HP服务器

LANDesk®ConfidentialLANDeskLDSSHIPSLANDesk®Confidential22003-Blasterwasreleased__daysafterthepatchwasmadeavailable我必须何时打补丁?Day0TimeToPatch28181DayZotob(2005)DaysSasser(2004)__发布补丁LANDesk®Confidential3什么是“Zero-day”威胁？Zero-day威胁就是指已经发现了系统或软件的漏洞，但是目前没有解决办法。PatchManager：如果这些漏洞没有补丁怎么办？Anti-virus：必须基于已知的病毒。目前存在多少“Zero-day”威胁?截止到2007年2月9日，一共有31个威胁被发现。LANDesk®Confidential4多久会被暴露?Day0暴露28181DayWMFMetafile(2006)PatchAvailable-9Days???(2007)LANDesk®Confidential5做到“最快”仍然不够快!!!补丁缺口Vendor’sPatchAvailable评估、测试、安装Rebootmachine等待补丁0AssessVulnerableMachinesPre-StagePatchinCacheTestPatchInstallPatchFromCacheExploitReleasedLANDesk®Confidential6PainPoint–WhycustomersneedHIPS?如何保护终端设备安全？如何处理“Zero-day”威胁？如何及时的防范病毒及恶意软件？如何保证端点策略强制执行？如何针对网络应用程序进行管理？如何管理终端网络行为？如何审计终端网络行为？LANDesk®Confidential7有了Antivirus为什么还需要HIPS？病毒及恶意软件防护1.引导型病毒2.可执行文件病毒3.宏病毒4.蠕虫(互联网病毒)在源头及传播方式上阻止病毒及恶意软件入侵！LANDesk®Confidential8用户需求？“Zero-day”威胁保护通过单一控制台提供端点安全防护（Antivirus，Antispyware，基于网络及企业管理策略实现终端安全策略提供终端行为集中的审计报告和管理应用程序黑白名单检测及清除隐藏程序及后门程序检测及管理系统服务、系统启动项，ActiveX和工具栏基于规则的文件系统和注册表保护九种安全防护LANDesk®Confidential99GartnerHIPframeworkAntivirusSystemHardeningApplicationInspectionResourceShieldingApplicationHardeningBehavioralContainment456789Gartner“UnderstandingtheNineProtectionStylesofHost-BasedIntrusionPrevention”MaliciousCodeAttack-FacingNetworkInspectionPersonalFirewallVulnerability-FacingNetworkInspection123AttemptEntryAttemptExecutionExecutingLANDesk®Confidential1010GartnerHIPFramework–Whichtouse?Attack-FacingNetworkInspectionPersonalFirewallVulnerability-FacingNetworkInspectionAntivirusSystemHardeningApplicationInspectionResourceShieldingApplicationHardeningBehavioralContainment123456789Attack-FacingNetworkInspectionAntivirusResourceShieldingKnownBadPersonalFirewallSystemHardeningApplicationHardeningKnownGoodVulnerability-FacingNetworkInspectionApplicationInspectionBehavioralContainmentUnknownGartner“UnderstandingtheNineProtectionStylesofHost-BasedIntrusionPrevention”LANDesk®Confidential1111HIPFramework–NetworkMethodsAttack-FacingNetworkInspectionPersonalFirewallVulnerability-FacingNetworkInspectionAntivirusSystemHardeningApplicationInspectionResourceShieldingApplicationHardeningBehavioralContainment123456789Attack-FacingNetworkInspectionGartner“UnderstandingtheNineProtectionStylesofHost-BasedIntrusionPrevention”Vulnerability-FacingNetworkInspectionLANDesk®Confidential1212主要功能点Attack-FacingNetworkInspectionPersonalFirewallVulnerability-FacingNetworkInspectionAntivirusSystemHardeningApplicationInspectionResourceShieldingApplicationHardeningBehavioralContainment123456789Gartner“UnderstandingtheNineProtectionStylesofHost-BasedIntrusionPrevention”Behavior-levelHIPsApplication-levelHIPsNetwork-levelHIPsKnownBadKnownGoodUnknownLANDesk®Confidential13MindtheGap-TheGapisaThingofthePast!ThePatchGapVendor’sPatchAvailableAssess,Pre-stage,Test,InstallRebootmachineExploitOutWaitingforPatch0AssessVulnerableMachinesPre-StagePatchinCacheTestPatchInstallPatchFromCacheExploitReleasedLANDeskHIPSProtectsystemswhileapatchisunavailableSlowtherushtoPatchLANDesk®Confidential15LANDeskHIPS可以主动监视进程、删除并防范恶意零日攻击。可以持续监视指定的文件、应用程序和注册表项，对未授权行为加以防范。可以控制在设备上运行哪些应用程序以及它们的允许执行方式。保护不同于漏洞检测和修补、间谍软件检测和删除或防病毒扫描，它不需要修补程序文件、定义/病毒码文件或病毒码数据库更新。采用内存保护，防止缓冲区溢出和堆溢出漏洞LANDesk®Confidential16主机入侵防护系统（HIPS）New!应用程序控制及白名单功能通过软件白名单限制在客户端上可以运行的软件，减少安全风险，提高客户端稳定性和性能。细节标准的HIPS安全防护(“宽松”设置)防护恶意软件行为白名单安全防护(“严紧”设置)允许执行的软件列表“WinTrust”程序被自动的学习其它所有软件被禁止执行集中控制的“学习”模式-“初次学习”-“学习”到的软件列表会更新给使用相同配置的其它客户端可以用来“锁定”机器默认白名单未启用16LANDeskconfidential.Forinternaluseonly.LANDesk®Confidential17HIPS（HostIntrusionPrevention）New!缓冲区溢出保护功能缓冲区溢出保护细节缓冲区溢出保护允许您保护设备，避免出现占用等待用户输入的程序或进程的系统内存漏洞.采用内存保护，防止缓冲区溢出和堆溢出漏洞.支持NX(NoeXecute)/XD和non-NX/XD设备.默认保护所有进程可配置为保护所有进程或指定进程.在控制台配置启用或停用17LANDeskconfidential.Forinternaluseonly.LANDesk®Confidential19LANDeskAntivirusSymantec7.x,8.x,9.x,10.1,10.2McAfeeVirusscan7.0,8.0,8.5iPc-cillin2005,2006Serverprotect5.58功能在防病毒软件外又增加了一层防护，扩展了您对防病毒软件的已有投资兼容的防病毒软件产品19LANDeskconfidential.Forinternaluseonly.Officescan6.5,7.3Innoculation6.0Etrust7.0,7.1,8.0,8.1Nod322.7HIPS（HostIntrusionPrevention）New!CompatibleAVProductsLANDesk®Confidential20HIPS（HostIntrusionPrevention）New!多语言支持功能客户端界面现在支持20种语言细节HIPS已支持全部蓝代斯克已支持的语言Chinese(Simplified&Traditional)CzechDanishDutchEnglishFinnishFrenchGermanHungarian20LANDeskconfidential.Forinternaluseonly.–Italian–Japanese–Korean–Norwegian–Polish–Portuguese(Portugal&Brazil)–Russian–Spanish–SwedishLANDesk®Confidential21恶意软件和Zero-day病毒主动式防护可执行的仪表盘&报表系统隔离和配置终端外围设备补丁管理(操作系统常用应用程序)自动发现预先防范技术、主动式管理安全策略遵从网络准入技术多层次的防范LANDesk®Confidential22防范恶意软件•BufferOverflowProt.•ApplicationControl•Antivirus/anti-spyware•HostIntrusionPrevention•ExecutiveDashboard•Reporting仪表板&报表系统•SecurityConfiguration•DeviceControlandEncryption锁定设备&配置设备•AgentPersistence•FirewallManagement•OSPatching•ApplicationPatching(BeyondMSFT)操作系统补丁&应用程序更新•CiscoNAC•IPSec(HardwareIndependent)网络安全准入技术自动发现•DistributedDiscovery•Discoverfirewalleddevices•LANDeskManagementGateway•LocationBasedPolicies对移动设备的主动管理•Real-timeDi