Beruflich Dokumente
Kultur Dokumente
Blink
Installation Guide
2006-2008 eEye Digital Security. All rights reserved. | BIG 090506 Revised Date: 031808 Product Version: 4.0 The information contained in this document is subject to change without notice. No part of this document may be photocopied, reproduced or copied or translated in any manner to another language without the prior written consent of eEye Digital Security. eEye Digital Security is not liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material. All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. eEye Digital Security is not associated with any other vendors or products mentioned in this document.
Contents
About This Guide ..................................................................................................................... iv Audience ................................................................................................................................. iv Accessing eEye Digital Security ............................................................................................. iv Chapter 1 Overview ................................................................................................................... 1 eEye Digital Security Integrated Solution ............................................................................... 2 Chapter 2 Installing Blink Professional Edition ..................................................................... 3 System Requirements ............................................................................................................ 3 Installing Blink ......................................................................................................................... 3 Configuring Blink ..................................................................................................................... 6 Uninstalling Blink .................................................................................................................... 8 Managing Blink Professional Remotely .................................................................................. 9 Enabling Blink with REM Events Manager ......................................................................... 9 Chapter 3 Installing Blink Personal Edition ......................................................................... 11 System Requirements .......................................................................................................... 11 Installing Blink ....................................................................................................................... 11 Uninstalling Blink .................................................................................................................. 20 Chapter 4 Getting Started....................................................................................................... 21 Accessing Blink ..................................................................................................................... 21 Appendix A Blink Professional Command Lines............................................................... 23 Installing and Uninstalling Blink ............................................................................................ 23
Figures
Figure 1 Blink Administrator Password .................................................................................. 4 Figure 2 License Management .............................................................................................. 5 Figure 3 eEye Auto-Update ................................................................................................... 5 Figure 4 Specify Initial Blink State ......................................................................................... 6 Figure 5 Blink Home .............................................................................................................. 8 Figure 6 REM Events Client Settings .................................................................................. 10 Figure 7 Remove Existing Security Software ...................................................................... 12 Figure 8 License Agreement ................................................................................................ 13 Figure 9 Privacy Policy ........................................................................................................ 14 Figure 10 Destination Folder ............................................................................................... 15 Figure 11 License Management .......................................................................................... 16 Figure 12 eEye Auto-Update ............................................................................................... 17 Figure 13 Blink Alert............................................................................................................. 18 Figure 14 Allow Rule ............................................................................................................ 19 Figure 15 Blink Home .......................................................................................................... 21
Page iii
Audience
This guide is intended for users responsible for protecting their computing assets.
Page iv
Chapter 1 Overview
Using eEye Digital Securitys Blink Unified Client Security, you can control your intrusion prevention, application and network firewall and internal policy enforcer. In addition, you can instantly apply new policies and provide both proactive and reactive protection against intruders, internal attacks and machine misuse. Blink provides: Defense against Zero-Day Attacks Blinks behavior-monitoring approach means personal computers are protected against new assaults, such as zero day attacks, that take advantage of previously-unknown vulnerabilities where no vendor patch is available. Using this technique, eEyes software was able to fend off such widespread exploits as Code Red and LSASS. Relief from Panic Patching Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks. If Blink is already guarding against a particular hacker exploit, installation of the new patches can wait for the next regular maintenance cycle, saving labor and downtime costs. Protection of Mobile Devices Installing Blink on mobile devices defends them from attack when they're off the network.
Blink, the most complete multi-layered endpoint protection solution, consists of: Professional Edition Commercial-grade system protection and support for both small businesses and enterprises. Personal Edition Complete, multi-layered system protection for personal and home office use.
Page 1
Overview
The eEye Digital Security integrated products include: REM Security Management Console Provides enterprise vulnerability assessment and remediation management that enables distributed organizations to centralize the control of the network security management process. This process is based on eEyes award-winning vulnerability assessment technology, Retina Network Security Scanner. Retina Network Security Scanner Provides vulnerability testing for multiple platforms, automatic fixes of vulnerabilities and the ability to create your own audits. In addition, Retina allows you to proactively secure your networks against the most critical vulnerabilities by incorporating the most up-todate vulnerabilities database. Since vulnerability audits are added continually, this database is updated at the beginning of each session. Blink Unified Client Security Provides a complete host-based security software suite that controls intrusion prevention, application and network firewall, internal policy enforcer and vulnerability assessment. In addition, Blink can instantly apply new policies, provide both proactive and reactive protection against intruder, internal attack and machine misuse. Iris Network Traffic Analyzer Provides an advanced data and network traffic analyzer that allows the collecting, storing, organizing and reporting on all data traffic throughout the network. SecureIIS Application Firewall Protects Microsoft Windows Internet Information Server (IIS) from hackers. SecureIIS wraps around IIS and works within it verifying and analyzing incoming and outgoing web server data for security breaches. Developed as an ISAPI filter, SecureIIS monitors data at all processing levels, including the network and kernel levels. If a possible attack is detected, it will prevent unauthorized access and/or damage to the web server.
Page 2
System Requirements
The minimum system requirements are: Windows Vista SP1 x86 or x64, Windows 2000 Professional or Windows XP x86 Windows 2000 Server, Windows Server 2003 x86 or Windows Server 2008 x86 or x64 Intel Pentium II 400 MHz CPU or equivalent RAM minimum recommended by the operating system Hard Disk Space installation 50 MB
Installing Blink
During installation, the Install Wizard guides you through the process and the configuring global administrative settings, such as specifying administrative passwords. NOTE: Running two firewalls at the same time is not recommended. To install: 1. Locate Blink folder. The default location is: C:\Program Files\eEye Digital Security\Blink. 2. Double click the Blink.exe file. The Install Wizard displays. 3. To continue, click Next. The End User Software License Agreement window displays. After reviewing the license agreement, select the check box I accept all terms of the preceding licensing agreement. You must accept the licensing agreement for the installation to continue.
Page 3
4. Click Next. The Blink Administrator Password window displays. You can require a password to access Blinks management tasks, such as accessing the Blink user interface, debugging and replacing files and uninstalling the software.
5. To require a password for managing Blink, select the Require password to manage Blink check box, then enter and confirm the password. To not require a password, the fields remain blank. This will allow any user of the system to manage Blink. 6. Click Next. The Destination Folder window displays. 7. Accept the default location or click Browse and select a destination folder. 8. Click Next. The Ready to Install Application window displays. 9. To modify the previous information, click Back. To exit the installation, click Cancel. To continue, click Next. The install process begins and displays a progress bar. Once Blink is installed, the successful installation window displays. 10. Click Finish. The Blink License Manager window displays.
Page 4
11. Enter the serial number provided when you purchased the product. You can access your serial number on the eEye client portal by selecting Product Licensing > Managing Your Serial Numbers. 12. Click Next. The eEye Auto-Update window displays. Consistently updating your eEye Digital Security applications ensures you have the latest applications and audits.
13. To configure eEye Auto-Update, click Configure. The Configuration Properties window displays. To integrate with eEye Enterprise Update Server, select the Update Server for All Applications radio button, then modify the server name to match the Enterprise Update Server name and click OK. For additional information refer to the eEye Enterprise Update Server documentation. 14. To download updates, click Next. The updates begin installing. When the updates are complete, the Update Summary window displays. 15. To view a description of the update, select the product, then click Details. 16. Click Finish. The Blink Professional Startup Wizard displays. Continue to Configuring Blink.
Configuring Blink
When you initially access Blink, the Startup Wizard guides you through configuring global administrative settings, such as user modes and alert options. To configure Blink: 1. Access the Blink Startup Wizard by selecting Start > Programs > eEye Digital Security > Blink. The Startup Wizard displays. 2. Click Next. The Specify Initial Blink State window displays.
Page 6
3. Accept the defaults or select the states and actions as follows: Enable Firewall Protection Analyzes the inbound and outbound flow of data by examining each packet to determining whether to forward the packet toward a specific destination by IP address, protocol and port. Controls the network activity of installed applications Enable Virus and Spyware Protection Performs in-memory protection and disk scanning for computer viruses, worms, Trojan horses and spyware by checking each process and application in memory or being loaded. Enable Intrusion Prevention Analyzes the content of network traffic to block malicious data and allow legitimate traffic to be processed. This includes both intrusions, such as attacks from outside the organization, and misuse, such as attacks from within the organization. Enable System Protection Provides proactive security against zero day attacks and offers protection against buffer overflow and memory-based attacks. In addition, system protection helps maintain compliance with security policies by providing granular control over programs and data. Allow All Network Traffic from Common Applications Allows all traffic from common applications. 4. Specify the default action if no firewall rule exists. Prompt User Blink sends a message requesting permission for traffic that matches the rule to pass through the firewall. If no user responds within 30 seconds, the prompt message is automatically dismissed and the default action taken. This is the default. Allow the Request If there is no rule that can be applied to the application requesting access, Blink allows traffic to pass through the firewall. You must use explicit Deny rules to stop an application from communicating across the network. NOTE: Exercise caution if the firewall is Active, passive mode is On and this option is selected. If the firewall rule set is not completely defined, the firewall engine could stop critical traffic and impair the normal operation of the system. 5. Click Next. If Firewall Protection is enabled, an informational message displays stating Blink is starting the firewall in passive mode. This causes Blink to allow and log all requests for which no rule exists. You can review the logs and create rules for traffic that should be allowed. The passive mode can be disabled in the Options and Settings window. 6. To exit the message, click OK. To complete the configuration, click Finish. The Blink Home page displays.
Page 7
For information on using Blink, refer to the Blink Users Guide or Blink online help system.
Uninstalling Blink
Complete the following steps to remove Blink from your workstation. eEye recommends that you exit all Windows programs before you run the uninstall. To uninstall Blink: 1. From the Start menu, select Settings and Control Panel, then click Add/Remove Programs. 2. Select eEye Digital Security Blink, then click Remove. The Add/Remove Programs dialog displays. 3. To exit without uninstalling, click No. To continue, click Yes. If you specified a password during the installation, a dialog box displays requiring the password. Enter the password, then click OK. A dialog box verifies the removal of the configuration data.
Blink Installation Guide Page 8
4. To remove the configuration data, click Yes. 5. To retain the license for future use on the same machine, click No. A progress bar displays, showing the status of the uninstall. When complete, the progress dialog closes. Some system configurations could require a system reboot to complete the uninstall. If so, a prompt displays stating you must reboot to complete the uninstall.
Page 9
3. Click OK. Blink is now configured for REM Events Manager. For additional information managing Blink in REM Events Manager, refer to the REM Security Management Console Administration Guide.
Page 10
System Requirements
Minimum requirements are: Windows Vista SP1 x86 or x64, Windows 2000 or Windows XP x86 RAM minimum recommended by the operating system Hard Disk Space installation 50 MB Internet Explorer Version 5.5 SP2 or higher
Installing Blink
During installation, the Install Wizard guides you through the process. NOTE: Running two firewalls at the same time is not recommended. To install: 1. Locate Blink folder. The default location is C:\Program Files\eEye Digital Security\Blink. 2. Double click the Blink.exe file. The Install Wizrd displays. Exit all Windows applications while the software installs. 3. To continue, click Next. The Remove Existing Security Software window displays.
Page 11
4. If you are running other security software programs, remove the other programs to reduce system resource usage. 5. Click Continue. The End User Software License Agreement window displays. You must accept the licensing agreement for the installation to continue.
Page 12
Figure 8 License Agreement After reviewing the license agreement, select the checkbox I accept all terms of the preceding licensing agreement.
Page 13
6. Click Next. The eEye Privacy Policy displays. You must accept the privacy policy for the installation to continue.
Figure 9 Privacy Policy After reviewing the license agreement, select the checkbox I accept all terms of the preceding privacy policy.
Page 14
Figure 10 Destination Folder Accept the default location or click Browse and select a destination folder. 8. Click Next. The Ready to Install Application window displays. 9. Click Install. The install process begins and displays a progress bar. Once Blink is installed, the successful installation window displays.
Page 15
11. If you are installing Blink Personal for a trial period, click Next, then verify the trial period. A serial number is automatically generated using your Internet connection. 12. If the installation is not for a trial period, enter the serial number provided when you purchased the product. You can access your serial number on the eEye client portal by selecting Product Licensing > Managing Your Serial Numbers. 13. Click Next. The eEye Auto-Update window displays. Consistently updating your eEye Digital Security applications ensures you have the latest applications and audits.
Page 16
14. To configure eEye Auto-Update, click Configure. The Configuration Properties window displays. To integrate with eEye Enterprise Update Server, select the Update Server for All Applications radio button, then modify the server name to match the Enterprise Update Server name and click OK. For additional information refer to the eEye Enterprise Update Server documentation. 15. To download updates, click Next. The updates begin installing. When the updates are complete, the Update Summary window displays. 16. To view a description of the update, select the product, then click Details.
Page 17
17. Click Finish. Blink automatically begins configuring your computer and triggering Blink Alerts. The Blink Alerts advise when an application is attempting to a network connection. This alert allows you to screen the source of the request to verify the application is from an acceptable or previously identified application, domain name or IP address. The four options for allowing or denying access are: Permanently allow the application access your computer Permanently deny the application access your computer Allow the application to access your computer one time only Deny the application to access your computer one time only
Page 18
18. To permanently accept a request from a known or acceptable application, select the Create a Permanent Rule check box, then click Allow. Blink creates an Allow Application rule in the Application Firewall Rules and the application is allowed access to your system.
Page 19
19. To permanently deny a the request is from an unknown or unacceptable source, select the Create a Permanent Rule check box, then click Deny. Blink creates an Allow Application rule in the Application Firewall Rules and the application is allowed access to your system. 20. To allow an application to access your system one time, verify the Create a Permanent Rule check box is cleared, then click Allow. Blink allows the application one time access, does not create a permanent rule and will display an alert if the application tries to access your system a second time. 21. To deny an application to access your system one time, verify the Create a Permanent Rule check box is cleared, then click Allow. Blink allows the application one time access, does not create a permanent rule and will display an alert if the application tries to access your system a second time.
NOTE: For additional information on the Application Firewall and Advanced functionality, refer the Blink Users Guide or the Blink Online Help System.
Uninstalling Blink
Complete the following steps to remove Blink from your workstation. eEye recommends that you exit all Windows programs before you run the uninstall. To uninstall Blink: 1. From the Start menu, select Settings and Control Panel, then click Add/Remove Programs. 2. Select eEye Digital Security Blink, then click Remove. The Add/Remove Programs dialog displays. 3. To exit without uninstalling, click No. To continue, click Yes. A dialog box verifies the removal of the configuration data. 4. To remove the configuration data, click Yes. To retain the license for future use on the same machine, click No. A progress bar displays, showing the status of the uninstall. When complete, the progress dialog closes. In some system configurations could require a system reboot to complete the uninstall. If so, a prompt displays stating you must reboot to complete the uninstall.
Page 20
Accessing Blink
To begin: 1. Select Start > Programs > eEye Digital Security > Blink > Blink. The Blink home page displays.
Page 21
Getting Started
You can set specific parameters, as follows: Firewall Analyzes the inbound and outbound flow of data by examining each packet to determining whether to forward the packet toward a specific destination by IP address, protocol and port. Controls the network activity of installed applications. Virus and Spyware Protection Performs in-memory protection and disk scanning for computer viruses, worms, Trojan horses and spyware by checking each process and application in memory or being loaded. Although each type has defining characteristics, the distinctions are becoming blurred because blended threats are becoming increasingly common. Blended threats combine characteristics of multiple types to maximize the damage and speed of contagion. Intrusion Prevention Analyzes the content of network traffic to block malicious data and allow legitimate traffic to be processed. This includes both intrusions, such as attacks from outside the organization, and misuse, such as attacks from within the organization. The IPS is comprised of Analyzers and Signatures protocols. Analyzers provide a generic protocol-based detection method for intrusion. If suspicious activity, such as a buffer overflow attempt, multiple login attempt or too many Are You There (AYT) commands, occur, Blink analyzes the traffic based on protocols, then identifies and stops suspicious traffic. Vulnerability Assessment Defines, identifies and classifies the security holes or vulnerabilities in a computer, network or communications infrastructure. Vulnerability assessment consists of: defining and classifying network or system resources, assigning relative levels of importance to the resources, identifying potential threats to each resource, developing a strategy to deal with the most serious potential problems first and defining and implementing ways to minimize the consequences if an attack occurs. System Protection Provides proactive security against zero day attacks and offers protection against buffer overflow and memory-based attacks. In addition, system protection helps maintain compliance with security policies by providing granular control over programs and data. Blink has three types of system protection rules: Execution, Registry and Application. NOTE: For additional information, refer to the Blink Users Guide or Blink Online Help System.
Page 22
Page 23
SYNCIT_SERVER= Sets the Auto-Updater or syncit Server name SYNCIT_SCRIPT= Sets the Auto-Updater or syncit Script name SYNCIT_PROTOCOL= Sets the Auto-Updater or syncit protocol as http or https IGNOREINCOMPAT=1 Ignores check for incompatible software on the machine. For example: BlinkSetup.exe /qn /l*v C:\BlinkInstallLog.txt INSTALLDIR=D:\MyApps\Blink
Uninstall Command Lines The following command line options are available to uninstall Blink. Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} By default, the uninstall prompts to remove the license. To automatically remove the license during uninstall, use this command line: Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} REMOVELICENSE=1 To keep the license without prompting during uninstall, use this command line: Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} REMOVELICENSE=0
Page 24
Corporate Headquarters 111 Theory, Irvine, California 92617-3039 United States Toll Free: 866.339.3732 Telephone: 949.333.1900 Fax: 949.333.1993 Website: www.eEye.com European Headquarters Westgate House 7 Floor, Westgate Road, Ealing London W5 1YY Telephone: +44 0 20 8991 3325 Fax: +44 0 20 8991 3326