The purpose of the demo is to deploy the Kaspersky solution and remotely install agents in Yandex.Cloud to provide antivirus protection for:
The following tasks will be run during the workshop:
The workshop uses Kaspersky Endpoint Security 11.2.0 for Linux. See the system requirements for the OS.
,
cloud_id,
folder_id` (see comments in the file).
terraform init
terraform apply
Enter a value: yes
Connect to the KSC server via RDP to an external address. The IP address will be displayed in the command line output. Login: Administrator. To get a password, enter the command:
terraform output ksc-pass
Wait for KSC installation to complete (at this time, follow steps 3-5).
Terraform will save the SSH key at the following path: C:\private.pem
.
Remove unneeded rights from the file, leaving only the administrators group: right-click on the file → Security → Advanced → Disable Inheritance.
Add a passphrase to the SSH key using CMD:
ssh-keygen -p -f C:\private.pem
(specify the passphrase)
Download KES 11.2 to the KSC machine: the archive updates.zip.
Create an installation package for KES 11.2:
Advanced → Remote Installation → Installation Packages → Create ins. packet.
Select the option: Create from Kasp. applications.
Specify the .kud file from C:\Users\Administrator\Desktop\kesl-11.2.0.4528
Install the management plugin by running the updates/klcfginst.msi file.
Create device groups (Managed Devices → New Group):
Linux.
Windows.
Create rules for moving devices to groups (Unassigned Devices → Configure rules):
Linux "192.168.30.0/24";
Windows "192.168.20.0/24".
Create network polling rules for the same subnets: Advanced → Device Discovery → IP ranges (be sure to right-click on IP ranges → Enable poll)
Kaspersky antivirus software consists of two parts: the management agent and the antivirus software Kaspersky Endpoint Security for Linux (KESL), Kaspersky Security for Windows Server (KSWS). There are several ways to install the antivirus on VMs:
Wait until installation completes.
Create the tasks:
Downloading updates to the KSC repository.
KESL database update on machines.
Full check.
Go to the VM list and check that the antivirus is installed.
sc query WinDefend
Uninstall-WindowsFeature -Name Windows-Defender
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Wait for the agent and antivirus to be installed on the VMs.
Go to the VM list and check that the antivirus is installed.
sudo wget https://secure.eicar.org/eicar.com.txt
The download has been blocked. In the events of this machine, check that the threat has been detected.
Learn more about scanning containers: https://support.kaspersky.com/KES4Linux/11.1.0/ru-RU/191702.htm
Container-lin has already been downloaded to the VM, and the vulnerable docker image (https://hub.docker.com/r/jerbi/eicar) is running
Create new task → KESL 11.2 → container scanning.
Make sure that the detection of a malicious container image is visible in the events.