Prinect. Is Your Prinect Workflow Safe from a Cyber Attack?



Similar documents
Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Next-Generation Firewalls: Critical to SMB Network Security

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Managed Service Plans

World-class security solutions for your business. Kaspersky. OpenSpaceSecurity

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Symantec Endpoint Protection

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Best Practices for Deploying Behavior Monitoring and Device Control

Symantec Endpoint Protection Datasheet

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Proven LANDesk Solutions

Security Consultant Scenario INFO Term Project. Brad S. Brady. Drexel University

Reducing the cost and complexity of endpoint management

Cisco ICM/IPCC Enterprise and Hosted Anti-Virus Software Guidelines

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Symantec Messaging Gateway powered by Brightmail

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

How To Protect Your Cloud From Attack

Symantec Endpoint Protection

Small and Midsize Business Protection Guide

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

AVeS Cloud Security powered by SYMANTEC TM

Symantec Endpoint Protection

McAfee Product Entitlement Definitions

World-class security solutions for your business. Business Products. C a t a l o g u e

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cisco Advanced Services for Network Security

Managed Services Agreement. Hilliard Office Solutions, Ltd. PO Box Phone: Midland, Texas Fax:

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

What to Look for When Evaluating Next-Generation Firewalls

Verve Security Center

What Do You Mean My Cloud Data Isn t Secure?

IBM Endpoint Manager for Core Protection

Endpoint protection for physical and virtual desktops

Payment Card Industry Data Security Standard

Cyber Security Solutions:

Nessus and Antivirus. January 31, 2014 (Revision 4)

Usages of Selected Antivirus Software in Different Categories of Users in selected Districts

MSP Service Matrix. Servers

Networking for Caribbean Development

overview Enterprise Security Solutions

Symantec Endpoint Protection Integration Component 7.5 Release Notes

MailMarshal Exchange in a Windows Server Active/Passive Cluster

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Firewalls for the Home & Small Business. Gordon Giles DTEC Professor: Dr. Tijjani Mohammed

PCI DSS Reporting WHITEPAPER

Types of cyber-attacks. And how to prevent them

Trend Micro. Advanced Security Built for the Cloud

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Seven for 7: Best practices for implementing Windows 7

Protecting productivity with Plant Security Services

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Trend Micro Endpoint Comparative Report Performed by AV Test.org

FreeFlow Core, Version 4.0 August P Xerox FreeFlow Core Security Guide

Security Services. 30 years of experience in IT business

PROACTIVE PROTECTION MADE EASY

Endpoint Security 2.0: The Emerging Role of Application Whitelisting Solutions. Todd Schell

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Find the needle in the security haystack

Symantec Protection for SharePoint Servers Implementation Guide

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

How To Manage A System Vulnerability Management Program

Virtual Desktops Security Test Report

Simphony v2 Antivirus Recommendations

Symantec Endpoint Protection Small Business Edition Implementation Guide

Symantec AntiVirus Enterprise Edition

NetDefend Firewall UTM Services

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Network protection and UTM Buyers Guide

Global Security Software Market

OUR MISSION IS TO PROTECT EVERYONE FROM CYBERCRIME

Features Business Perspective.

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Superior protection from Internet threats and control over unsafe web usage

endpoint Antivirus Application Control Removable Device Encryption enjoy Data protection

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

NetDefend Firewall UTM Services

Transcription:

Prinect Is Your Prinect Workflow Safe from a Cyber Attack?

Anti-Virus Software & Your Prinect Workflow Security is a key concern of today s digital world. Fully protecting your business requires a multi-prong approach. One of those prongs is employing Anti-Virus software at your workstations and servers and, nowadays, your firewall. Often, running Anti-Virus software can consume CPU cycles and use up memory typically negatively impacting Disk I/O and Network I/O, which are critical components of Heidelberg s Prinect Workflow. You should perform testing before and after you install your Anti-Virus software to determine whether there is any performance effect on your computers running Prinect Workflow software. A virus infestation can lead to destroyed or lost data, stolen confidential information, unplanned downtime, and ultimately, system degradation. As a result, you are forced to spend both time and money to identify and eliminate the cause and prevent future attacks. In extreme cases, the virus could propagate outside of your business to customers, vendors, or to one of your employee s home computers. This paper is intended to provide guidance on how to best apply/incorporate Anti-Virus software into your Heidelberg Prinect Workflow. Please note that any implementation or interpretations of the concepts discussed in this document are solely the responsibility of the customer. Heidelberg assumes no responsibility for a particular printer s security. In addition, the guidelines are subject to change as the threat landscape evolves. How Prone Are You to Being Infected? What Should You Consider? 1. Are you protected across your shop? Protecting your Heidelberg Prinect Workflow products is just not enough. 2. Are you using your Prinect Workflow servers to surf the web or for accessing e-mails, especially non-business e-mails? These are products designed to perform a core business function and should be treated as mission critical products. They should not be used casually for generic computing needs. 3. How do you accept jobs from your Print Buyers? If you are using a FTP server, your risk is probably a lot higher than using a more secure method. If you are accepting CDs/DVDs or USB sticks, consider first bringing them in on an off-line workstation and then move them onto your production network. 4. Do you have employees that bring their own devices to work and connect them to your plant network? These could also make your systems vulnerable. Eugene F. O'Brien Senior Technical Support Analyst, Prinect and CtP Services Heidelberg USA, Inc.

Can I use Anti-Virus Software with Prinect Workflow products? From a prepress perspective, not only can you use Anti-Virus software on your Prinect Workflow products, but Heidelberg USA strongly recommends that you do use it for our prepress products as well as throughout the rest of your plant. You should keep the software and Virus Definition files (DAT) up-to-date to prevent Zero-Day attacks. For guidance on press and postpress products, please refer to those support resources. What Anti-Virus Software does Heidelberg recommend? Heidelberg USA, Inc. does not sell or support any Anti-Virus software, and, thus, cannot recommend a specific product or vendor. Different printers have established different standards for their plant. Anti-Virus is not our core business, and we leave that to the experts. The most common software we see used is Symantec Endpoint Protection, McAfee Internet Security Suite, Trend Micro and Kaspersky Anti-Virus for Windows, Microsoft Windows Defender and freeware like ClamAV and AVG. When you choose to run Anti-Virus software, it is an all or nothing scenario: you must run it on all of your workstations and servers. Some customers will only choose select workstations or servers to protect. This strategy is flawed as it still leaves your systems vulnerable to attack. Some customers believe in layering their virus protection by using different vendors products on their servers and workstations. The logic is that one software may catch something that another does not. However, with one consistent User Interface, there is only a single point for support and updates. What approach should I use? That answer is actually simple: the one you feel most comfortable with and have the most confidence in. If you have a Next-Generation Firewall (NGFW), such as the Dell SonicWall Network Security Appliance (NSA), we recommend licensing their Gateway Anti-Virus (GAV) option as part of your comprehensive security. With GAV, files are analyzed in real time; and, when a threat is detected, those threats are blocked at the gateway. Your users are prevented from ever downloading malware initially, and your network administrator receives notification.

Protecting Your Workflow Printers, like any business, need to ensure they are proactively preventing breaches before they happen and improving their readiness in the event of an attack. What Settings should I use? Each product has its own particular user interface; however, there are features and terminology that are common to all products, regardless of vendor. With Anti-Virus software, you should: Scan local drives only; not network-attached drives Consider disabling the heuristics mode of scanning which can be very intensive on the system. Before changing any settings, you should consult your System Administrator to ensure there are no existing standards for your plant. What Exclusions should I add? Each Prinect Server product has its own user interface, however, there are common features and terminology. These general settings should be useful regardless of the product you use. The list on the proceeding pages lists the exclusions for specific servers. 4

SERVER MS Windows Server 2012R2 MS SQL Server 2012 Prinect 2015 EXCEPTIONS For the Operating System, Heidelberg provides no direct guidance for anti-virus settings nor have we received specific complaints from customers about settings directly related to Prinect; however, Microsoft Corporation provides guidance at this link: http://support.microsoft.com/kb/822158/en-us Turn off scanning of Windows Update related files: In the folder C:\Windows\SoftwareDistribution\Datastore\ exclude the file DataStore.edb This is the Windows Update database. In the folder C:\Windows\SoftwareDistribution\Datastore\Logs exclude the following files: Edb*.jrs, Edb.chk, and Tmp.edb The asterisk (*) is a wildcard character meaning that there may be several files. Turn off scanning of Windows Security files: In the folder C:\Windows\Security\Datastore\ exclude files with the extensions:.edb,sdb,.log.chk, and Tmp.edb The asterisk (*) is a wildcard character meaning that there may be several files. Turn off scanning of Group Policy related files: In the folder C:\Windows\System32\GroupPolicy\Machine exclude the file Registry.pol In the folder C:\Windows\System32\GroupPolicy\User exclude the file Registry.pol Unless you are experiencing issues, it is not recommended that any exclusions be applied. For the database, again Heidelberg provides no direct guidance for anti-virus settings nor have we received specific complaints from customers about settings directly related to Prinect; however, Microsoft Corporation provides guidance at this link: http://support.microsoft.com/kb/309422 Turn off scanning the SQL Server process: In the folder C:\Program Files\Microsoft SQL Server\MSSQL11.HEIDB\MSSQL\Binn\ exclude the file SQLServr.exe Turn off scanning the SQL Server process: In the folder E:\SQLDATA\MSSQL11.HEIDB\MSSQL\DATA exclude the database and transaction log files: *.mdf *.ldf *.ndf Unless you are experiencing issues, it is not recommended that any exclusions be applied. Turn off scanning log files, for example, the folder: E:\HD_Service\Logs\ Turn off scanning the Prinect Archive System volumes (Q: and R:) Please note that if you are using a Reverse Proxy in conjunction with your web-based Prinect applications, you do not need to install Anti-Virus software on the Reverse Proxy. This does not store any data in the file system but redirects network traffic. Oracle Some Prinect Archive System customers will continue to use an Oracle database with Prinect 2015. In those installations, consider the following exclusions if you are experiencing performance degradation issues. Turn off scanning the Oracle folder: In the folder D:\db_mirror Turn off scanning the Oracle folder: In the folder E:\oracle\oradata\HEIDB 5

The best way to survive an attack is to be prepared for it. 6

Summary Establish a standard for your plant. Take security seriously, be continuously vigilant and have a plan that includes Anti-Virus protection. Why are these things important? They will help protect your assets by minimizing your exposure to breaches or their consequential periods of downtime. Additionally, they will better secure your customers and employees sensitive information and data. When it comes to security, it is better to proactively prevent breaches before they happen and improve your readiness in the event of an attack. Being well informed helps set expectations correctly and makes sure you get the best Return On Investment (ROI) and the lowest Total Cost of Ownership (TCO) on your Prinect Workflow systems. Heidelberg does offer consulting services, training services and technical services that can help Print Shops identify their security holes and better protect their business. Please contact your Account Manager or Prinect CTP Sales Representative for more information. Please direct any questions regarding this document to Eugene F. O Brien, Senior Technical Support Analyst, at 770-704-6205 or eugene.obrien@heidelberg.com. Eugene F. O Brien is a Senior Technical Specialist at Heidelberg USA, Inc. focusing on Internet Infrastructure for the Print Shop. Eugene has worked in the printing industry for over 35 years starting as an apprentice in a Hot Metal Typographer in NYC in 1975. During his time at Heidelberg, he has achieved his Cisco Certified Network Associate, Microsoft Certified Professional in networking, IBM Certified Specialist on PC Hardware, and was certified by Data General on their UNIX Operating System. 7

Heidelberg USA, Inc. 1000 Gutenberg Drive Kennesaw, GA 30144 USA Phone 888-472-9655 info@heidelberg.com www.us.heidelberg.com Publishing Information Produced in: 02/15 Photographs: Heidelberger Druckmaschinen AG Fonts: HeidelbergGothicMl, HeidelbergAntiqua Produced in the US Trademarks Heidelberg, the Heidelberg logo, Prinect, HeidelbergGothic and HeidelbergAntiqua are registered trademarks of Heidelberger Druckmaschinen AG in the U.S. and other countries. Subject to technical modifications and other changes.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information