F251-趋势科技-DeepSecurity验收报告2012_1H

1、Deep Security功能验收Deep Security产品验收报告趋势科技（中国）有限公司2042年4月目录目录1. 背景32. 软件安装验收环境及验收步骤错误!未定义书签。3. 验收结果33.1 DeepSecurity Manager 部署验收33.2 vShield Manager 环境部署43.3 DeepSecurity ESX Filter Driver 和 DSVA 部署验收103.4虚拟机手工迁移验收193.5群集环境中虚拟机vMontion验收203.6 SRM环境切换验收错误!未定义书签。3.7无代理模式功能验收-防病毒223.8无代理模式功能验收-防火墙233.9无

2、代理模式功能验收-深度数据包过滤（DPI） 243.10代理模式功能验收-完整性监控283山代理模式功能验收-日志审计294. 整体验收结论30421 背景添加用户测试背景2. 验收结果O安装结果验收2.1 DEEPSECURITY MANAGER 部署验收需要部署程序DSM7.5 SP2操作步骤验收过程DeepSeucrity Man ager1.将DSM7.5 SP2安装程序全部放到同一目录下，再执行 DSM Manager程序，这样DSM会自动导入TilterDriver 和Appliance”程序，无需后续手工导入UDS 了5 SP21-lDlxFile Edit View Favor

3、ites lools HelpoBack 今SearchFoldersX 9| &Address |亡）C:D57.5 5P2目GoName亠幻幻叵Agent-Windows-7.5.0-1606.i386.msiAgent-Windows-7.5.0-1606. x86_64. msiAppliance-ESX-7.5.0-5554.x86-64.zipEicar_teslfiles.zipFil2rDriverE5X7505435x86_642ipManaaer-Windows-7.5.6328. i386. exeManager-Windows-7.5.6328. x64. exeVMw

4、are-vidient-all-4.1.0-258902.exeVMware-vShield-Endpoint-Driver-1.0.0-289485. x86_32 msiVMware-v5hield-Endpoint-Driver-1.0.0-289485. x86_64. msisiVMware-vShield-ManageM. 1.0-310451 ova ：12. 安装过程中需要选择数拯库类型和”Manager Address”等信息，如果用户全部是域环境可以使用主机名，否则建议修 改Manager Address”为IP地址，这样可以避免很多通讯问Select an adminis

5、tnator username and password (required)Username:|MasterAdminPassword:卄和卄牢Confirm Password:卜“wf! 厂 Enforce strona passwords3.女装完成后可以通过https:/vDSMIPA49/来登录控制台预期验收结论安装过程无错误：可以登陆控制台并进行配置：可以通过TMCM更新安全组件；实际验收结论Passed Failed 备注：验收日期：2011-7-6相关人员签名趋势科技用户方2.2VSHIELD MANAGER 环境部署需要部署组件信息VMWAREvShield ManagerV

6、MWAREvShield ESX Endpoint DriverVMWAREvShield VM Endpoint DriverTRENDMICRODeep Security ManagerTRENDMICRODeep Security ESX Filter DriverTRENDMICRODeep Security Virtual Appliance操作步骤验收过程1. 登录vCenter控制台2. FileDeployOVFTemplate-VMware-vShield-Ma nager-4.1.0-287872.ova0 VCENTER - vSphere ClientEdit View

7、 Inventory Administration Plug-ins HelpNewOVF Template.ReportVMs andTemplatesBrowse VA Marketplace.Print MapsbitQ Deploy OVFTempie(J) Deploying vShield ManagerDeploying vShield【SanagerCreating VM vShield Manager.| Cancel |DcbjoA OALujb|apcQ IL bLOdLH1 W9UJ619lQG2f9fnz0 Deployment Completed Successfu

8、llyDI 口Deploying vShield Manag&rCompleted SuccessfullyOose3. 如果用户有VLAN配亂 需要先修改vShield Manager的网卡 配置4. 启动 vShield Manger 主机5. 进入 vShield Manger Console,默认用户名:admin,密码: default6. 输入”enable”命令和密码defaultlocIhost login： adninPassMord：SystEx startup is not coMplete. Please logout and log back in after a f

9、ew Minute sHdhdger enPassword:7. 输入wsetupw命令进入IP地址配置，配置预分配的IP地址、网 关和DNS注：进入”setup”命令需要等待vShield Manager主机完全启动完成Use CTPL-D to abort configuration dialog at any proMpt.Defau11 sett ings are in square brackets 【】IP fiddroKX (A.B.C.D)： 1H.28.134.42Subnet Mask (A.D.C.D)： 255.25S.255.0Defau 11(A. B.C. D)

10、： Prlar DNS IP (H.B.C.D)： Secondary DNS IP (A.B.C.D)：Uarning: Secondary DHS not set.DHS doMi i n SBirch list (space separa tsd ):Uarning: Search Iist not set. Only fu 1 qua 1i fled host nanes wi11 be resolved.Old conf igurat ion Hill be lostDo you Mant to save new conf iguratIo

11、n (y/【n】)：yPlease logout and login back again.Manigertt _8.9.10.输入”exit”或Reboot”命令完成IP地址配置输入 https:/登录 vShield Manager web 控制台 配置 vCenter Server 信息，点击 ” Save”Settings & ReportsConfigurationUpdatesUsersSystem EventsvCenter SSL CertificatevCenter Server Information save | Sncel vCenter Server Informat

12、ionChanging the vCenter address ma/ result in unpredictable behavior. Please upvSphere Inventory was bst successful” updated on Feo 25, 2011 8:26 AMvSphere Serve*- IP Address / Name:Administrator User Name:Password:1administrator| Save j | Cancel 11 在 vCenter 中添加 vShield EndPoint 授权进 入 ”H

13、ome”-”Licensing”Report line select ”Asset”，进 入wvShield-Endpoinr, Enter Key1。?阳刀 e vSceucenswJX2I.1M.10 JK2I.IH20 VOWTW介八,&pe2*心3 2“心 Mxla UMicaawd“Md12.为被保护ESX主机安装EndPoint组件Vie*.0SummaryEndporc SeWrs? & Repcrw BL驴気味QQ 曲 DC_DS_TEST 10.25.134 10F fc WN2OO3_(320 佛 rtM2008_X649B lb W1N2OO5 Xt

14、H WCvShkl Host PrcpdrdUon Status for 0* 少 “】N2003 X32 0 少 rtlN2008_X64 (1) WN7_XWvShioid 2craNot matalUdX0.Q-2B502avShdd EdiX Port Grcup IsolsccnNot msialled2.0.0-2836S7Net licensedvShGd EndpcHtN0tirt5T3llMJ2 6.0-260489Wer、:弓-iiW.AvdbWcService Virtual MachinesPlease Wait.e e o c& 血悔o2 ins

15、taw&tion gemeters reouiredVMware-vShield -Endpoint-Drive r-1.0.0-289485.x86 6今01SummaryEndpoint5如1 | Concc；)Select services to install/upyrdcI vShield Zones Tnstallino latest ver&on 2.0.0-285928vshicld Edge Port Group isolation Service not opplicaWe to this hostJ vShield Endpoint Installin

16、g latest verwon 2.6.0-26048913.为虚拟机安装EndPoint驱动预期验收结论实际验收结论 vShield Manager能够部署成功； ESX主机和虚拟机安装驱动成功： vShield Endpoint 授权成功：Failed备注:Passed 验收日期:2011-7-6相关人员签名用户方2.3DEEPSECURITY ESX FILTER DRIVER 和 DSVA 部署验收主机信息TrendMicroTrendMicro操作步骤Deep Security ESX Filter DrvierDeep Security Virual Applianee验收过程1.

17、 进入DSM控制台2. 选择”ComputerKAdd VMware vCenter甲Nov彳凰Discover盘 &星1越11 Dashboard Alerts/ ReportsPJcomputers* Anti-Malware国琵3 Firewall+ Deep Packet Inspection 土 塚I Intearitv Monitorina【或 New Computer.Add Group(s). Add Directory.|Add VMware vCenter.Import From File.,.输入vCenter信息Please provide the folkvAiing

18、 information for the vCenter being added.serverServer Add-css: 10281344订Server Pert:-H3NameName:vCenter-1Descroticn：CorrectorUsername:administratorPassAord:NextConed3. 输入 vShield Manager 信息vShidd Managcr configuration is oponal, but it is required to take advantage ofAnti-Malware protecti

19、on for Virtual Machines vShied ager ServerManager Address: 10 28.134.42Monagzr Port;-H3ConnectionUsername:admnPassword:1g Back Next a Caned4. VM Kernel VNIC配置，请保持默认Please provide the following global network configuration for future Deep Security Virtual Applianee to be activated on ESX managed by t

20、his vCenter0 Use recommended default conGgurationAppliance VNICIt is strongly recommended to use the defaults provided This net?Aork configuration will be used for all future ESXs and Deep Security Virtual Appliances configured on this vCenter, end should not need to be chenged once specified. Onl”

21、if you are using other VMware products end have specific requirements for changing these should they be modified from their default values169.254. 50l169.254.5039VM Kernel VNIC IPAppliance VNIC IPSubnet MaskCancelVBack Next5. 同意SSL证书irrlhe server requires you to accept or reject this 5S

22、L certificate:Issued ToCommon Name (CN) Organization (0) OrganizotionDl Unit CU) Serial NumbervShield Zcnes Manager VMware Inc.Shield务;A3;2C;26Issued ByCommon Name (CN)vShield Zcnes Managerrgamzaao n (0)VMware inc.Oroamzaaorel Unit (CU)ShieldVaBdrtyIssued OnFebruary 24, 20096. 摘要信息Please review the

23、following summary carefully before proceedingAdding this /Mware Center sill result in the following additions:1 datacentcr(s)2 host(s)9 virtual machine(s)VBack Finish JCancel7. 添加完成The VMv/are vCenter has been successfully added.Prepare ESX Server for the Virtual Appkance depfoyment:To enable Deep S

24、ecurity Proteccn of E5： servers, tfiey must te prepa ed ndiviOually. To begin, lozate an ESX ser-zer n the corrputer list Dcae, then riaht-didc and select Prepare ESX from the available actions Clo 駅 J8. Sa DSM控制台血Computer界而，选择vCenter中的ESX, 右键选择”Action”TPepaed ESX”B CMnputers Center -1 Ha

25、rts and CLsten DCJJSjreST (2)協 0mweESXi4.i. Mxie Lhxewed工 0VMrwreESJseatu?：石 Unprepared ESX Verson:Piter Drpr Veraon:AnC-ftaare Ready:9】.aU/A心q Details.KOfDepfoyClear 7Jarnr95lrrcc5Frewretstin9. 此过程必须保证ESX能够与DSM主机通讯Ths wzard wil gude you through tfie process ofpeparing ycur ESX

26、 server for the Virtual Appliarce. Note: In order to employ the filter Driver the ESX server must be obc to contact the DSN (10.28 134.43)E:二 Nex” Cancel10. 部署驱动需要ESX进入到维护模式下完成In order to perferm this task the ESX server needs to be entered nto mmin址nance rrode Addtionaly, the ESX server may reed to

27、 be rebooted after the task is complete Would you like DSM to attempt to au:orratically bring ths server into and out of naintenance mode and handle reboots?齐 Depending on how the ESX server is configured you may need to manially Lj migrate or power off exist ng VMs before the server can enter maina

28、ance mode. Back Finishcancel |11. 程序等待ESX进入维护模式Preparing ESX Server.Ill1Waiting for ESX to entmr maintenanue; mode.12. 手工关闭此ESX主机上的所有VM,并等待安装Filter DriverNameTargetStReconnect hostDiscon nett hostReboot hostInstallAdd port groupUpdate option valuesAdd virtual NICAdd port groupAdd virtual switchIniti

29、ated guest OS shutdw.n Initiated guest OS shutdov.n Enter maintenance modeBnQsnQQSnsnQueryExit maintenance modeRecon n 亡 cthost01028.13420010.28.13/Mware InstallerValidityIssued On=etruary 25. 20114 | nr1 卜Accept l Reject部署DSVA的OVF文件，并开启DSVAPov;er On virtual machineR 亡 con figu

30、re AutoStart Manager QueryQueryQueryQueryQueryQueryDeploy OVF templateDSVA00010.28.13气IQ000DSVA登录DSVA控制台，用户名：dsva密码：dsvaTrend Micro(TM)ManagoNont Address: 15/24 (oth6) Manager URL：Fri Feb 25 H5：29：15 EST 2011Aut hent icat i

31、un Requ iredLogin:dsvaPassword : “xx. OB Exit Sett Ings20.进入”Configure Management Network,1,输入 IP 地址信息, 按” Ente广保存System ConfigurationConfigure hkinageMent NetMorSisthm Inforrwif ionConf igure PasswordConf igure MnnagRMent NetMork Conf igure TiMe ZoneUirtual AgentsReset Rppliance Reboot SysteMHoxi n

32、nwedxvaI J DHCP Disabled IP address SelectNetnaskDefault Gateway PriMary DNS Secondary DNS255.255.ZE0.28.128. Saw Changes!21 进入Tonfigure Time Zone”，设宜为”Asia/Chongqing”SsteM Configurat ionSystEM Inforrat ionConf igure PasswordConfigure Managenent NetworkConfigure Tine ZoneUirtual AgentsRes

33、et Appliance Rebuut SystenConfigure Tine ZonoAs ia/Aden Rsin/RlMAt As in/fiMHnn fisla/finadyr fisia/fiqtau fisia/fiqtobe Asia/Ashgabat Asia/Bdghdad Asia/Bahrain Asia/BakuAs iA/Bangkak Asia/Beirut Asia/Bishkek Asia/Brunei fisia/Choibalsansia/Chongqi ng SelectAsia/ColoMbo As ia/flanascus Select22.退出配置

34、界而。注意：DSVA界而会现在该IP应用到哪块网卡上，如果IP地址有VLAN,请在VM设置中修改。MaTiageMent Address : 10.28.134. 45/24 2th0)Manatfer URL :Fri Feb 25 18：36： 16 CST 201123. 激活 DSVAAppliance successfully deployedActivate Oeep Security Virtue I Appliance:Deep Security Virtual Appliance will have to be activated on the ESX server to p

35、rotect the Host VMs. Activate Deep Security Virtual Appliance now.No thanksf I will activate it later.24. 选择Security Profile模板给DSVA,此Profile为系统默认模 板，如果需要使用SSH登录DSVA.修改”None”模板Please provide the following information a bout the Virtual Applia nee being activatedSecurity ProfileSecurity Profile:Deep S

36、ecurity Virtual Appliance25. 选择需要激活的VM注：如果VM关机状态会提示Active fail,请提前开启vmActivate Host Virtual Machines:Protect existing Host Virtual Machines on the ESX server (0) by activating them：0 Activate selected host virtual machines Select All WIN2OO3.X32 g WIN 2008-TEST (WIN 2008.X64Jest)0 WIN7-te

37、st(kn/IN7_X64)No thanks I will activate them later.26. 部署和激活完成Deep Security Virtual Appliance was successfully activated.27. 登录控制检查激活状态和An-Malware状态m 爲 0VMwareESXi4.1. NoneW“ESXGuests:Status:0 PreparedCdsva (DSVA)ESX Ver5ion： 4.1.0豊翻0论伫鴛(WIN2OO3.X& WIN2008-TEST (WIN2008 X6丄 FilterDriver V

38、ersion;7,008浙3wiW7.test (WIN7.X64)Anti-Malware Ready:Yes4 |nr曰 Computers vCenter - 10.2& 134.41 Virtual Machines DC D5 JEST dsva (DSVA)Deep Security Vir. Deep Security Vir. 0 1预期验收结论 ESX Filter Driver 安装成功： DSVA部署成功：防病毒组件准备就绪；实际验收结论Passed Failed 备注：验收日期：2011-7-6相关人员签名趋势科技用户方| 2.4虚拟机手工迁移验收验收步骤验收方式1 手

39、工在一台ESX主机上移除一台虚拟机：2. 手工在另一台ESX主机上添加被移除虚拟机：3.启动虚拟机并验证Deep Security激活状态；验收过程1 从第一台ESX主机上移除一台虚拟机:2. 通过vCenter添加被移除虚拟机到另一台ESX主机;3. 开启该虚拟机；4. 登陆DSM检测该虚拟机状态；V-7RENO-2CO3 (v-trend-2CO3) Microsoft Endows Server 2003 (32 bit) = Manned (Online)1 J ApplianceESX: 168.16S. 16.204Status:8 Managed (Onlne)Applance:

40、 Bp ds/a -204 s (DSVA-204-S)Anti-Mohvarc:幺OnFircvxal;函 Off, no rubsCPI：:逊 Prevent, ro rulesIntecrity Monitcrmc： E No: Ccpatie Log Jhscection: Not CepaWe预期验收结论实际验收结论虚拟机手工移动后，能够自动激活并启动防病毒策略:Passed Failed 验收日期：2011-7-7相关人员签名趋势科技用户方2.5群集环境中虚拟机VMONTION验收验收步骤验收方法1.2.手工移动群集中一台虚拟机到其他主机上运行： 检查虚拟机移动后是否会自动应用安全

41、防护策略：验收过程2.手工移动一台虚拟机到英他Host上运行：3.选择资源池4.完成 vMontion5. 在DSM中检査该主机状态:| 毕 win2003en20gx32 (v-trend-vmotion)Miaosoft Windows Server 2003 (3. Vl?J ApplianceESX:囱 3Status: Managed (Online)Appliance:dsva-73-p (DSVA-73-P)Anti-Malware:幺 OnFirewall:On, no rulesDPI:HPrevent, no rulesIntegrity Monit

42、oring:畠Not CapableLog Inspection:辺Not Capable预期验收结果 虚拟机在群集内vMontion后，可以自动获得安全防护策略:实际验收结论Passed Failed 备注：验收日期：2011-7-14相关人员签名趋势科技用户方2.6无代理模式功能验收防病毒验收步骤验收方法验收过程1手工为虚拟机部署Windows Anti-Malware Protectio策略;2. 在目标虚拟机上释放一个eicai验收病毒；3 检查eicar验收病毒是否被隔离：HI v-trend-2008GeneralHostname:v-tjend-2CC8v-end-2C08Oes

43、er oton:Platform:Mio-oaoft Wrdows Server 2008 R2 (64 bit)Group:j Corrputcrs vCcntcr 168 168.17.122 Vrtul|Security Profic;Wnd 旳 3 Anb-Mdwcrc ProtectionAsset Imjxxtarcc:Mone - Edit - Edrt 1 L(xk CorTjuter prevents oil ccmmunicotion)Rrewall:DPI：Kg Off. g rJes 港 Prevent, no rutes integrity Montorirg：更;Not Caoabf