- Message Boards
- Package KB
- Software KB
- Free Videos
- MSI Errors
- Tools
- Tech Home Pages
- Reviews
- Downloads
- Articles
- FAQs
- Tips & Tricks
- Services
- News
- Newsletter
Sponsored Link
 |
|
|
KACE KBOX 1000 Series (v3.1) by Bob Kelly |
Page 3 of 5 |
Vulnerability Assessment and Enforcement
Among
the security features of KBOX, it provides the ability to report on OVAL
vulnerability checks. OVAL is an international standard by the information security community
which serves to promote open and publicly available security content, and to
standardize the transfer of this information across various security tools and services. Generated by Mitre,
its database currently provides over 10,000 tests which may be executed and
reported upon by the KBOX.
OVAL relies on definitions submitted by members of the security community, or by the OVAL Board, to detect vulnerabilities. The KBOX allows you to execute these test and view simple reports calling out which systems are deemed vulnerable for each. It is up to you to rectify any vulnerabilities that are uncovered, but armed with the details provided, most all solutions are very straight forward such as implementing specified hotfixes or updating any identified software to a newer version.
KBOX also offers the ability to create and enforce Security Policies, with several "out of the box" policies including:
- Enforce Internet Explorer Settings - allows you to control users' Internet Explorer preferences
- Enforce XP SP2 Firewall Settings - allows you to override, disable or use the user's configuration for Windows Firewall settings
- Enforce Disallowed Programs Settings - allows you to quickly create scripts which disallow the running of certain executables
- Enforce McAfee AntiVirus Settings - allows you to configure what McAfee VirusScan features are installed (for use with McAfee VirusScan version 8.0i)
- McAfee SuperDAT Updater - allows you to build a script to apply McAfee SuperDAT or XDAT updates
- Enforce Symantec AntiVirus Settings - allows you to configure what Symantec AntiVirus features are installed
- Quarantine Policy - disables all network traffic from the target machine-- it permits access to a specified KBOX Server only in order for the below action to allow the machine to be un-quarantined
- Lift Quarantine Action - if you have a machine that has been quarantined from the network using the above Quarantine policy this may be used to turn off the quarantine
Note: these are made up of wizards that build
command line scripts to be deployed and/or scripts that set policy keys in the
Windows registry.
Patch Management
The
patch management support offered by the KBOX provides a workflow to help identify which new bulletins have not been
viewed. You may review and acknowledge them by setting an approval status. The
rules for patch
settings let you handle how they are managed when they arrive.
This provides a nice way to say on top of updates using a simple workflow. All patches are provided by year, criticality or approval status. When viewing the details of a patch, the systems affected are listed at the bottom of the page. From the Distribution > Patches tab you can perform any of the following actions:
- Filter and search patch bulletins
- Approve or decline bulletins
- Configure and troubleshoot patch deployment
- Create a new Replication Share
- Create a new Windows update policy
- See a list of computers currently patching
- Run patch reports
- Click to expand list of bulletins that require attention
- Click to view bulletins by year, severity, or status
- View patch status.
The KBOX downloads all patches to the KBOX nightly where they are flagged with a “Needs Review” status unless automatic patching has been turned on. With automatic patching on, the patches are automatically deployed to the specified groups (such as a group of test systems). The KBOX determines which patches are appropriate for each individual system and distributes accordingly.
