Symantec Response Assessment module Installation Guide. Version 9.0

Symantec Response Assessment module Installation Guide Version 9.0

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 9.0 Legal Notice Copyright 2008 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, ActiveAdmin, BindView, bv-control, Enterprise Security Manager, and LiveUpdate are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, Rights in Commercial Computer Software or Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.com Third Party Legal Notices This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or Third Party Legal Notice ReadMe File accompanying this Symantec product for more information on the Third Party Programs. Symantec may collect and store certain non-personally identifiable information for product administration and analysis. Symantec may disclose the collected information if asked to do so by a law enforcement official as required or permitted by law or in response to a subpoena or other legal process. In order to promote awareness, detection and prevention of Internet security risks, Symantec may share certain information with research organizations and other security software vendors. Symantec may also use statistics derived from the information to track and publish reports on security risk trends. By using the Licensed Software, You acknowledge and agree that Symantec may collect, transmit, store, disclose and analyze such information for these purposes. From time to time, the Licensed Software will collect certain information from the computer on which it is installed, which may include: (a) Information regarding installation of the WebClient Installer including username and password which should not be personally identifiable if You have chosen an alias to protect Your identity. (b) Information collected by the WebClient Profile such as mandatory user/employee information including, name, e-mail address, title, position, physical address and use ID/employee ID as well as IP address and username. (c) Other information including username, user events and IP addresses which is used for product administration and analysis. All of the above information is collected and stored on the Your side and is not transferred to Symantec. Consult Your company s privacy policy for further information. This product includes standards from the American National Standards Institute, Inc. ISO. All rights reserved. This product includes COBIT 3rd Edition, which is used by permission of the IT Governance Institute (ITGI). 1996, 2000 IT Governance Institute. All rights reserved. COBIT is a registered trademark of the Information Systems Audit and Control Association and the IT Governance Institute. This product includes IT Control Objectives for Sarbanes-Oxley, which is used by permission of the IT Governance Institute (ITGI). 2004 IT Governance Institute. All rights reserved.

Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product feature and function, installation, and configuration. The Technical Support group also authors content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s maintenance offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization A telephone and web-based support that provides rapid response and up-to-the-minute information Upgrade insurance that delivers automatic software upgrade protection Global support that is available 24 hours a day, 7 days a week worldwide. Support is provided in a variety of languages for those customers that are enrolled in the Platinum Support program Advanced features, including Technical Account Management For information about Symantec s Maintenance Programs, you can visit our Web site at the following URL: www.symantec.com/techsupp/ Contacting Technical Support Select your country or language under Global Support. The specific features that are available may vary based on the level of maintenance that was purchased and the specific product that you are using. Customers with a current maintenance agreement may access Technical Support information at the following URL: www.symantec.com/techsupp/ Select your region or language under Global Support. Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to recreate the problem.

When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: licensing.symantec.com Select your region or language under Global Support, and then select the Licensing and Registration page. Customer service information is available at the following URL: www.symantec.com/techsupp/ Select your country or language under Global Support. Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade insurance and maintenance contracts Information about the Symantec Value License Program

Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals Maintenance agreement resources Additional Enterprise services If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan: contractsadmin@symantec.com Europe, Middle-East, and Africa: semea@symantec.com North America and Latin America: supportsolutions@symantec.com Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Symantec Early Warning Solutions Managed Security Services Consulting Services Educational Services These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources. Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs.

To access more information about Enterprise services, please visit our Web site at the following URL: www.symantec.com Select your country or language from the site index.

Contents Technical Support... 4 Chapter 1 Introducing the Response Assessment module... 11 About Control Compliance Suite... 11 About Response Assessment module (RAM)... 11 Chapter 2 Installing the RAM Windows-32 components... 13 About Windows-32 module installation preparation... 13 About module hardware requirements... 14 About module software requirements... 14 About optional module requirements... 14 Installing the module... 14 Uninstalling the module... 15 Chapter 3 Installing the RAM Server Components... 17 About installing the server components... 17 About the permissions for server components... 18 Server component hardware requirements... 18 Server component software requirements... 19 Installing the server components... 19 Editing the RAMServer.exe.config file to enable SSL... 20 About adding Windows groups for the server components... 21 About Web user authentication... 22 About upgrading the server from version 8.60... 23 Uninstalling the RAM server... 23 Index... 25

10 Contents

Chapter 1 Introducing the Response Assessment module This chapter includes the following topics: About Control Compliance Suite About Response Assessment module (RAM) About Control Compliance Suite Symantec Control Compliance Suite automates key IT governance processes. Symantec Control Compliance Suite ensures coverage of external mandates through written policy creation, dissemination, track acceptance, and exception management. Symantec Control Compliance Suite demonstrates compliance to both the external and the internal policies by automating the assessment of technical and procedural controls. In turn, Symantec Control Compliance Suite evaluates this assessment against risk criteria. Evidence of compliance can be gathered without the use of an installed software agent on configurations, permissions, patches, vulnerabilities, and manual attestation of procedural activities. Symantec Control Compliance Suite also helps to fix deviations to standards that enable immediate corrective actions or triggers to third-party response workflow systems. About Response Assessment module (RAM) The Response Assessment module (RAM) is a set of innovative components and services and is part of the Symantec Control Compliance Suite (CCS) strategy. RAM is an optional external module for CCS. RAM formalizes, standardizes, and documents the assessments and audits that are a part of an organization. RAM lets you construct a complex business evaluation from prepackaged content packs.

12 Introducing the Response Assessment module About Response Assessment module (RAM)

Chapter 2 Installing the RAM Windows-32 components This chapter includes the following topics: About Windows-32 module installation preparation About module hardware requirements About module software requirements About optional module requirements Installing the module Uninstalling the module About Windows-32 module installation preparation The Response Assessment module installs a Microsoft Windows application and the Windows client. Review the installation information before you install the Response Assessment module. You can install the Response Assessment module in a stand alone, workgroup, or domain environment. You must have the appropriate permissions to perform the installation. You must obtain a license from the Symantec ELS Web site if you install the ISO content pack. The console runs a Spell Checker on demand. The Spell Checker uses only Microsoft Word 2003. The Response Wizard exports reports to only Microsoft Excel 2003.

14 Installing the RAM Windows-32 components About module hardware requirements Microsoft Word 2003 and Microsoft Excel 2003 must reside on the same computer as the Response Assessment module. Apply the latest Microsoft Office 2003 service packs and then install the Response Assessment module. About module hardware requirements The system requirements to run the Response Assessment module are the following: A computer with a Pentium 4-compatible or faster processor 256 MB of RAM or more Approximately 40 MB of available hard disk space Super VGA (1024x768) or higher-resolution video adapter and monitor Microsoft mouse or compatible device Note: Actual requirements may vary based on your system configuration and the applications and features that you choose to install. Additional available hard disk space may be required. About module software requirements The Response Assessment module is only supported on 32-bit operating systems. You can run the Response Assessment module on the following operating systems: Microsoft Windows Server 2003 with SP2 or later Microsoft Windows XP Professional with SP2 or later About optional module requirements Installing the module Some of the Response Assessment module features have additional requirements. To use the Web server toolbar, you must have the Web client installed on your network. The Web client installation includes the Web service. You must know the location of the Web service URL to use the toolbar. The Response Assessment module is installed with an Installation Wizard. The Installation Wizard provides a graphical user interface that guides you through

Installing the RAM Windows-32 components Uninstalling the module 15 each installation time decision. The Installation Wizard provides guidance for the initial setup of the Response Assessment module. You can install the ISO Content at any time using the Response Assessment module Installation Wizard. To install the module 1 In the Install Set folder, click ResponseAssessmentModuleWin32.exe. 2 Optional: In the Application Requirements page, click Next. The page is displayed if you have an earlier version installed or if you have not installed.net Framework 2.0. 3 In the Welcome to the Response Assessment module v9.0 Setup Wizard page, click Next. 4 In the License Agreement page, read the license agreement. Select the I accept the terms of the license agreement check box. Click Next. 5 If you do not want to install the ISO Content, go to step 7. 6 Select the ISO Content check box. Navigate to the ELS license file. 7 Click Next. 8 In the Destination folder page, select a path. Click Next. 9 In the Completing the installation of Response Assessment module v9.0 page, click Next. 10 In the Completing the installation of Response Assessment module v9.0 page, click Finish to close the wizard. Uninstalling the module The uninstall procedure does not remove the user-created files. Any XMLQ, XMLR, and custom files remain in the directories. You should manually delete these files. You must close the Response Assessment module before you run the uninstallation process. To uninstall the Response Assessment module 1 Click Start > Control Panel. 2 Open Add or Remove Programs. 3 Select Response Assessment module and then click Remove. 4 In the Welcome to the installation of Response Assessment module page, click Next.

16 Installing the RAM Windows-32 components Uninstalling the module 5 In the Completing the removal of Response Assessment module page, click Next. 6 In the Completing the removal of Response Assessment module page, click Finish to close the wizard.

Chapter 3 Installing the RAM Server Components This chapter includes the following topics: About installing the server components About the permissions for server components Server component hardware requirements Server component software requirements Installing the server components Editing the RAMServer.exe.config file to enable SSL About adding Windows groups for the server components About Web user authentication About upgrading the server from version 8.60 Uninstalling the RAM server About installing the server components The installation of the Server Components adds a service and a Web client. The installation requires an SQL Server database and the IIS support. We recommend that you have the Secure Sockets Layer (SSL) support. The user is required to have a Symantec ELS license to install the Server Components. The license can be downloaded from the Symantec ELS Web site.

18 Installing the RAM Server Components About the permissions for server components About the permissions for server components The Symantec Response Assessment Module Application Server service account must have Log on as a Service right. The Web Service application pool account is used to authenticate users to the domain. The Symantec Response Assessment Module Application Server service account and the Web Service application pool account should be the same user account. The Web Service application pool account must have the following permissions: Minimum permissions and rights to the installation computer Be a member of the local IIS_WPG group. Full permissions to the %Windir%\Temp directory Full permissions to the.net installation directory Read and write access to the SQL Server. The following rights are required for the Symantec Response Assessment Module Application Server service account: Bypass traverse checking Log on locally Log on as a service Log on as a batch job If you enter the incorrect Service Account information during the installation, you can change the identity. Open the IIS Manager and navigate to the RAMAppPools Properties > Identity tab. You should change the Service Account information for the Symantec Response Assessment Module Application Server service. Server component hardware requirements The following are the system requirements to run the Response Assessment module: A computer with a Pentium 4-compatible or faster processor 512 MB of RAM or more Microsoft mouse or compatible device

Installing the RAM Server Components Server component software requirements 19 Server component software requirements The Server Components are only supported on 32-bit operating systems. If you use SQL Server on a remote computer, configure SQL Server to allow remote connections. You can run the Server Components on the following software configuration: Microsoft Windows Server 2003 with SP2 or later Microsoft.NET Framework 2.0 Microsoft Internet Information Services (IIS) 6.0 or later Microsoft SQL Server 2005 SP2 or later Microsoft Internet Explorer 6.0 SP1 or Internet Explorer 7.0 Before you install the.net Framework 2.0, you must install IIS. If you have installed.net Framework 2.0 before IIS, you must reinstall.net Framework 2.0. Installing the server components The Server Components use an Installation Wizard. The Installation Wizard provides a graphical user interface that guides you through each installation-time decision. If you use SQL Authentication, be sure that the SQL account has the ability to create a database. The logon that is used to run the installation must have the Log on as a Service right. Do database backups before you start the installation, if you upgrade an 8.60 version. To install the server components 1 Click ResponseAssessmentModuleServer.exe. 2 Optional: In the Application Requirements page, click Next. The page is only displayed if you have an earlier version installed. 3 In the Welcome to the Response Assessment module Server Setup Wizard page, click Next. 4 In the License Agreement page, read the license agreement. Select the I accept the terms of the license agreement check box. Click Next. 5 In the Symantec ELS License page, navigate to the ELS license file. Click Next.

20 Installing the RAM Server Components Editing the RAMServer.exe.config file to enable SSL 6 In the Enter Database Information page, do the following: Type the server name in the space provided Leave the Instance Name blank if you use the default instance, otherwise type the instance name If you select Create New Database check box, type the database name If you create a new database and use SQL Authentication, then type the User name and Password for the SQL account. You cannot specify the following special characters for the User name and the Password fields: Semi colon(;) Double quotes(") 7 Click Next. 8 In the Response Assessment Module Server Information page, type the domain\username and password information for your RAM Server service account into the space provided. Click Next. 9 In the Enter Email Information page, select either Microsoft Exchange Server or SMTP Email Server. If you use an SMTP Server, type your SMTP Server name. 10 In the Destination Folder page, select a path and a location for the virtual folder. Click Next. 11 In the Completing the installation of Response Assessment Module Server page, click Next. 12 In the Response Assessment Module Server Security message, click OK. 13 In the Completing the installation of Response Assessment Module Server page, click Finish to close the wizard. Editing the RAMServer.exe.config file to enable SSL The SSL configuration and the RAM Server configuration depend on the organization's policies and strategies. The guidelines for SSL and the RAM Server are not product requirements. For secure communications, you should enable SSL on IIS and SQL Server. In the installation directory, the following changes are required in the RAMServer.exe.config file, if SSL is enabled on the IIS Server.

Installing the RAM Server Components About adding Windows groups for the server components 21 To edit the RAMServer.exe.config file to enable SSL 1 Navigate to <program files>\symantec\response Assessment module Server\Application Server 2 Open the RAMServer.exe.config in Notepad 3 In the <appsettings> section, add the following line: <add key="sslenabled" value="true" /> About adding Windows groups for the server components The Server Components installation creates the RAM_Administrators group and the RAM_PowerUsers group. The account that installs the Server Components is added to the RAM_Administrators group. You must add other user accounts to the groups. User accounts that are added to the Microsoft Windows groups do not receive the permissions until after the IIS service has been restarted. Users should log off and log on to retrieve the Microsoft Windows security token with the new group membership. Security tokens are created at logon. Table 3-1 Task comparison Tasks RAM_Administrators RAM_PowerUsers Users not in Windows Groups View questionnaires. View invitations. Respond to invitations. Create questionnaires. Edit questionnaires. Publish questionnaires. Review responses. Report user responses. Create invitations. Review user profiles.

22 Installing the RAM Server Components About Web user authentication Table 3-1 Task comparison (continued) Tasks RAM_Administrators RAM_PowerUsers Users not in Windows Groups Edit user profiles. Purge evidence by date. Clear log files. Clear temporary files. Add documents to invitations. Delete questionnaires Delete users Edit RAM settings. Upload content packs. A user who is not in either Windows group can also do the following: View their responses. Report on their responses. About Web user authentication The guidelines and standards of your company should specify the way that Microsoft Internet Explorer handles authentication at logon. The User Authentication option in the Internet Explorer Security Settings defines how the HTTP user authentication is handled. The User Authentication selections are the following: Anonymous logon Automatic logon only in intranet zone Disables the HTTP authentication and uses the guest account only for authentication using the Common Internet File System (CIFS) protocol Prompts for user name and password in other zones

Installing the RAM Server Components About upgrading the server from version 8.60 23 Automatic logon with current user name and password Prompt for user name and password Tries the logon using the Windows NT Challenge Response as the authentication protocol. If the server supports the NT Challenge Response, the logon uses the network user name and password. If the NT Challenge Response is not supported, the user provides a user name and password Prompts for the user name and password About upgrading the server from version 8.60 You upgrade the RAM Server Components from 8.60 to RAM 9.0 by installing the Server Components. The Server Components for version 8.60 are detected during the installation process and uninstalled. You must back up the SQL Server database before the installation. The upgrade process finds the current 8.60 database and creates a 9.0 database. The following files are required for an upgrade: CCS_ReportingAndAnalytics_8.60.260.10200_June_2008_Update.exe PinEditSupportFiles.exe The files are located at ftp://ftp.symantec.com/public/english_us_canada/products/ symantec_control_compliance_suite/8.6/updates/reporting_analytics After the upgrade, you connect to the RAM Server. In the connection dialog, you provide the name of the computer that hosts the RAM Server. Uninstalling the RAM server The uninstall procedure does not remove certain files and components. You should delete these items. The following are not removed: RAM_db RAMAppPool User-created files To uninstall the RAM server 1 Click Start > Control Panel. 2 Open Add or Remove Programs.

24 Installing the RAM Server Components Uninstalling the RAM server 3 Select Response Assessment module Server and then click Remove. 4 In the Welcome to the InstallAware Wizard for Web client page, click Next. 5 In the Completing the removal of Web client page, click Next. 6 In the Completing the removal of Web client page, click Finish to close the wizard.

Index A authentication RAM Server 22 C CCS. See Control Compliance Suite configuration file editing 20 Control Compliance Suite 11 G groups adding 21 I installing RAM Server 19 Windows-32 module 14 P permissions assigning 18 planning Windows-32 module 13 R RAM. See Response Assessment module RAM Server adding groups 21 assigning permissions 18 authentication 22 editing SSL 20 installing 19 planning 17 requirements hardware 18 RAM Server (continued) requirements (continued) software 19 uninstalling 23 upgrading 23 requirements RAM Server hardware 18 software 19 Windows-32 module hardware 14 optional 14 software 14 Response Assessment module 11 adding groups 21 assigning RAM Server permissions 18 installing 14 planning RAM Server 17 Windows-32 module 13 RAM Server authentication 22 requirements hardware 14 optional 14 software 14 uninstalling 15 RAM Server 23 upgrading RAM Server 23 S Secure Sockets Layer editing config file 20 SSL 20 See also Secure Sockets Layer

26 Index W Windows-32 module planning 13 requirements hardware 14 software 14 uninstalling 15