M Unclassified ef Hi 1064 0BE4 SanDisk Cruzer 1904 M USB lt gt Remark You use a trial license currently please format your encrypt disk again after upgrading to Formal Figure 13 5 Removable storage Management Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 163 13 5 4 Time Types Class To facilitate searching and analyzing System administrator can self define the time range Select Tools gt Classes Management Time Type System administrator can view the existing time type By default there are 4 types All Day Working time Rest and Weekend System administrator can custom the existing time classes except All Day class or create new classes as required E Add time type click this button and input the name and select the time range manually By default it is set to All Day Xx Delete time type select the time type class and click this button to delete the class The default four classes cannot be deleted Table 13 9 Time Type Classes Management Time Types Classes E Xx Time All Day Working Time al Rest Weekend an Mon Tue wed Thu Fri Sat S
129. group or user group By default the statistics shows the Computer and the corresponding IP IP Classes traffic statistics All total Intranet total and Internet total Computer All Total Intranet Total Internet Total oy Fiancial 146 146 29 1 M n Unclassifie f YU lassified 126 126 62 7 M gy IT 201 1M 154 0 M 471 M gy To l gy Total 286 276 138 9 M Figure 4 23 Traffic Statistics By Computer IP Classes Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 43 6 By Computer Port Classes List the details of By Computer Port Classes traffic by selecting computer group or user group By default the statistics shows the Computer and the corresponding Port Port Classes traffic statistics All total TCP total and UDP total Computer All Total TCP Total UDP Total gh Fiancial 146 146 0B gh Unclassified 126 126 OB gy IT 201 1 M 201 1 M 0B y Total 286 286 0B Figure 4 24 Traffic Statistics By Computer Port Classes Traffic Statistics not only show the list table it can also generate charts to present the statistical data There are two types of charts Bar Chart and Pie Chart 3 TCP 110 TCP 139 TCP 17152 TCP 80 TCP 445 TCP 8237 TCP 443 TCP 1433 TCP 5900 TCP 3389 _ rz k k in Oh J 010 O Oo m O O O All Intranet Intemet Figure 4 25 Traffic Statistics Bar Chart TCP 110 TCP 139 TCP 17152 TCP 80 TCP 445 TCP
130. h Advanced SP1 from Microsoft Double click the SQLEXPR_ADV EXE to start the setup After reading and accepting the End User License Agreement click Next to continue 2 Prior to installing SQL Server there is some software components required to install Click Next to continue SQL Server setup when all required components are installed Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 7 ao All necessary conditions are listed click Next to continue Inthe Registration Information windows unclick the option Hide advanced configuration options Click Next to continue In the Feature Selection windows make sure Management Studio Express is selected Click Next to continue Inthe Instance Name windows make sure Default Instance is selected If another option is selected it will cause the IP guard server cannot start up properly In the Service Account windows select Use the built in System account and then select Local system Click Next to continue The remaining parts should be followed by the default settings until the installation completed Open the SQL Server Configuration Manager from Start gt All Programs gt Microsoft SQL Server 2005 3 Configuration Tools gt SQL Server Configuration Manager 10 In the left panel expend the SQL Server 2005 Network Configuration and then click the Protocols for MSSQLSERVER double click Named Pipes to make the status Enabled File A
131. iagrams F O rr E A Secur L 3 Security Reports gt Shrink C Server Object 3 Replication Rename Back Up 34 Management Delete Restore gt Refresh Generate Scripts Properties d 5 Figure 12 6 Detach Database 8 After detached successfully System administrator can backup the following files and save into the backup folder File Extension Files MDF amp NDF Backup all mdf and ndf files such as OCULAR3_Data mdf OCULAR3_Log LDF OCULAR3_SCREEN_Data NDF OCULAR3_MAIL_Data NDF OCULAR3_DOC_Data NDF IN Backup all ini files such as Update ini OServer3 ini AssetQuery ini DAT Backup all dat files such as Unins000 dat Table 12 1 Backup Main Files 9 The database OCULAR has to be attached again after the backup completed in SQL Server Studio Management Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 147 E Microsoft SQL Server Management Studio Express File Edit View Tools Window Community Help 1 New Query Gy GF YY oY d al B Object Explorer 3a Ti Restore Database UUED E DI e Restore Files and Filegroups Reports Refresh Figure 12 7 Attach Database Backup Other Data Another data such as screen snapshot emails and documents can backup easily System administrators just need to copy those fold
132. ified logs Table 14 3 Audit Query Update By Ryan Lee Last update v2 0Rev20120809 Technical Support P 176 Technical Support Thank you for choosing our product It is our commitment to provide quality technical service If you have any problems out of this is user guide please send email to our technical support department We will get back to you as soon as possible techsupport ip guard com Or you can call us directly at Tel Guangzhou 86 20 8555 8747 Fax Guangzhou 86 20 8555 1091 Tel Hong Kong 852 2950 0067 Fax Hong Kong 852 2950 0709 Your opinions and suggestions are very important to us We will constantly improve our product to satisfy your needs Update By Ryan Lee Last update v2 0Rev20120809
133. ing Time Read Removable Storage e ax Yalue Block all unclassifie All Day O lt Always gt O Unclassified Policy 2 Add another Removable Storage policy to allow approved class removable devices Policy Name Allow Read Write for approved class device only Figure 6 21 Removable storage Policy Policy Example 1 1st Policy Read checked Write checked Removable Storage select approved class vax q Ma Audit 3 Events Log Basic Polio Ai Advanced Policy amp P Monitoring Property Traffic Network Mail IM File Document Printing Removable Storage Property Value Name Allow Read Write for ap 0509 Ge Only offline O Expiring Time lt Always gt A Read ay llo Ay r approved class devices only E All Day Allow Read Write for approved class devices only Decrypt when Reading C Al Day Block all unclassified devices Write Encrypt when Writing C Removable Storage approved Figure 6 22 Removable storage Policy Policy Example 1 2nd Policy A Caution Priority between Document Control Policy and Removable storage Policy encryption If both document control policy and removable storage policy are applied at the same time document control policy will be executed first and then removable storage policy For instance in removable storage policy a policy allows reading writing from removable storage with encrypt function while in document cont
134. ion gt Setting to set the Intrusion Detection settings Fs Intrusion Detection Operation View SlElsl ge gx ig Ordinal Status Computer IP Address MAC Address Type First Appeared Last Appeared Group Figure 10 1 Intrusion Detection windows In the Setting windows see Figure 10 2 check the Enable intrusion detection option Here are two cases would happen either input the IP address range or not Case 1 Without specify IP address range All online computers agent and non agent computers are scanned and listed out if each subnet at least has a computer installed with agent In each subnet IP guard automatically assigns one computer to be representative to manage all computers within that subnet The representative computer so called Intrusion Detection Agent indicated with red flag L Case 2 Specify IP address range If IP address ranges are set IP guard only scans the computers within those ranges Make sure that at least one IP guard agent installed in each specified range Otherwise no computers can be scanned out from that range Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 130 Enable intrusion detection IP address range Figure 10 2 Setting windows If the computers are already listed in the Intrusion Detection main windows there will be no alert message if it offline and then online again However alert message will popup if new computer
135. is block 4 Indicates that the policy mode is ignore Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 58 Indication that the policy mode is inaction gt A Indicates that the policy with alert setting G Indicates that the policy with warning setting A Indicates that policy with lock computer setting al Indicates that policy with expiring time setting Table 6 2 Policy Functional Buttons A Important System administrator can apply policies to the whole network group computer and user levels According to the hierarchical mechanism their accordance of priorities is User Policy gt Computer Policy gt Group Policy gt The Whole Network Policy The inherited policy is indicated as light green color The property fields related to string input are all supported by wildcard each string up to 3 wildcards and multiple inputs separated by 5 and Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 59 6 2 Basic Policy Through the Basic policy can regulate the computer operation rights also restrict the end users not easily to change the system settings to prevent malicious destroy and strengthen the security To make the Basic policy work is to amend the system registry Basic policy and Device policy are different from other policies they are state keeping policy not a real time invoked policy Basic policy supports Control Panel Co
136. is set of course no related history can be displayed Property Double click the selected log to view the details of the log Table 5 1 Common Log Functions 5 1 Basic Event Log Select Log gt Basic Events this basic event log will record the systems startup shutdown login logoff dialup Patch scanning and software distribution related information Also the corresponding Time Computer User and Description are also recorded The following table summaries the details of Operating Type Operating Type Startup Shutdown The operating system startup and shutdown status of agent computers Login Logoff Every user login logoff status Dialup Every time when the user dialup the corresponding action will be logged Patches When System administrator requests patches installation the related patches will be installed automatically those installation statuses such as Patch scanning and Patch installation will be logged the details will be showed in the Description column Deployment When System administrator create software distribution task it will be executed on target agent computers Those tasks will be logged Table 5 2 Basic Event Log Operating Type Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 45 Administrator can input time and range type and description to filter the search result Input string support wildcard character
137. it is in local view or remote view and the file transfer status Remote to Local Select the target files folders from remote side and select the destination folder in local and then select Transfer gt Remote to Local the file will be transferred from remote to local immediately See the status bar to determine it is in local view or remote view and the file transfer status Terminate Transfer Select Transfer gt Stop to stop the transfer action See the status bar to determine and the file transfer status Table 8 10 Remote Control Transfer Functions Display mode Both local and remote view support Large Ba be ES EE 25 Small 0 List Sch and Details icons Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 108 Chapter 9 Assets Management 9 1 Assets Management Assets Management collects all agent computers software and hardware information to facilitate Enterprise to manage audit and maintain their computer assets efficiently Select Assets gt Assets to open the assets management windows The window includes Title bar Menu bar Toolbar Navigation bar Data panel and status bar L Assets Management File Assets Patches Vulnerabilities Deployment View Q Assets E gt Hardware Hardware Chan Software Software Chan Ordinal Computer SEI Home CARMEN SEI Office CARMEN SE Office TEMPO PC ZA Office TONY CPU AMD Ath
138. k the screen snapshot of a computer user by selecting Monitoring gt Screen Snapshot If a computer is logged by two or more users or same user logged into two or more computers O manager can select which screen to display by clicking this button Best fit windows size Q Original windows size D Track button the screen snapshot is automatically refreshed The refresh interval setting can be set in Tools gt Options gt Console Settings gt Information gt Interval of tracing frames seconds Q Stop Track the screen snapshot will not be refreshed Table 7 5 Screen Snapshot Functional Buttons Screen Snapshot Instant Messages Mail 0900 Microsoft Windows Professional Figure 7 3 Screen Snapshot Monitoring After selecting a target computer click the Track button to start the real time tracking function Then the screen snapshot will update when the target computer s screen is changed The track mode could be stopped by clicking the Track button again Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 90 7 4 Multi Screen Monitoring System administrator could monitor the screen snapshot of multiple target computers Multi Screen monitoring display is a screen matrix and the matrix size is from 2 x 2 to 4 x 4 This function could be started from menu Monitoring gt Multi Screen System will update the screen snapshot periodically
139. l Policy alert log Hardware Changes Hardware changes log Software Changes Software changes log Application Application usage log System administrator can set a policy to not record application usage log Visible It means the application with windows Window Application System administrator can specify applications only the specified applications will be logged The defined application classes can be applied here Supports wildcard input Window Title Change By default this is not recorded System administrator can set a policy to log the changes based on different applications optional Application System administrator can specify applications only the specified applications with window title changes will be logged The defined application classes can be applied here Supports wildcard input Web Web browsing log System administrator can set a policy to not record web browsing log Website Input the website manually support wildcard input The defined web classes can be applied here Document Document log System administrator can select to record or not record certain document type logs to make sure that all logs are useful for future tracing Disk Type Includes Fixed Floppy CDROM Removable Network and unknown disk types For example set a policy to not record any file operations on fixed disk File Name Set to record or not record specified
140. lick Export gt Records of Current Page will export the current page data By default there are 20 records in each page administrator can amend the maximum number of records in Console Tools gt Options gt Console Settings gt Logs Export All Matched Data Right click Export gt All Matched Records will export all records Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 30 Export Import Policy Only policy control provides Import function IP guard facilitates administrator to export import policies from one server to other servers Export Function In any policy settings panels right click to select Export Export Selected Export All to save the policies in XML file see Figure 3 14 If Exported Selection option is selected only the selected policy will be exported and saved 4 My Audit 3 Events Log a Basic Policy L Advanced Policy Br Traffic Network Mail IM File Printing Removable Storage lt 3 Time Name X AlDay block jpg X AU Da block MP3 Import op Export Export All Figure 3 14 Export All Policies Import function Select specified computer group or user group from the Network tree first right click Import in the policy setting panel see Figure 3 15 The File Open Dialogue will popup select the related XML file import process will be started To take effect on the imported policies click the button O to save the policies see Figure 3 16 Traffic
141. lon tn Intel R Pentium Intel R Core T Intel R Celeron Memory DDR1 256MB I DD J64 256MB IJ7A 25 DIMMO 1024MB ID DIMMO 1024MB Disk Drive Maxtor 6Y160P0 1 TOSHIBA MK8025 WDC WDS5001 4BY ST31600214 1526 Network Adapter 3Com EtherLink XL Intel R PRO Wirele Attansic L1 Gigabit Intel R PRO 100 Y Others Patches Patch Mode Computer Mode Vulnerability amp Vulnerability Mo Computer Mode Deployment Packages Tasks Figure 9 1 Asset Management 9 1 1 Assets Types and Property Assets Types Assets types include computer hardware software and self defined types Computer Summary of agent computers such as logon user domain and computer name etc Hardware Hardware types such as CPU memory hard disk motherboard NIC etc Software Software types such as Operating System Application Software Anti virus program Windows System Software and Microsoft Product Patches Self defined Self defined assets types means which are customized by System administrators which may not be collected from agents automatically such as routers printers desk chairs etc Table 9 1 Asset Types Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 109 Assets Property For every asset such as Memory there are some properties to mention the details such as slot number Max Capacity Current Capacity Capacity p
142. low teclink com hk only dll l ae Waring O Block All emails Eeer O Only offline Oo Expiring Time lt Always gt From To yahoo Subject Has Attachment O Email Size gt KB 0 Figure 6 13 Mail Policy Policy Example 2 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 76 6 13 IM File Policy IM Policy is used to control the communications using IM tools and monitor control all outgoing files sent through the IM tools to prevent information leakage through the IM channels The following IM tools are supported to limit the outgoing files sent through IM tools QQ MSN SKYPE TM UC RTX Yahoo POPO ALI ICQ etc Policy Properties File Name Specify what files are controlled Support wildcard input using 5 or as separators Limited Size gt KB Only enabled under the block mode Used to limit the outgoing file size Input range 0 100000 KB Backup If checked all outgoing files will be backup The backup files can be retrieved from Event log gt Document check the option has Backup and select the operating type is Upload Send for faster searching Minimum Size If Backup is checked the file size can specify to decide the file will be backup or not If gt KB out of the specified range the file will not be backup Maximum Size lt KB Table 6 12 IM Policy Properties IM File Policy Example 1 lt Requirem
143. luding Processor DVD CD ROM Drive Keyboard Mouse Network adapters etc Control Buttons SE Device List Checking method By Type By Connection and Show Hidden Devices Only enable under user mode select target user to check the device Remote Controls Disable Enable Select target device right click to select Disable or Enable to control agent s devices Table 8 4 Device Manager Controls 4 ES Monitorine o Maintenance b Applications Processes Performance Services gt Mana E TESTING d Computer s Disk drives EI Display adapters 4 DYDICD ROM drives E Floppy disk controllers H Floppy disk drives f IDE ATA ATAPI controllers lt a Keyboards Mice and other pointing devices 3 Monitors ORR ee Cp z S Gi 5 z a Atheros L2 Fast Ethemet 10 100 Base T Controller E VMware Virtual Ethemet Dsable y BY VMware Virtual Ethernet 4 2 Other devices Refresh 3 Ports COM amp LPT Me Processors a EI Sound video and game controllers IN RR R System devices Universal Serial Bus controllers Figure 8 5 Remote Maintenance Device Manager Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 100 8 1 5 Services Select Maintenance gt Service to check the agents system services information including Name Description Status Startup Type Log On As and Path DH
144. m 12 3 2008 07 29 15 00 11 TONY Please help to register IP carmenh teclinkcomhk kelvin hk kyoc 16 5 2008 07 29 14 20 33 TONY FW e mail in Enquiry nikOteclink com hk carmenh teclin 16 4 TONY e mail in Enquiry carmenh teclnkcomhk cynthiaGamezin 1 8K TONY polyunotebook promoti daniely teclinkcomhk carmenh teclin 114 E 2008 07 29 13 56 03 TONY polyunotebookpromoti Lovisa Lui msnulifecom carmenh teclin 5 8K E 2008 07 29 12 53 48 TONY KMHKevents carmenh teclinkcomhk nik teclinkcom 1 8K E 2008 07 29 11 31 33 TONY IP guard website Engve daniely teclinkcomhk carmenh teclin 13 5 a M 2008 07 29 11 27 05 TONY RE IP euard database iss francis tan icl commy cermenh teclin em lt Figure 7 2 Mail Monitoring Email contents include Send Receive Subject Sender Recipients mail content attachment and size Send Receive represents the mail is outgoing email while represents the mail is incoming email Subject Subject of email Sender Sender s email address Recipient Recipients email address including CC and BCC email address the details can be reviewed in the property windows Attachment 0 represents the mail has attachment By default system will backup all email attachments System administrator can add a Logging policy to not backup the attachment details please refer to Section 6 7 Click button to retrieve the attachments Size Email size Content Select
145. m Search Panel gt Classes field and click the button LJ the following windows will popup Select Appication Classes Selected T Application Classes im 5 Windows Application 5 Internet Browser E Unclassified microsoft Office Em E Internet Browser E Microsoft Office E Game e E Media Player Download 5 Disc Burning C Working Time Figure 4 5 Application Classes Select Windows Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 35 For example refer to above figure to get the statistics of IM and Internet Browser application classes by specified computer group and user group the method is selecting the target application class from left panel and click the button RL Click OK to complete the selection Finally click the button Search to get the result in the Data Panel Computer IM Y Internet Browser Microsoft Office Ei Unclassified 01 15 20 01 23 00 02 42 10 y CARMEN DESKTOP 00 44 20 00 17 40 00 00 00 y TONY 00 31 00 01 05 20 02 42 10 TEMPO PC 00 00 00 00 00 00 00 00 00 y CARMEN SAMSUNG 00 00 00 00 00 00 00 00 00 gy Total 01 15 20 01 23 00 02 42 10 Figure 4 6 Application Statistics By Group by specifying Application Class Application Statistics not only show the list table it can also generate charts to present the statistical data There are two types of charts Bar Chart and Pie Chart Bar Chart vax H M a ES Microsoft Offic
146. mation to view the basic information of the computer computer group user and user group see Figure 3 6 The console displays the running status of the computer and agent when selected a computer 1 Computer Basic Information Name Value Name TOSHIBA M5 Computer TOSHIBA M5 IP Address 192 168 0 97 Status Running Version 3 11 0512 0 OS Windows XP Professional Running Time 2009 06 22 12 35 18 gt Last Online 2009 06 22 12 48 19 Last Active Time Installed Time 2009 06 22 12 47 39 2009 06 22 12 31 31 gt IP MAC 00 15 87 52 76 59 192 168 0 97 00 18 DE 07 68 970 Last Logon User Toshiba e Toshiba 2009 06 22 12 36 05 Figure 3 6 Computer Basic Information Name The name displayed in the Computer Tree in order to facilitate management the name can be changed If not changed the name is same as computer name Computer It is a real Windows computer name IP Address Computer s IP address Status Agent status Running Offline Uninstalled Version IP guard agent version OS Agent s OS version Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 25 Running Time Agent e startup time This time only displayed if the status is running Otherwise it will not be displayed Last Online The last communication time between P guard agent and server Last Active Time The last active time means the recorded time of the last activities of the
147. mmunications between Illegal type computers and Protected type computers If this option is checked all unknown type computers are also treated as Illegal In other words these unknown type computers also cannot communicate with Protected type computer Important Before enable this function make sure the unknown type computers are required to be blocked Otherwise set the specified type Authorized or Protected manually Warning message will be given before confirm to enable this function see Figure 10 5 If no IP address range is specified the Intrusion Detection Agent will block all illegal type computers communication Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 133 if IP address range is specified the Intrusion Detection Agent will only block the illegal computers communications within the specified range Table 10 2 Intrusion Blocking Functions IP guard 3 les NOTICE After applied this function the computers without installing client program will be treated as illegel If the network devices such as switch router firewall are not set as authorized it will be treated as illegel and maybe cause the network fault Please set the key network devices and servers without installing client program as authorized before applied this function Are you SURE to APPLY this function NOW Figure 10 5 Intrusion Blocking Warning message 10 3 Other Settin
148. mputer group and user group the method is selecting the target web class es from left panel and click the button RL Click OK to complete the selection Finally click the button Search to get the result in the Data Panel Computer gh Unclassified Y CARMEN DESKTOP d TONY d TEMPO PC d CARMEN SAMSUNG gy Total Search Y Webmail Video 09 43 30 01 42 20 08 32 00 07 15 30 01 27 40 08 32 00 02 28 00 00 14 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 43 30 01 42 20 08 32 00 Figure 4 14 Web Statistics By Group by specifying Web Classes Web Statistics not only show the list table it can also generate charts to present the statistical data There are two types of charts Bar Chart and Pie Chart Bar Chart HM 10 50 9 45 y 8 40 f 7 35 Y 6 30 5 25 y 4 20 315 Y 2 10 Y 1 05 intranet cs hku hk be sine com bk video google com www vonlive com hk yahoo com www ip guard com carmenhau homeip net hk search yahoo com hk vonlive com www fortisagents com O El oO E O O El Figure 4 16 Web Statistics Bar Chart Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 39 Pie Chart vax intranet cs hku hk tv sina com hk video google com www vonlive com hk yahoo com www ip guard com carmenhau homeip net hk search yahoo com hk vonlive com www fortisagents com 13 BOOSEEOREE Time Figure 4 17 Web
149. mputers Management System Network IP MAC Binding and ActiveX controls Control Panel Control Panel All Control Panel s functions Modified Display Properties Restrict users to change the theme desktop screen saver and appearance Add printers Restrict user to add printers Delete printers Restrict user to delete printers Fast switching user in XP Restricted in Windows XP only Computers Management Device Manager Restrict user to use Device Manager Disk Management Restrict user to use Disk Management Local users and groups Restrict user to use Local users and groups Service Management Restrict user to use Service Management Other computer Managements Restrict user to use Event Viewer Performance Logs and Alerts and Shared Folders which located in Computers Management System Task Manager Restrict user to use Task Manager Regedit Restrict user to use Regedit CMD Restrict user to use CMD For Windows 98 it is command others are cmd Run in registry If the mode is block for this option the process under Run will not be run when OS is starting up Log off or restart is required for effective RunOnce in registry RunOnce means that the process only run once when OS is starting up it will not be run again in the next startup If the mode is block for this option the process under
150. n be plugged out safely on the Local removable storage disk information windows of IP guard console rather than on the System Tray of Windows For agent computers encrypted disks only can be safely plugged out by this way Go to My Computer and right click the encrypted disk to select Eject device Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 139 11 3 Removable storage Information By default there are two types of removable storage Encrypted Disk and Non Encrypted Disk If the Disk Type is empty it represent that this connecting device is non encrypted Yolumn ID Description Remarks Information Yolume Type Partition Format Volume Lable ee 8666 EC4E SanDisk Cruzer 1904 M FAT32 USB De 4934 B719 RamBo UltraDiskPro 248 M Encrypt disk FAT Er 4934 BD6D SanDisk Cruzer 1904 M Encrypt disk FAT32 e 142 0503 SanDisk Cruzer 1904 M FAT32 e 344B 6F80 RamBo UltraDiskPro 247 M FAT32 e 4934 ESFE RamBo UltraDiskPro 248M Encrypt disk FAT 11 3 1 Account Management Select from menu bar Tools Accounts M select an account on the left pane of Accounts Management interface then select Authorities tab to view Manage Encrypted disk and Format as Encrypt disk options Manage Encrypt disk Limit the operation rights on Managing Encrypt Disk and it is used in class management Format as Encrypt disk Format encrypted disks into non encrypted disks or format non encrypted disks into en
151. n button to specific the traffic directions Total Sent or Received Table 4 7 Traffic Statistics By Port Protocol All Total Intranet Total Internet Total Y TCP 8235 75 0 M 75 0 M 0B A TCP 8237 555M 555M 0B TCP 80 46 8 M OB 46 8 M ah TCP 139 20 1 M 20 1 M 0B Y TCP 5900 33M 33M OB Y TCP 443 255 0K OB 255 0K 4 Total 201 1M 154 0 M 471 M Figure 4 20 Traffic Statistics By Port Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 42 3 By IP Classes List the details of IP Classes traffic by selecting computer group or user group By default the statistics shows the IP Classes and the corresponding Port Port Classes traffic statistics All total TCP total and UDP total IP Address Aall Total TCP Total UDP Total AN 286 286 OB A Intranet 276 276 OB A Internet 138 9 M 138 9 M OB Figure 4 21 Traffic Statistics By IP Classes 4 By Port Classes List the details of Port Classes traffic by selecting computer group or user group By default the statistics shows the Port Classes and the corresponding IP IP Classes traffic statistics All total Intranet total and Internet total Protocol All Total Intranet Total Internet Total Y ICP 286 276 138 9 M f All 286 276 138 9 M A UDP OB OB OB Figure 4 22 Traffic Statistics By Port Classes 5 By Computer IP Classes List the details of By Computer IP Classes traffic by selecting computer
152. nctional Buttons Search Conditions Date Time Range Common Search conditions Specified start date end date time and range IP Range Specified remote IP addresses System Administrator can select the Network IP classes which are defined in Tools gt Classes Management gt Network Address or directly input the IP address in the IP Range field Port Range Specified remote IP ports System Administrator can select the Network Port classes which are defined in Tools gt Classes Management gt Network Port or directly input the communication protocol with IP port e g TCP 139 in the IP Range field If not specified the protocol by default it is TCP Table 4 5 Traffic Statistics Search Conditions There are 6 modes in Traffic Statistics 1 ByIP List the details of remote IP addresses traffic by selecting computer group or user group By default the statistics shows the remote IP address and the corresponding Port Port Classes traffic statistics All total TCP total and UDP total IP Address This column lists all remote IP address If IP range is specified from the Search panel it only lists the specified IP range Select from Search Panel gt IP range to specify the IP range or input the IP address directly All Total It represents the total traffic of all ports By default the total traffic of TCP and UDP are also listed If port range is specified from the Search panel it
153. nformation How to add a custom asset e g office has 3 printers System administrator can add a custom asset called Printer Select Operate gt New Asset to input Printer and then also add the corresponding Instance properties such as Model Department Buy Date Price Warranty etc i Asset Classes Management Operation View a xX E Computer SE Hardware 5 Software Y Antivins 45 Application A os OY Patches of Microsoft Product E Windows Gp Custom RA Desk DA Printer BA Router BA Switch lt Figure 9 5 Custom Asset Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 113 For all custom assets System administrator required to add the property value manually Details please refer to Section 9 1 7 9 1 3 Hardware Query Select Assets gt Hardware to check all hardware assets of agent computers or input conditions to filter the query results Query Asset Information By default all agent computers CPU Memory Disk Drive and Network Adapter are listed Double click one of the computers in the list to view the details of individual agent In the individual Asset Information windows by default it shows the hardware information Select Show All or Show gt Software to view other assets information In the asset property there is a default property Brief this information focus the asset Instance property While in all classific property there is a defaul
154. nly with valid register ID input the whole registration procedure is so called completed There are two methods to complete the registration 1 Online 2 Email Please fill in the product registration information with Company Name Contact Person Contact Number and email address Click Register Online button then the Register ID will be returned and displayed in the Register ID RID field A dialogue box with system message showed will pop up to confirm the registration Click Close button to leave the registration interface Please fill in the product registration information with Company Name Contact Person Contact Number and email address Click Send Email button Email will be sent to your registered email address with Register ID please copy and paste the Register ID into Register ID RID field then click Register button to confirm the registration A dialogue box with system message showed will pop up to confirm the registration Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 10 Click Close button to leave the registration interface Table 2 2 Registration Methods A Important a You have to activate the product with input valid register ID within 15 days Otherwise the system will be stopped automatically and cannot work properly a If your server cannot connect to Internet or other reasons please email us with your Serial Number SN and Prod
155. nnection Dial up Connection Control USB Device USB Keyboard USB Keyboard Control USB Mouse USB Mouse Control USB Modem USB Modem Control USB Image Device USB Image Device Control such as Webcam Digital Camera and Scanner USB CDROM USB CDROM Control USB Storage USB Storage Control USB Hard disk USB Hard disk Control USB LAN Adapter USB LAN Adapter Control Other USB Devices Control other USB devices not mentioned as above Network Devices Wireless LAN Adapter Wireless LAN Adapter Control Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy PnP Adapter USB PCMCIA Virtual LAN Adapter Virtual LAN Adapter Control Audio Audio video and game controller control Virtual CDROM Virtual CDROM Drive Control Any new devices Any new devices plug in if the mode is block all new devices cannot be used Table 6 4 Device Policy 5 Requirements GC Some companies policies not allow staff listening music or playing online game during office hours In this case System administrator can set a policy to prohibit the use of Audio Policy 1 add a policy to block Audio in Device Policy and set the effective time is Working Time Property wax Property Yalue Name Prohibit the use of Audio Time Working Time Mode Block Only offline Ol Expiring Time lt Always gt Devi
156. ns Email and IM with interval settings 2 seconds 4 T Audit FH Events Lor Y Basic Policy Advanced Policy ep m Property E n Property Value Basic Device Application Web Screen Snapshot Logging Remote Control Name Record Email amp IM a 2 e Time All Day Mode Record Time Neme Ce Se A a p S e Fee E xpinng Lime lt Always gt All Day Record Email amp IM applications every 2 seconds Aubefen 14 Email Interval Sec 2 Figure 6 7 Screen Snapshot Policy Example The smaller the interval is set the larger data size of the screen snapshot history System administrator should estimate the total size of snapshot and prepare the sufficient hard disk storage space to save the snapshot history Typical reference The data size is about 42MB for one agent with Interval setting all applications 15s running 8 hours per day Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 66 6 7 Logging Policy By default system has a preset policy to log all logs except Windows Title Depends on different Enterprises requirements System administrator can add a policy to uncheck some logs that are not require to log Policy Properties Mode Record or Not Record Startup Shutdown Startup Shutdown log found in Basic Event log Login Logoff Login Logoff log found in Basic Event log Dial Dial log found in Basic Event log Policy Contro
157. nstallation process will determine the operation system and the version of the SQL Server If the installation is not successful please check the error message in Windows Event Viewer gt Application to analyze the problems 2 3 3 Server Registration IP guard will generate a trial key for 30 days trial at the first time installation the serial number is composed of 6 groups of 4 digits string a TN Service Start Checkcode Service Stop Refresh service Event logs v Auto start service when OS starts Exit 3929 12 5 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 9 How to Gr Register 14 days left xj m Serial Number SN Demo Upgrade m Product Registration Company Tel E Contact E Mail Send Mail Register Online m Register PID AGJE UFKW AEJN KD66 RID Close Figure 2 3 Server Registration 1 Right click IP guard Service Manager gt Tools gt Register then input administrator password to enter the registration interface 2 Click the Upgrade button the serial number text field becomes editable input the licensed serial number 3 Click Confirm button to confirm the input serial number If the input is correct system will pop up a confirmation dialogue and remind you to activate the system You have to register the product to obtain the register ID O
158. ogging Alert Name Only allow accessing 090090 SE DS Mode Allow Alert O All Day Only allow y Company s intemal website oO X Al Day Block all websites l Lock Computer O Only offline O Expiring Time lt Always gt Website intemal Figure 6 6 Web Policy Example 1 2nd Policy Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 65 6 6 Screen Snapshot Policy Screen snapshot function can record all operations behavior in agent computers By default system would not record anything as the data size is quite large System administrator can base on their needs to set a policy to record the screen snapshot Policy Properties Mode Record or Not Record Application By default it is lt All gt It means all screen snapshot will be recorded based on the interval setting However if only required to capture specified applications e g Outlook IM applications here the System administrator can select the target applications Interval Sec By default the interval setting is 15 seconds It means system will take a snapshot every 15 seconds The valid interval range is from 1 to 999 and only enabled under Record mode Table 6 5 Screen Snapshot Policy Properties Screen Snapshot Policy Example Requirements Only capture some important applications such as OUTLOOK and IM applications used by end users Policy 1 Add a policy to record specified applicatio
159. only lists all specified range Select from Search Panel gt Port range to specify the port range Click the Direction button A to specific the traffic directions Total Sent or Received Table 4 6 Traffic Statistics By IP Update By Ryan Lee Last update v2 0Rev20120809 Chapter 4 Statistics P 41 IP Address 4 192 168 0 109 f 192 168 0 55 f 192 168 0 156 4 192 168 0 78 ath 74 125 11 24 ah 210 17 251 188 474 125 11 36 4207 46 211 124 A Total 2 ByPort all Total 83 3 M 655M 46 6M 11 6 M 2 3 M 15M 1216K 1059K 211 1 M TCP Total 83 3 M 65 5 M 46 6 M 11 6 M 2 3 M 15M 1216K 1059K 211 1 M Figure 4 19 Traffic Statistics By IP UDP Total OB OB OB OB OB OB OB OB OB List the details local IP address traffic by selecting computer group or user group By default the statistics shows the protocol and port used in local IP address and the corresponding IP IP Classes traffic statistics All total TCP total and UDP total Protocol This column lists all ports with corresponding protocol e g TCP 80 If Port range is specified from the Search panel it only lists the specified Port range All Total It represents the total traffic of local IP address By default the total traffic of Intranet and Internet are also listed Select from Search Panel gt IP range to specify the IP range or input the IP address directly Click the Directio
160. ord Details please refer to Section 6 8 Remote Control Policy Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 106 Remote Control Interface When the agent computer is in remote control status a message Remote Controlling would display at the right upper corner to inform the agent user that his her computer is under remote control Functional Buttons Ql 100 GEN Screen Size E Full screen mode To exit from full screen mode press F12 or press ctrl Esc and then right click on the viewer task icon to see the menu or full screen mode To exit from full screen mode use Ctrl E sc and then right click on the viewer taskbar icon to see the menu or press F12 C Skip next time Refresh screen Change the color quality Display in 256 bit color Enable agent computer s mouse and keyboard during remote controlling Disable agent computer s mouse and keyboard during remote controlling Allow using clipboard during remote controlling CMe ala Prohibit to use clipboard Table 8 9 Remote Control Panel Functional Buttons Right click the remote control windows to send Ctrl Alt Del Ctrl Esc or F12 commands to remote computer 8 2 2 Remote File Transfer Select target agent computer from the network tree then select Maintenance gt Remote File Transfer from menu bar or right click to select Control gt Remote File Transfer
161. ortant When we set selected users as having no logon script our program will not delete script files You have to clear the files yourself and please make sure the files are not used by any script file before you delete them Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 16 2 5 System Upgrade 2 5 1 Server and Console Upgrade It is easy to upgrade server and console using our Upgrade pack How to 1 Go to Windows Control Panel gt Administrative Tools gt Service to stop the following 2 services OCULAR V3 SERVER and OCULAR V3 UPDATE 2 Go to task manager gt Process stop the service manager OControl3 exe and console OConsole3 exe 3 Now you can start the upgrade process by executing the upgrade program In the upgrade program you can see your current version and upgrade version details Click Upgrade button to start OR you can upgrade using IP guard full package to replace the existing one completely 4 After completed go to Windows Control Panel gt Administrative Tools gt Service to start the OCULAR V3 SERVER and OCULAR V3 UPDATE manually If you are using IP guard full package method the server will start up automatically 2 5 2 Agent Upgrade Once the server is upgraded successfully the corresponding agents will be upgraded automatically The agent machine must be restarted to complete the system upgrade 2 6 Uninstall IP guard 2 6 1 Uninstall IP gua
162. perties Property 2 Requirement Only log all incoming and outing emails without attachments Policy 1 Add a logging policy to not record email attachments Policy Name Not record email attachments Mode Record Mail Send Receive and Not Record Attachment checked Mail Value E aniooni Se Not record email A 2m Receive All Day Sender Record St O Recipients lt Always gt Mail Size gt KB 0 Not Record Attachment Figure 6 8 Logging Policy Policy Example Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 68 6 8 Remote Control Policy With remote control policy we can control the agent computers that can be controlled remotely or not There are two controls in Remote Control Policy Remote Control and Remote File Transfer Policy Properties Remote Control This option is only enabled under the mode Allow If checked it represents that all remote control access rights must be granted by agent side If not checked it represents that the remote control access right can be granted by agent or using pre defined password methods to process the remote control Manager Name Target to control the logging on System administrator e g can limit some administrator that cannot remote control specified agents Administrator accounts can be created from Tools gt Accounts Console IP address Limit the Console within specified IP range to process remote control action
163. pes include Basic Event logs Document Operations Logs Web Logs Application Logs Assets Change Logs Printing Logs Policy Logs System Logs Shared Files Logs Removable Storage Operation logs Screen History Instant Message Mail Application Statistics Web Statistics and Traffic Statistics default is all unchecked which means no data will be deleted automatically Range 1 Search Range The following two cases may cause agents cannot communicate with server and or not appearing in the network tree Not specified server IP address when packing agent Change of server IP address In these cases the search ranges should be set To make the input search range to become effective the option Apply Active Polling must be checked too in Server Settings gt Connection Otherwise the search range input is not effective When target agents are found and appear in the network tree properly the search range can be removed 2 Exclude Range All agents in the specified exclude ranges cannot communicate with server H the agent currently is communicating with server once the exclude range is applied the agent will become grey color after 3 minutes Notes that all applied policies are still effective for excluded agents Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 171 Restart server is required after input the exclude range to make it effective No range is set by def
164. plication lt A Figure 6 3 Application Policy 1 Direct Input Application Name In the Application Setting windows click the button to input the application name directly e g thunder exe If the user changes the application name to thunder123 exe it makes the policy not effective anymore because the input only matched with a string To avoid this problem use the following method 2 2 Select from Application Class In the Application Setting windows click the button and the Application Class Selection windows popup Check the application classes you want to control If the mode is block even the user changes the application name later the policy is still effective How to customize the Application Class please refer to Chapter 12 4 1 A Caution Prohibit all applications will cause many processes terminated immediately once the policy applied Warning message will be given before decided to block all applications IP guard Y3 Console E to execute A You have selected to block all applications in policy Application Policy_1 it will make many applications on agent not Are you sure to continue Figure 6 4 Application Policy Warning Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 64 6 5 Web Policy Web Policy effectively controls user to access websites System administrator can set the web policies to control user to access some prohibited websites There are two
165. ploying Vulnerability D B weet 2007 04 30 15 26 06 Admin 986 KB deploying Vulnerabilities 1 12 Demo package 2007 05 15 09 30 10 Admin OKB Ready Deployment SG E Packages Tasks AAA a Ready CAP NUM ECRL Figure 9 11 Deploy Package 9 4 1 Package Deployment System administrator requires creating a deployment package first deployment package includes required deployment conditions which can be saved in server and used repeatedly Click the new button O create a new package or right click deploy package list to new one the deployment conditions include General conditions File Conditions Checkup conditions and Necessary conditions General Conditions Settings Input basic information package name operating system and language Name By default it is set as New Package System administrator can rename it but cannot be empty Created and Modified Time These two fields will be generated by system and cannot be edited They are empty when the deployment package is still in creating Once completed the created time and System administrator name will show Any changes made of the deployment task the modified time will also be Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 123 updated Operating System By default all are selected System administrator can select the target Operating System for the deployment Langu
166. pts of selected users in domain server When those users use their computers to log on to the domain server the logon script is run and P guard Agent will be installed to the selected computers remotely How to 1 Download the program first http www ip guard com Down V3 supp LogonScript zip 2 Extract the zip file then copy and paste the LogonScript folder to Domain Server any locations e g place it in Desktop or C 3 On the IP guard Server using Agent Installation Generator to generate the agent setup program name ASetup exe Please refer the details in Section 2 4 1 Direct Installation how to generate the setup program 4 Copy and paste the ASetup exe into LogonScript folder 5 Execute the LgnManV3 exe 6 The interface of Logon Script Manager is shown as following LgnManV3 exe will automatically scan and show all existing domain users The user icon for the green color means that logon script has included our Agent installation settings 7 Select required users to set installation script you can use CTRL or SHIFT keyboard to select multiple users and right click to select the users 8 Click the button Set Script after you have selected required users 9 When the selected users log on to the domain the logon script will be run and IP guard Agent will be installed to computers of the selected users 10 Once IP guard Agent is installed to the selected computer you can restore the logon script of the selected user to
167. rd Server and Console How to 1 Close all running Console 2 Go to All Programs gt IP guard V3 gt Uninstall IP guard V3 to uninstall IP guard or go to Control Panel gt Add Remove Program to uninstall P guard A Important Uninstall agents first before If you want to remove all IP guard agents Console and Server please delete all agents first using Console before removing IP guard Otherwise the agents are still running in every computer installed with IP guard agent even the IP guard Server is removed 2 6 2 Uninstall IP guard Agent To uninstall P guard agents you can either do it from IP guard Console or agent side machine Once the agent is uninstalled that agent will not be guarded by IP guard anymore unless the agent is re installed Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 17 From IP guard Console How to 1 Select the agent from The Whole Network tree that you want to uninstall If you want to uninstall all agents at a time please click The Whole Network 2 After selected there are 3 ways to uninstall the agent 2a From the toolbar select Control gt Uninstall Agent or 2b Right click the agent from The Whole Network select Control gt Uninstall Agent from the menu or 2c Go to Tools gt Computers click the Uninstall or Delete button Notices that the difference between the function of Uninstall and Delete button E Uninstall but
168. rd_full backup Add Content Figure 12 4 Backup Database 6 Click the button OK to complete the backup T Back Up Database OCULAR3 Selecta page 3 E soit gt Die Source Database OCULAR3 Recovery model Backup type Backup component Database Microsoft SOL Server Management Studio Express i The backup of database OCULAR3 completed successfully Ba COnnetsnss Server IP 8CB455746EE9 Connection IP 8CB455746EE Mteclink 3 View connection properties Progress gt Executing 100 Stop action now Destination Back up to Disk spe C OCULAR3_20080101_20080530 P quard_full backup Figure 12 5 Complete Database Backup 7 Right click the Database OCULAR3 Tasks gt Detech to detach the database see Figure 11 6 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 146 E Microsoft SOL Server Management Studio Express File Edit View Tools Window Community Help Di New Query y A GF GY as ol a o Object Explorer BRM Summary 22 712 ares a ia IP 8CB455746EE9 SQL Server 9 0 3042 IP 8CB 3 Y Databases E H A System Databases OCULAR3 a T IP 8CB455746EE9 Databases OCULAR3 LA Data New Database E Table New Query E 13 Views een Name a cript Database as S Lill Synor LY Database D
169. re installing its ActiveX Prohibit this option to stop user playing online game Flash ActiveX This ActiveX is required for playing FLASH Prohibit this option to make the FLASH file cannot be played properly Others PrintScreen keystroke To block the use of PrintScenne Keystroke System Restore To prevent user to restore system back from agent to non agent state Using this option to prohibit the system restore function Windows Automatic Updates To block the function of the use Windows Automatic Updates Table 6 3 Basic Policy Basic Policy Example 1 4 Requirements gt es IP settings cannot be changed by end user However it should be allowed when the computer is out of office for business trip Policy 1 Add a policy at The Whole Network level to block Change IP MAC Property Policy 2 Add another policy at the target computer group level to allow Change IP MAC Property with option Only offline checked Result According to the policy matching mechanism the second policy 2 should have higher priority So the second policy will be matched first when the computer determined as offline status the policy 2 will be invoked and the user should be able to change the IP settings However if the computer determined as online status obviously the conditions specified in policy 2 not satisfied then another policy 1 will continue be matched As the condition satisfied policy 1 is invoked
170. rol policy a policy prohibits all word document to copy to removable disk The resulting execution is not allowed copying any word documents to removable disk but other files are allowed copying to removable storage with Update By Ryan Lee Last update v2 0Rev20120809 Chapter 7 Monitoring P 85 Chapter 7 Monitoring 7 1 Instant Message Monitoring System administrators are able to monitor Instant Message history of Agent computers by selecting Monitoring gt Instant Message Supported instant message tools include Tencent QQ TM MSN Messenger ICQ Not support web based ICQ yet Yahoo Messenger Sina UC 163 POPO outgoing message only Skype support both since v3 0 2108 Tencent RTX Lotus Sametime and Alibaba AtiTalk O Tools Computer Local User Contact User Begin Time End Time EE Ak xy henryho 2007 04 27 16 30 31 2007 04 27 16 31 12 2 YAHOO xyz teclinktest Ho Henry hokk 2007 04 27 15 59 15 2007 04 27 16 11 36 ES MSN Mes xyz test Henry Ho 2007 04 27 15 58 06 2007 04 27 15 58 27 3 E ALI xyz teclinkt henryhoke 2007 04 13 16 54 52 2007 04 13 16 55 32 4 all xyz teclinktest henryhoke 2007 04 13 16 23 13 2007 04 13 16 24 17 2 JA MSN Mes xyz test2 Henry Ho 2007 04 13 12 50 03 2007 04 13 12 50 10 3 Bsn Mes xyz test2 Henry Ho 2007 04 13 12 01 15 2007 04 13 12 01 15 1 J MSN Mes xyz test Henry Ho 2007 04 13 11 07 25 2007 04 13 11 07 25 1 A QQ xyz teclinktest henryho 2007 04 13 10 54 26 200
171. rosoft Published Bulletin ID Patch ID Patch ID Name Patch Name with ID Not Installed The total number of agent computers not installed the corresponding patch Select the patch to check the installed not installed patch situation from the bottom panel Auto downloading System administrator can set the download policy Download or Not Download By default it is set to Not Download and this field is blank server will not download the patch automatically Download State Includes Not Download Download or Downloaded When mouse moves to the column the download status will be displayed in Complete download will show as 100 Detailed Double click the patch or right click to select Details to check more information Information about the patch including Download Path Size and Description etc Table 9 11 Patch Log Contents Patch Download Settings Under Patch mode can check all agent computer patches list By default system would not install and install the patches automatically System administrator required to set manually In the Auto Downloading field using Y to represent that patch is set to Download if set to Not Download this field is empty and the server would not automatically download For the coming new agents System administrator can set the patches download option automatically or not from the Console select Tools gt Options gt Server Settings gt Patches there are two options there
172. rror Code 3030 0 0 IP 559 148 189 173 2008 08 22 20 53 20 Agent was not accepted Error Code 3030 0 0 IP 559 148 189 173 E 2008 08 22 20 13 52 Agent was not accepted Error Code 3030 0 0 IP 59 148 189 173 Fy 2008 08 22 16 26 25 Agent was not accepted Error Code 3030 0 0 IP 59 148 189 173 Ep 2008 08 22 14 05 37 Agent was not accepted Error Code 3030 0 0 IP 59 148 189 173 Eh 2008 08 20 17 45 26 Server Start Eh 2008 08 18 14 32 58 Server Start Eh 2008 08 18 14 28 12 Server Stop 5 2008 08 15 15 53 46 Detect new computer IP 192 168 0 101 MAC 00 B0 DO DO 13 B Reportor TONY 00 11 D8 3B nm Figure 5 9 System Logs Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 56 Chapter 6 Policy 6 1 Policy Introduction Administrator can limit the use of computer and network resource on agent computer by setting policies to control staffs computer usage and improve productivity Common Policy Properties Name This is user defined name to descript the policy It is irrelevant to the actual function of the policy When adding a new policy the system will add a default name to the policy and administrator can change it later Time This is time range that the policy is effective It can be self defined time type Time types are set in Tools gt Time Types If no suitable time type available select Custom and set the time range from the popup time matrix Mode After sa
173. rver restarted el Click this button to restore to default directory settings The restore path setting becomes effective after server restarted Performance 1 Fixed Mode if this option is selected it means the number of agents is specified handled by server Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 172 The range is available from 0 to 100 2 Dynamic Mode This option is selected by default if Normal is selected it represents the average usage rate of sqlserver used by oserver3 is 30 If High is selected the upper limit is 50 while if Low is selected the upper limit is 10 Generally speaking the higher performance of the server under dynamic mode the higher number of agents that can be handled by server For some real time operations such as monitor the real time screen snapshot or remote control these are not affected by this option Error Report the agent verification error messages will only be logged when this option is enable and can be found in Event Log gt System Logs The details description of report levels are as following All Report all errors Low the results returned from agent are not expected by server Moderate over license Important Serial number or checkcode error Critical Communication between agent and server corrupted caused by exclude range is set Table 13 12 Options Server Settings Update
174. s If the input is 0 0 0 0 255 255 255 255 or blank or invalid IP range all are treated as all IP address and using lt All gt to represent Console Name Limit the Console with specified Computer Name to process remote control action Table 6 7 Remote Control Policy Properties Notices that the Manager Name Console IP address and Console Name support symbol 5 and as separator to allow multiple settings Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 69 6 9 Alert Policy Alert policy is used to monitor the changes from hardware software and other system settings any changes system will give alert to System administrator in real time This facilities the System administrator to understand the real time situation of each computer in the network and make appropriate measures to increase the maintainability Alert Policy includes the following alert function Hardware change Plug in Plug off Plug in Storage Device Plug off storage Device Plug in communication device Plug off communication device Software changes System service change Startup change System time change Computer name change and Network configuration change Policy Properties Hardware change Any hardware installed or removed alert Plug in External devices plug in alert also record the device name Plug off External devices plug off alert Plug in storage device External storage device pl
175. s are discovered see Figure 10 3 A Alert Server Alert Detect new computer IP 192 168 0 63 MAC 00 1B 38 35 6E 84 Reportor TESTING 00 1D 60 6F 5E 95 192 168 0 11 Figure 10 3 New computer detected alert message Computer Types and Settings By default there are 2 types classified when computers discovered Normal and Unknown Normal lt represents the computer installed with IP guard agent Unknown It represents the computer without IP guard agent installed and does not specify the type manually if options Enable intrusion blocking and Block computers without IP guard installed and marked as authorized are selected in the setting the unknown type computers are treated as illegal type computer Treated as illegal computers all communications between illegal type computers and protected type computers are blocked Table 10 1a Computer Types and Settings Default Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 131 Except Normal and Unknown types there are 3 more types can be set manually including Authorized Protected and Illegal the functions descriptions are listed as following table Authorized Protected Illegal Hints All communications will not be blocked if computer treated as Authorized type What kinds of computers should be set as Authorized such as Department Heads computers which may not install IP guard agent and some key net
176. s expiry date Click button to set the expiry date In the Setting windows check the Apply and input the expiry time The system does not allow user to set expire date earlier than the current date If the policy is expired the fonts in the policy will be displayed in dark grey and the Expiring Time will be displayed in red Only Offline When no communications between server and agent is over 3 minutes it indicates that agent is in offline status The policy will only be effective when console determines the agent is in offline status When should apply this option is System administrator may apply different policies for notebook users when it is for business trip office amp home uses or in case the network cable plug off Table 6 1 Common Policy Properties Priority Matching for Policy Policy adopted mechanism is similar to Firewall each goal can be combined from a number of policies and then matched in accordance with their relationships At the same time different computers group or users group inherit their parents policies Function of Policy Buttons x lt 000000 New click this button to add a new policy Up move up selected policy Down move down selected policy Delete delete selected policy Restore cancel new added policy or any modified settings Save click this button to save all new added or modified settings Indicates that the policy mode is allow Indicates that the policy mode
177. scriptions 4 Select the date as the start time from the calendar k Select the date as the end time from the calendar Restore to default setting Time IP guard has several defined time types All Day Working Time Rest and Weekend which can be found in Tools gt Classes Management gt Time Types see Figure 3 5 System Administrator can also define new time types for their preferences to facilitate the queries Time Types Classes E oe Time All Day MA aan Working Time a Rest Weekend all Mon Tue Wed Thu Fri Sat Sun Sat 0 00 24 00 Figure 3 5 Classes Management Time Types Network Range Click the J button to select the network range either a single computer group or the entire network for query Table 3 4 Descriptions for Common Search Conditions Functions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 24 Common Log In the event log including every common log email log instant messenger log it commonly includes the following contents Time The time for the detailed log Computer The log records belonging to the client machine the computer name here is recorded by IP guard showed in the agent panel User The log records belonging to the user the user here is recorded by IP guard showed in the user panel Table 3 5 Descriptions for Common Log Records 3 3 Computer and User Operations 3 3 1 Basic Information Select from menu Statistic gt Basic Infor
178. see the installation process if this option is unchecked Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 127 9 4 2 Task Distribution Except to create distribution packet tasks distribution is also required to create to specify target agent computers Click the button to create a task Task distribution settings include Task Name Package Name Max Retry and Target computers Task Name By default it is set to New Task System administrator can edit the name but it cannot be empty Package Name Click the button CJ to select required package which created in package part Max Retry The task will retry if it is failed Be default it is set to 10 if 0 is input it means unlimited retry Target Click the button Ey to select target agent computers Table 9 21 Task Distribution Click OK will start the deploy task immediately Select the task to view the task status Task cannot be deleted when deployment User can right click on the task and select stop to stop the task Right click on a computer and select Cancel to cancel the task on the computer CG Delete task distribution Task cannot be deleted when deployment User can right click on the task and select stop to stop the task And then delete the task 3 Edit task distribution Task cannot be edited during deployment User can right click on the task and select stop to stop the task And then edit the
179. set Class Computer Asset Property Value Type Text if the object is either Hardware or Software both could have Classific and Instance Properties All custom assets have only Instance properties Table 9 2 Assets Property 9 1 2 Assets Classes Management All assets classes and their properties are listed in the assets class management System administrator can use the Console to check the properties details or add any properties manually In the Assets Management windows select Assets gt Asset Classes Management to open the management window In this window the assets structure tree is placed in the left panel and the assets properties displayed in the right panel In the properties list the black color text represents Classific property and the blue color text represents Instance property i Asset Classes Management Operation View x Si Computer SE Hardware S E Software T5 Application A os OY Patches of Microsoft Product Ta Windows Custom RA Desk DA Printer RA Router BA Switch Figure 9 2 Assets Classes Management Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 111 Data Types of Property There are 5 data types in asset properties the followings are related icons to represent different data types ab Text 12 Integer E Decimal e Date K Yes No Table 9 3 Data Types of Propert
180. ss for multiple logon users 3069 27 1250 632 567 87 2 14 27 19 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 98 8 1 3 Performance Select Maintenance gt Performance can check the agent s performance status including CPU Usage Memory Usage Physical Memory Commit and Kernel Memory These real time data is exactly same as Windows Task Manager gt Performance Control Buttons Only enable under user mode select target user to check the performance status Y This is trace button click this button the processes list will be refreshed automatically The refresh time interval set from Tools gt 0Options gt Console Settings gt Information gt Maintenance Table 8 3 Performance Controls 4 amp monitorin S Maintenance b Applications Processes Services Name Value Usage Mg CPU Usage 6 SS Memory Usage 42 Sun SS Handle 56406 BS Thread Count 1268 Se Processes 88 Physical Memory BS Sum 2088068 K BS Avail Count 1197272 K BS System Cache 332160 K Commit M Sum 1834292 K AS Limit 4017992 K SS Peek 4104180 K Kemal Memory BS Sum 130300 K M Paged Count 101824 K Ka Nonpaged 28476 K Figure 8 4 Remote Maintenance Performance Update By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 99 8 1 4 Device Manager Select Maintenance gt Device Manager to check the agents all devices inc
181. st update v2 0Rev20120809 Chapter 9 Assets Management P 126 Table 9 17 Settings of Checkup conditions and Necessary conditions Example of Checkup Conditions Install Office 2003 File Exist pt Microsoft Office OFFICE1 1 EXCEL EXE File Version gt pf Microsoft Office OFFICE11 EXCEL EXE 11 0 5612 0 RegKey Exist SOFTWARE MicrosoftiOfficeM 1 0 Access InstallRoot RegValue Exist SOFTWARE Microsoft Office 1 1 0 Access InstallRoot Path Installed software Include Microsoft Office Professional Edition 2003 Table 9 18 Example of Checkup Conditions Hints Other Operations Q Delete package Only the package with the status can delete e Edit packet Only the package with status can edit View The basic information includes Name Modified Editor Size and Status Double click to see the details Table 9 20 Other Operations A Important 1 Make sure all files and folders for the installation package are located in the same folder and selert the required files at once It is considered as a new file list and replaces the existing on every click of 2 When deploy mode is install or execute once select the main file in command line When deploy mode is deploy files select the destination path for the files to deploy to 3 The default run mode is to run on user s desktop which will interact with users during the installation process User will not be able to
182. suggested solutions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 122 9 4 Software Deployment System administrator can install software run an application and deploy files to agent through IP guard console Software can be installed to the agent by simply creating a deploy task System administrator can view the deployment status from the console With the software deployment function System administrator also can organize and deploy software to the networked agent computers more efficiently and consistently Select Assets gt Deployment for software deployment Deployment is divided into two steps packages creation and tasks creation Assets M nent File Assets Patches Vulnerabilities Deployment View 7 We eer EE Deploy Package e Anei oni Name Modified Editor Size Status Horda Bl ere 2007 03 16 16 02 50 Admin 132 167 KB deploying Hardware Changes 52 RFA 2007 03 16 16 41 55 Admin 131 375KB deploying Software B mera 2007 03 19 10 57 53 Admin 5 807 ER deploying Software Changes Bs weet 2007 04 03 16 13 31 Admin 8 773 KB deploying Others B HERRERA 2007 04 26 11 45 50 Admin 3 353KB deploying Bs PEREA 2007 04 26 12 52 30 Admin 986KB deploying Patches weet 2007 04 26 14 34 25 Admin 986 KB deploying Patch Mode Be HERA 2007 04 26 14 42 56 Admin 986 KB deploying Computer Mode Bo HERA 2007 04 26 15 23 21 Admin 5KB deploying Bo PEREA 2007 04 26 17 00 26 Admin 986 KB de
183. t property Summary it shows the summary of all instances Hints Query Conditions Click the button Q to open the Query Conditions windows System administrator can set one or more query conditions to filter the results Range By default it is set to The Whole Network Select button to specify the target group E Click this button the Conditions windows opened Each condition includes asset properties and logic e g Memory Number 2 or CPU Name include AMD x Delete existing conditions Ft View and edit existing condition Table 9 4 Query Conditions A Caution Query conditions of Instance Property and Classific Property If a condition includes asset A s Instance property first the following conditions cannot include another Asset B s Instance properties all other Instance properties will be hidden automatically in this case only classific property conditions can be added for the followings input conditions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 114 Result List After input required conditions asset properties are then added to the Result Lists Double click the property from the left panel or click this button to add the property to result list lt Double click the property from the right panel or click this button to remove the property from result list Table 9 5 Result List A Caution
184. ta Friendly User Interface Despite powerful monitoring and data management functions IP guard has a simple and easy to use user interface All functions are well organized and visualized in the graphical user interface Expandable and Cost saving Solution Computer equipment can be fully utilized under IP guard system lt can be easily deployed from a single workstation to a network environment Number of managed workstations can also be adjusted Hence it reduces the software cost for hardware and network upgrade Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation PA Chapter 2 IP guard Installation 2 1 Basic Structure IP guard system consists of 3 different components Agent Server and Console It is used on computers inside the network to enhance its security Agent is installed in every inspected computer Server is used for database storage and Agent management lts main duty is to manage the inspected data Usually server should be installed on a server class computer with a large amount of system memory and large hard disk capacity Console is used to audit control and monitor the computers with Agent installed and examine the log history In most cases Console will be installed on the administrator s computer alone but it can also be installed with Server together on the same computer The basic structure is shown below Agent Agent Agent Agent cy O Server Console Figure
185. ta We strongly recommend System administrator backup data regularly to prevent the hard disk storage getting full However only backup data mentioned in Section 11 2 cannot help for server migration or recovery 12 1 Database Backup Backup Main Database In order to prevent Database file crashed or other accidents that made the server cannot work properly we strongly recommend System Administrator fully backup the database regularly How to 1 Stop the IP guard server first see Figure 11 1 and related services OCULAR V3 SERVER and OCULAR V3 UPDATE in System Services Tools Service Start Service Stop Refresh service v Auto start service when OS starts Exit Figure 12 1 Stop IP guard Server 2 Open SQL Server Management Studio and connect to the database Chapter 12 Database Backup amp Database Recovery P 144 T Microsoft SQL Server Management Studio Express AU Windows Server System SOL Server2005 Server type Database Engine Server name IP 8CB455746EE9 Authentication Windows Authentication Teac IP 8CB455746EE Meclink Password Remember password Gs a Figure 11 2 SQL Server Management Studio 3 Inthe Object Explorer expend the Databases You can see a Database called OCULAR3 4 Right click the Database OCULAR3 Tasks gt Back Up to backup the database Figure 11 3 E Microsoft SOL Server Management Studio Express
186. task Table 9 21 Task Distribution Operations Property Tak Task Name Package Name Created Max Retry Status Target Total Successful Failed Unmatched Preparing Axl Figure 9 14 Task Distribution Properties Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 128 amp Caution If the task status is Deploying it cannot be deleted or edited only delete the distribution tasks the corresponding package status would change to Ready anes WindK SP4 English Hardware Changes Software Software Changes Others Patches Patch Mode Computer Mode Vulnerability Vulnerabilities Deployment VPN_SERVER Failed Packages MOVIE Preparing to deploy IPGUARDC Preparing to deploy K ze Peparing to deploy IPG Preparing to deploy Figure 9 15 Deploy Task Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 129 Chapter 10 Intrusion Detection The Intrusion Detection function in IP guard is used to discover any illegal or unauthorized computers accessing Enterprise internal network and then apply corresponding policies to block their communications with internal network 10 1 Startup Intrusion Detection To start the Intrusion Detection settings go to Tools gt Intrusion Detection see Figure 10 1 At the first time no computers display in the Intrusion Detection windows Select Operat
187. te ey download O 2010 05 14 Downloads O 2011 06 23 Drivers f EJ 2011 09 05 f0 idabd954ee76c29a e CO 2011 09 06 f8e346acd96b089420 2011 09 07 oe EE RR f ffe31fc 1f6 1fefd06898fe5e4a4de7b9 O d OS 2011 09 08 HP L34200 4300 Series PCL6 Driver e HP Universal Print Driver v5 0 3 for O d 2011 09 09 IPguard CID 2011 09 12 G OS 2011 09 14 DE Debug OS 2011 09 15 wy DOC OS 2011 09 16 GE IPguard3 CIE 2011 09 19 S KB oO 2011 09 20 E E MAIL O 2011 09 21 S Patch O 2011 09 22 CH PRINT 2011 09 23 EN ee e E E it DIR Figure 12 13 Add and Review Backup data E Add the Backup Data lt 4 a Click the button ula to add the backup data b In the Browse Windows select the directory stored the backup data file c Click OK to confirm to add the data Note that the added data can be viewed and queried from Console directly Also the maximum number of added data task lists is 12 only a Remove the Backup Data a Select the added data item and click the button Leas to remove it Note that once the data is removed from the list it cannot be viewed and queried from the Console anymore until added again Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 153 Chapter 13 Tools 13 1 Account Management Admin account is a super administrator which has the highest rights to use all functions Using admin login account can
188. te By Ryan Lee Last update v2 0Rev20120809 Chapter 8 Remote Maintenance P 103 8 1 9 Users and Groups Select Maintenance gt Users and Groups to check the agents computer all local users and groups The information for local users includes Name Full Name and Description while for groups includes Name and Description Control Buttons e Only enable under user mode select target user to check the users and groups information Table 8 9 User and Groups Controls 4 3 Events Log Y Basic Policy b Advanced Policy d Monitorine g Maintenance ia Applications Processes Performance Device Manager Services Disk Shared Schedule Usel a Name Fullname Description Administrator Administrator Built in account for administering the Guest Built in account for guest access to the kibtet Key Distribution Center Service Acco IUSR_TESTING Intemet Guest Account Built in account for anonymous acces IWAM_TESTING SUPPORT_388945a0 Mobile User Tmpl User Tmpl Power User Tmpl Administrator Tmpl SBS Backup User SBS STS Worker 97780EBA FCFD 4017 demo ipguard SQLDebugger vmvware_user_ fTest TESTINGS VPN TESTING Launch IIS Process Account CN Microsoft Corporation Mobile User Template User Template Power User Template Administrator Template Backup User STS Worker SystemMailbox 97780EB
189. tem would pop up a dialogue box to request input the login account and password with administrator rights 2 Check ADMIN share is opened or not Go to DOS Command Promote and type net share command to see whether ADMINS is already opened or not H not then type net share ADMINS to invoke this function 3 Check any shared folders function is available If not please try to share a folder to invoke this function For example right click a folder select Properties gt Sharing Then Select Share this folder Input Share name and define permission Click OK to invoke the shared folder function A Important About Agent Installation a This installation method only works on Windows NT4 0 2000 XP If you need to install agents on Windows 9x ME you have to use Direct Installation method a Because of some local security policies settings in Windows NT may affect the normal operations remote installation method does not 100 guarantee If you have followed the above checking and fulfilled the requirements but still failed we would recommend using Direct Installation method please refer to Section 2 4 1 Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 14 2 4 3 Logon Script Installation If your local area network has a domain server you can use this method to deploy IP guard Agent to computers in your local area network Use the Logon Script Manager to edit logon scri
190. ters e g server represents all printers in server Application Specify the application used for printing out Record Printed Image Record the printed out document Table 6 13 Printing Policy Properties Printing Policy Example 1 e Requirements K Some Enterprises are afraid that their staff brings their own mini printers back to office to print out confidential information data Policy Settings Policy 1 Add a Printing policy to block all local printers Policy Name Block all local printers Mode Block Printer Type Local Printer 4 D Audit 3 Events Log a Basic Police P Advanced Policy 2 Monitoring gt Property Value Traffic Network Mail IMFile Document Removable Storage Name Block all local printers a e Time All Day Mode Block Time Neme Alert D v Al Dan Only allow specified server s printers Waring Oo All Day Block all local printers Lock Computer O Only offline O Expiring Time lt Always gt a Local Printer Local Printer M Shared Printer O Network Printer O Virtual Printer O Printer description Application lt All gt Figure 6 19 Printing Policy Policy Example 1 1st Policy Policy 2 Add another Printing policy to allow specified server s printers Policy Name Allow specified server s printers Mode Allow Printer Type Shared Printer Network Printer Printer description 192 168 0 72 Update By Ryan Lee Last update v2 0R
191. the details of source and destination of the disk types are also displayed Application The application used to operate the file Caption The caption of the document operations Table 5 10 Document Operation Log Log Contents Backup Document Log In the document and IM File policies when these policies are invoked with document backup The backup document should be retrieved here i e Document Operation Log This icon H represents the log with the backup file inside Double click the log a button Copy should be placed in the dialogue windows Click this button to retrieve the backup document directly Table 5 11 Document Operation Log Backup Document Log Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 49 Property File Operations Time 2008 07 31 14 38 07 Computer TONY User Administrator Operating Type Upload Send File Name Shell150 jpq File Type File Shell150 jpg 11 0KB Size 11267 Byte Save Attachements Drive Fixed Path D Documents and Settings 4dministrator TONYAMy Documents My Pictures MSNShell S hell 50 pg Application and Window Title msnmsgr exe om Figure 5 4 Document Operation Log Property Administrator can input time and range select operating type drive where the document is located file name file size range and application that opened the file to filter the search result
192. the document Pages The total number of pages Caption The windows caption when printing Application The application used to operate and print out the document Table 5 16 Printing Log Log Contents Administrator can input time and range printer type printer name computer name printing task title page size range and application to print to filter the search result Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Printer Type By default it is set to All Specified printer type can be selected from the drop down menu including Local Shared Network and Virtual printers Printer Specify the printer to filter the query to get the statistics to access the printer usage Computer Specify the remote IP or computer name to filter the query Task Specify the document name Support wildcard input Pages Specify the pages to filter the query to monitor the printer usage Application Input the application name directly or specified the application class for part of query Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log conditions e input the application name directly System administrator can input the application name directly e g qq exe or game exe f specified application class Select the button to specify the application class Table
193. the processes status This is trace button click this button the processes list will be refreshed automatically The refresh time interval set from Tools gt Options gt Console Settings gt Information gt Maintenance Remote Control End Task Select any processes from Processes List right click and select End Task to stop the process User The Whole Network 5 88 Unclassified E Administrator IP GUARD Administrator O0rion E teclink TECLINK123 Administrator TECLINKDEVELOPM Administrator 2 sinss exe TECLINKDEVELOPMVemo TECLINKDEVELOPMNTest TECLINKDEVELOPM tipguard Table 8 3 Process List Controls e H SX 4 File Name System Idle P System Flesrss exe T winlogon exe O services exe PID 0 4 320 376 400 448 Time 2008 08 2008 08 2008 08 2008 08 Sess 0 0 0 D 0 0 CPU 99 2 DD DD 0 0 DD DD hi Audit 3 Events Log Y Basic Policy P Advanced Policy 2 Monitor H Maintenance Applications Performance Device Manager Services Disk Shared Schedule Users and Groups eo A f CPU Ti Memory vnu TESTING TECLINKDEVELOPM Administrator TESTING TECLINKDEVELOPM Administrator 391 30 09 28K 00 14 12 3176 K 00 00 00 260 K 00 00 09 1604 K 00 25 55 6004 K 01 18 41 6728 K 0K Normal 132K Normal 2172K Normal 10616 K High 6760 K Normal Figure 8 3 Remote Maintenance Checking Proce
194. tify Log off Power Down Restart Remote or Uninstall agents Statistic Limit the statistics log enquiries and access rights including Application Statistics Web Statistics and Traffic Statistics etc Log Limit the event log enquiries and access rights including Basic Event logs Window Change Logs Application Logs Web Logs Document Logs Shared File Logs Printing Logs Asset Changes Logs Policy Logs System Logs Backup Logs and Removable storage Operation Log Policy Limit the policies enquiries and modification including Basic Policy Application Policy Web Policy Device Policy Printing Policy Screen Snapshot Policy Logging Policy Remote Control Policy Network Policy Traffic Policy Mail Policy IM File Policy Document Policy Alert Policy and Removable Storage Policy Monitoring Limit the monitoring enquiries and control rights including Real time Screen Snapshot View Screen History Export Screen Snapshot Instant Messages and Mail Maintenance Limit the operation rights on remote maintenance such as view remote information remote operation remote control and remote file transfer etc Assets Management Limit the operation rights on Assets management including Query Define Asset and Edit Asset Patches Limit the operation rights on Patches including Query Parameter Setting and Executing Vulnerability Limit the operation rights on Vulnerability including Quer
195. time on daily maintenance tasks The functions of Remote Maintenance in IP guard help IT department real time check the computers status and information With real time information helping to solve the technical problems immediately to save more time and resources especially in assisting remote sites computers 8 1 Remote Maintenance 8 1 1 Applications Select Maintenance gt Applications can check the agent running application status The active running application is highlighted in blue color Computer vax 4 6 Advanced Policy H Motto H Maintenance A amp J The Whole Network di Fiancial Processes Performance Device Manager Services W s n IT ez gy Unclassified 3 B DEMOAGENTI Task Status d SERVER Console Running TESTING 2 5 Microsoft PowerPoint IP guardv3 0_Introduction_EN_v1 1 ppt Running VPN TESTING SIE guard 3 Official Website 4 Complete IT Management Softwar Running Figure 8 1 Remote Maintenance Applications Control Buttons For the terminal server situation there are some concurrent connections and different users logon at the same time click this button can select specified user to check their application running status O This is trace button click this button the application list will be refreshed automatically The refresh time interval set from Tools gt 0Options gt Console Settings gt Information gt Maintenance Remote Controls End
196. tions Time and Range Input specified date time and range to filter the search result URL Input the target URL or web class supports wildcard input Window Title Input the target windows title e g mail to query all related webmail log Table 5 7 Web Log Search Condition 4 l T Auch g Events Log Y Basic Policy a Advanced Policy a Monitoring a Maintenance b Basic Events Application Document Shared File Printing Removable Storage Asset Changes Web Logs 5 Time Computer User Caption URL Sl 2008 07 28 18 13 32 Y PN TESTI Administrator Download details Microsoft SQL Serv httpAvww microsoft comdow 2008 07 28 19 13 22 VPN TESTL Administrator IP guard Version 3 Microsoft Inte _http Avww ip guard com public SI 2008 07 28 18 13 22 YPN TESTI Administrator http Avww microsoft com downloads hip Huceu m cmsoftcomddoun SI 2008 07 28 18 13 11 VPN TESTI Administrator IP guard Download Microsoft Intern pp Jeu ip gvard com interm SI 2008 07 28 15 54 44 YPN TESTI Administrator Download details Microsoft SQL Serv http Awww microsoft com dow 2 2008 07 28 15 54 33 VPN TESTI Administrator Download details Microsoft SQL Serv M n Area microsoft comidow 2008 07 28 15 54 22 YPN TESTI Administrator Google Microsoft Intemet Explorer http Avww google com hk SI 2008 07 28 15 50 24 YPN TESTI Administrator Download details NET Framework Y http Avww microsoft com dowi
197. tisfying the policy conditions there are some modes can be selected to be executed Block Allow Inaction and Ignore Allow Allow to perform an operation According to the hierarchy user policy has higher priority than computer policy self policy has higher priority than group priority policy on top has higher priority than the policy below when a policy found in higher priority it will be executed and the policies in lower priority will be ignored Block Block an operation According to the hierarchy policy in higher priority is executed and the policies below it are ignored Inaction Neither allows or block an operation but it can trigger events such as warning or alert According to the policy matching principal once the current Inaction policy completed the following policies will not be executed For example the first policy is setting the mode for USB device as Inaction and the second policy is prohibiting USB device When USB device is plugged in the first policy matched Since the mode is Inaction it will not be blocked but the following second policy will not be matched Ignore Neither allows or block an operation but it can still trigger events such as warning or alert According to the policy matching principle system continues to search the following related policies For example the first policy is setting all doc with Ignore mode and alert the second policy is prohibiting copy doc files When accessing the doc
198. to allow the operating types modify delete to specified network shared drive Policy Name Backup files before delete Mode Allow Alert optional Warning optional Operating types check modify delete Disk type Network File Name network_path Backup before delete checked All backup files can be retrieved from Event Logs gt Document Basic Events Application Web Document Shared File Printing Removable Storage Asset Changes Policy System Document Operation Logs Type Time Computer User Source filename File Size Path Disk Type EI Figure 6 18 Document Policy Policy Example 2 Document Operation Logs If any Backup options are checked it will cause the volume of backup data quite large We strongly recommend the System administrator should be careful when designing their policies with backup options Enough hard disk spaces should be ready for storing the data and keep to backup the data regularly Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 81 6 15 Printing Policy Printing policy is used to control the use of different kinds of printers such as local shared network and virtual printers to prevent the information leakage Policy Properties Printer Type 4 kinds of printer types Local Shared Network and Virtual Printer e g PDF creator Printer description Set the printer name System administrator can specify the internal network prin
199. ton the agent is uninstalled without releasing agent license m Delete button the agent is uninstalled as well as releasing agent license i R amp D Name Value A Ll Name TESTING o ly Unclassified 7 TESTING 192 168 0 11 Move To Running Eind 3 0 2428 Rev 0 Rename Windows 2003 Se IN pet ine 2008 05 19 10 23 Doea 2008 05 19 12 50 Asset Information ime 2008 05 19 12 46 he 2008 04 02 17 4 Control Notify TT Last Logon Lock TECLINKE 7 TECLINKE Unlock TECLINKI Log Off Power Down Restart Uninstall Agent N Remote Control Remote File Transfer Figure 2 8 Uninstall Agent From Agent side For some agents that cannot connect to IP guard server i e the agent in offline mode we provide another way to uninstall the steps are as following How to 1 Go to Start gt Run type agt3tool ocularadv command 2 Select Uninstall Agent and then click Generate button 3 Inform your System Administrator about the Operate Code showed in the Check confirm code dialog box 4 When a System Administrator gets the Operate Code go to IP guard Console gt Tools gt Agent Tool 3 Confirm Code Generator input the Operate Code in the field of Agent Operate Code Then click the Parse button the agent information will be showed in the bottom textbox 5 Click the Generate button the Confirm Code in Blue color will show in the Confirm Code Information box The System Administrator
200. ts Administrator can input time and range lowest alert level policy type and content to filter the search result Input string support wildcard character Search Conditions Time and Range Input specified date time and range to filter the search result Lowest Alert Level By default it is set to All Specified alert level can be selected from the drop down menu including Low Important and Critical Policy Type By default it is set to All Specified policy type can be selected from the drop down menu Content Specify the policy description to filter the query Support wildcard input Table 5 21 Policy Log Search Conditions Update By Ryan Lee Last update v2 0Rev20120809 Chapter 5 Event Log P 55 5 10 System Log Select Log gt System administrator can view the server start and stop status illegal intrusion and agent connection errors Administrator can input time and range and content to filter the search result Input string support wildcard character Hints 4 T Audit E Events Log a Basic Policy amp Advanced Policy l 2 monitoring f E Maintenance b Basic Events Application Web Document Shared File Printing Removable Storage Asset Changes System Logs 5 Time Description T 2008 08 26 10 09 13 Server Start Fh 2008 08 26 10 05 29 Server Stop Ep 2008 08 24 03 17 22 Server Start Ep 2008 08 24 03 11 49 Server Stop Eh 2008 08 23 01 00 54 Agent was not accepted E
201. type that you want to back up from here QZ Data Type IR tE Date Range z Please specify the date range that you want to back up from here If Basic Events Log A you don t check and specify the start date all data before the end date C Document Operations Log will be backed up O Backup the copy of de Browsing Log Start Date OI 8 8 2012 v S Printing Log O Backup printed cont End Date 8 8 2012 E O Application Log Policy Log Back up to O System Events Log Please select the directory which you want to save the backup up data Screen history from here The directory used to save backup data is located on the PC LJ Instant Messaging which has SQL SERVER installed a Path Back up email conter z Shared File Log EN LJ 1 Asset Changes Log Mi gt Delete original data Figure 12 11 Backup Task A Important Only one task is allowed processing at a time If the backup is processing it is not allowed adding any other tasks Also only the most recent 10 tasks showed on the list Update By Ryan Lee Last update v2 0Rev20120809 Chapter 12 Database Backup amp Database Recovery P 151 12 2 2 Schedule Backup How to 1 2 3 Select from IP guard Console gt Tools gt Server Management gt Backups Management In the upper menu click the button L to create a backup task see Figure 12 12 Server Management Backup Management Ending
202. uct ID PID we will help you process the registration individually 2 3 4 Checkcode Setting Checkcode is a unique identifier between server and agent The checkcode stored in agent must be matched with server s checkcode then the server is granted to manage the agent In case of more than one server running at the same time in a network this avoid the agent is managed by another server which may not belong to its original parent server So we highly recommend the system administrator first set the checkcode before deploying any agents Service Stop Event logs Refresh service Register v Auto start service when OS starts Exit Y de 12 48 Pr Figure 2 4 Set Checkcode How to After the server starts up at the first time right click the Service Manager icon and select from the popup menu Tools gt Checkcode System would request to input administrator login and password before setting the Checkcode To confirm the setting please input the Checkcode twice Click OK button to complete the setting The default Checkcode is empty Once the checkcode is new set reset or updated this data will be updated to connected agents automatically Update By Ryan Lee Last update v2 0Rev20120809 Chapter 2 IP guard Installation P 11 A Important a System Administrator has to memorize or record this Checkcode in the save place In case the operating system is required to be re installed
203. uery the application usage of computer group or user group in a given period of time By default it queries today s statistics of application usage The interface of Application Statistics is divided into 4 parts 1 Computer or User column 2 Statistical Data Panel 3 Chart Panel and 4 Search Panel see Figure 4 1 Computer vax J The Whole Network Se Unclassified Bascal Sopkcation E CARMEN DESKTOP 2 CARMEN SAMSUNG Y TEMPO PC Application TONY Running Time Working Time E CI WINWORD EXE Z msnmsgr exe Diexplore exe Explorer EXE Z 0Console3 exe OUTLOOK EXE COEXCEL EXE leste Cape owent eer Tisnaglt32 exe T WS_FTP95 exe Z 0Control3 exe Diznotity exe 2D iv14D2M tmp Acrobat exe Bar Chart EM Computer 8 User Web Traffic Time 20 39 40 05 01 50 01 23 40 01 14 00 01 08 10 00 18 30 00 14 00 00 12 50 00 11 00 00 03 40 00 03 10 00 03 10 00 03 10 00 02 10 00 01 50 00 00 30 00 00 20 00 00 20 Time Percent 10 217 24 5 22 6 6 1 4 5 4 3 36 12 1 0 1 0 1 0 0 7 0 5 02 01 01 Ready E ut events Log Y Basic Poly dd Advanced Policy B Monitoring GB mantenance gt Ge wax MM WINWORD EX Monago E les E Explorer EXE WW OConsole3 0xe WW OUTLOOK EXE Gl EXCEL EXE mb ee The Whole Network 2 4 Search Time and Range From eo A 847 2008 Y To a Y Time Al Day y Range The Whole Network Ga
204. ug in alert also record the device name Plug off storage device External storage device plug off alert Plug in communication device External communication device plug in alert also record the device name Plug off communication device External communication device plug off alert Software changes Any software installed or removed alert System service change Any system services installed or removed alert Startup change Any system startup tasks added deleted or changes alert System time change Any System time changes alert Computer name change Any computer name changes alert Network configuration change Any network configuration changes alert Table 6 8 Alert Policy Properties Update By Ryan Lee Last update v2 0Rev20120809 Chapter 6 Policy P 70 6 10 Bandwidth Policy Traffic policy is used to control the network bandwidth to avoid malicious use causing the network congestion Also the bandwidth can also be controlled based on the specified network port Note that traffic policy is only effective for Computer group but not for User group Policy Properties IP Range Set the Remote IP address range By default it is set lt All gt System administrator can add the specified IP range manually or selected from defined Network Address class Port Range By default it is set lt All gt the default settings include TCP 0 65535 UDP 0 65535
205. un Sat 0 00 24 00 Figure 13 6 Time Type Classes 13 5 5 Network IP Address Class Select Tools gt Classes Management Network Address System administrator can define the network address classes By default there are five classes All LAN Outer Intranet and Internet As LAN and Outer classes cannot be amended they are hidden in the Network IP Address Class management When input the Intranet network IP address range system automatically generates Internet IP address range i e out of the Intranet range belongs to Internet network range Except the default classes System administrator can add new classes and input the target range Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 164 Network Address Classes Classes El Xx Network Address ET 0 0 0 0 255 255 255 255 Intranet Internet J Figure 13 7 Network Address Classes A Caution In the Network IP address class the LAN and Outer classes are hidden but they are visible in statistics and event log searching Actually Intranet is LAN while Outer is Internet Once the LAN address range is defined the range of other classes can be confirmed Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 165 13 5 6 N etwork IP Port Class Select Tools gt Classes Management Network Ports System administrator can define the ports By default there are seven classes All ICMP
206. use mouse drag Select the target computer or group and drag it to a group Then the selected computer will be moved to the destination group Hints 3 3 3 Find Administrator can specify a computer or user quickly through the Find function to search related log data Search Computer In the Computer Tree Column select File gt Find Input the search conditions e g computer name or IP address The matched results display in the listed box double click any one record will be directed to related log or policy settings Search User Switch to the user column select File gt Find Input the search conditions e g defined user name or Windows logon user name The matched results display in the listed box double click any one record will be directed to related log or policy settings 3 3 4 Delete Administrator can select File gt Delete to delete computer group or user group Deleting computer group will uninstall the Agents of the selected group or selected computer as well as update the license number Deleting user group will only remove current basic information 3 3 5 Rename Select the computer group or user group to change name from File gt Rename to rename Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 29 3 4 Control Administrator can control the running agents using IP guard Console the prerequisite is the agent must be in running status To be reminded that
207. uter see Figure 3 8 IP Address Sessions Version Figure 3 8 Computer Basic Information Computer Group Update By Ryan Lee Last update v2 0Rev20120809 Chapter 3 IP guard Startup P 26 If The Whole Network selected IP guard Console displays all computer groups Click the button can view all computers belonged to that group see Figure 3 9 Name IP Address Os Sessions Version aly Unclassified TECLINK_DEMO 192 168 1 10 Windows XP Professional 0 3 11 0512 2 WINDOWS 192 168 0 166 VISTA Professional 0 3 11 0512 gy Testing Go TESTING 192 168 0 11 Windows 2003 Server 1 3 11 0512 TOSHIBA M5 192 168 0 97 Windows XP Professional 1 3 11 0512 Figure 3 9 Computer Basic Information Expended Information 3 User Basic Information Name Value Name Toshiba User Toshiba Status Online Last Online 2009 06 22 14 25 11 Last Active Time 2009 06 22 14 25 06 Last Logon Computer TOSHIBA M5 d TOSHIBA M5 2009 06 22 12 36 05 Figure 3 10 User Basic Information Name The name displayed in the User Tree in order to facilitate management the name can be changed If not changed the name is same as user name User It is a real Windows logon user name If it is a local user it displays the logon name if it is a domain user it displays as domain username Status Agent status Online Offline etc Last Online The last communication time between IP guard agent and server Last
208. v2 0Rev20120809 Chapter 10 Intrusion Detection P 135 10 3 3 Search and Delete Computers In the Enterprise Network there must be many computers to be managed for fast searching the target computer System administrator can use searching engine to assist Select Operation gt Find the Find dialogue popped up as following figure Condition Figure 10 7 Searching Computers There are 2 conditions IP address range and Last Appeared date range all computers within the specified range and last appear date range matched will be listed in Intrusion Detection windows For some computers not used for a long time it can be deleted from Operation gt Delete If the deleted computers online again and scanned out by Intrusion Detection Agent it will display in the Intrusion Detection windows again Update By Ryan Lee Last update v2 0Rev20120809 Chapter 11 Encrpyted Disk P 136 Chapter 11 Removable Storage Management By default the type of all removable storages used in company is unclassified System administrator can format non encrypted disks into encrypted disks through the Removable Storage windows Encrypted disks only can be used in computers with agents installed therefore it blocks the virus from entering the LAN through removable storages 11 1 Disk Encryption Firstly plug in removable disks which are needed to be encrypted Secondly go to Tools Classes Management Removable storage to open the
209. vable Storage Name Block all Intranet Commu Time All Day D ei Si Mode Block i Time Name Alert O Block all Intranet Wami O Lock Computer O Only offline O Expiring Time lt Always gt Direction Both Port Range All IP Range All Remote is Agent O Figure 6 9 Network Policy Policy Example 1 1st policy Policy 2 Add a Network policy to allow remote is agent Belong to the same group Policy Name Allow communicating with the remote is agent amp belong to the same group Mode Allow IP Port All IP Range All Remote is Agent Checked Belong to the same group Checked 4 3 Audit 3 Events Log Y Basic Policy E Advanced Policy Monitoring Property Value Traffic Mal IM File Document Printing Removable Storage Name Allow communicating wit twork Polic 090000 inci flow stiches Mode Allow H Time Name Alert O Y Al Dan Allow communicating with the remote is agent amp belong to the sam CG X AlDay Block all Intranet Communications ES Lock Computer O Only offline O Expiring Time lt Always gt Direction Both Port Range All TP Range All Remote is Agent M Belong to the same gro V Belong to the selected C Figure 6 10 Network Policy Policy Example 1 2nd policy ss in practice the Network policy can combine with the use of Intrusion Detection to prevent external illegal computers communicating with internal computers Update By Ryan Le
210. work devices such as switch and router e g router A s IP address is 192 168 0 1 should also be set as Authorized This setting can prevent they are treated as illegal as they do not install IP guard agent Generally some important computers such as File Server Database Server etc are set as Protected this settings can prevent the illegal computers trying to access confidential data When Enable intrusion blocking function is activated all communications between illegal computers and protected computers will be blocked Table 10 1b Computer Types and Settings Manual Update By Ryan Lee Last update v2 0Rev20120809 Chapter 10 Intrusion Detection P 132 10 2 Startup Intrusion Blocking Enable Intrusion Blocking After the above settings done in Section 10 1 completed now the Intrusion Blocking can be enabled Select Operation gt Setting The Setting windows will popup see Figure 10 4 and the functions descriptions are listed in Table 10 2 Enable intrusion detection IP address range C Block computers without IP guard agent installed and not marked as authorized Fror IP address range SS Enable Intrusion Blocking Block computers without IP guard agent installed and not marked as authorized from Protected computers IP address range Figure 10 4 Enable Intrusion Blocking If this option is checked the Intrusion Detection Agent will enable the intrusion blocking function to block the co
211. y Custom Property Except the System default asset properties System administrator can add the property manually For example how to add an Instance property in CPU class called Repair date Select CPU in the asset tree in the left panel then select Operation New Property or click the button to add property In the Asset Property window check the Instance Property option input Repair date in Asset Property field and select Date in the Value Type field Click OK to confirm Asset Property Property Type Classific Property Instance Property Asset Class CPU Asset Property Repair date value re SS Figure 9 3 Asset Property After the Instance Property is added the property showed with symbol It represents it is custom property All custom properties can be renamed Operate gt Rename or deleted Operate gt Delete but the default properties cannot Update By Ryan Lee Last update v2 0Rev20120809 Chapter 9 Assets Management P 112 Name Type ab Summary Text Number Integer ab Brief Text ab Manufacturer Text lab ProcessorID Text lab Socket Designation Text 12 Max Clock Integer 1a Address Width Integer 12 Current Clock Integer 12 Extent Clock Integer 12 Model Integer 12 Stepping Integer ab Name Text 4 Repair date Date Figure 9 4 Asset Properties Custom Asset System administrator can custom asset to create a database to save all other assets i
212. y and Parameter Setting Deployment Limit the operation rights on Deployment including Package Query Package Setting Task Query Task Setting and Tasking Executing Intrusion Detection Limit the operation rights on Intrusion Detection including View intrusion detection Set Intrusion Detection and Set Policy Update By Ryan Lee Last update v2 0Rev20120809 Chapter 13 Tools P 155 Class Limit the operation rights on Classes management including Application Class Website Class Time Type Network IP Class Network Port Class and Removable storage Class Delete Limit the operation rights on Delete including Delete Logs Delete Instant Messages and Delete Mails Backup Limit the operation rights on Backup including Backup Logs and Review Setting Limit the operation rights on Setting including Agent Search Range and Set exclude range of the agent Generate agent s confirmed code Limit the operation rights on Generating agent s confirmed code Our recommendation is this right should not assigned to other users which are not IP guard System Administrator Manage Encrypt Disk Limit the operation rights on Managing Encrypt Disk Format as Encrypt Disk Limit the operation rights on Formatting Encrypt Disk Table 13 1 Account Management 13 2 Computer Management To facilitate System administrator to mange installed agents and query the licenses information easily
213. y Conditions 9 1 5 Software Query Select Asset gt Software to switch to the software asset By default the query is Computer and Operating System System administrator can set other query condition to query the required results The software query method is similar to Hardware Query please refer Section 9 1 3 for details 9 1 6 Software Change Software Change log all software change made by agent computers including add delete and change Select Asset gt Software Change to check all software change logs The software change log contents include Type Time Computer Asset and Description which are similar to Hardware Change Query Conditions Time 8 Range Common query conditions Asset Type By default it is set to All Select Asset Type from the drop down menu to specify the type to filter the query result It includes Operating System Application Antivirus Windows and Patches of Microsoft Products Content Specify asset contents Support wildcard input Table 9 9 Software Change Query Conditions 9 1 7 Other Assets System administrator required to input the asset property values after completing the custom asset management Add Custom Asset According to the previous Printer example select File gt New Query to open the Query Condition window Query conditions are empty and the result includes Printer Model Printer Department Update By Ryan Lee Last update v2 0Rev20120809
Download Pdf Manuals
Related Search