Guidelines For Using Protect In A Government/Military Environment (Classified)

Version 18

    Purpose

     

    The following document is designed to be a landing page for common issues associated with restrictions, procedures, and regulations typical of a classified Military or Government environment

     

    Common security policies and issues that exist for a Government/Military Environment (Classified)

    The following connectivity and file restrictions can exist in a military environment:

    • No connectivity with subnets outside the security zone including the internet
    • Files can only be transported one-way to machines inside the restricted environment
    • Files from restricted a subnet cannot be transported outside the subnet without review from security personnel

    Shavlik Protect Functionality impacted by above restrictions

    • Patch Definition files cannot be downloaded directly from XML.Shavlik.com or
    • Patches cannot be downloaded on demand directly from Patch Vendor sites such as Microsoft, Adobe, or Firefox
    • Unable to use the Online activation method to activate a Shavlik Protect activation key

     

    Updating Patch Definitions and Install files to a Console located in a Secure Environment

    When files can only be transported one-way to machines inside the restricted environment, many customers copy these files to Write Once/Read Only Media to manually transport them to the Protect Console in the Secure Zone.  This is explained in the document:

    Updating Patch Definition And Install files To A Non-internet Facing Console Using Read Only Media

     

    How to Process A Manual (Offline) Activation when >Secure to Non Secure network file transfer is not allowed

    Many military customers are unable to transport digital files from a Secure to Non-Secure network.  If this is case use the manually enter Activation Request data option in Manual Activation to gather numbers that can be hand written and carried to the non-secure zone to create a activation key request file.  This is explained in the document:

    How To Process A Manual (Offline) Activation For Shavlik Protect

     

    Deploying patches downloaded from the Department of Defense Patch Repository

    In order to ensure patches are downloaded from a Secure site, the Department of Defense provides vendor patch downloads from https://patches.csd.disa.mil/ These Patches that have been downloaded from the Department of Defense Patch Repository and can be used if the files are renamed to match the Shavlik "Download File Name" for the patch. .  For example WinSec-MS15-046_v3.0-003-P58853-excel2010-kb3054845-fullfile-x64-glb.exe would be renamed to excel2010-kb3054845-fullfile-x64-glb.exe . Instructions to obtain and use the "Download File Name" are found in the document:

    Protect doesn't recognize a patch that was manually downloaded

     

    Information Assurance Vulnerability Alert (IAVA)

    When the license key Government Edition of Shavlik Protect is activated, the Information Assurance Vulnerability Alert (IAVA) Reporter is enabled

    The following links provide information dealing with IAVA information and Shavlik Protect

     

    Affected Product(s)

     

    Shavlik Protect 9.X