All,
Welcome to the Austin Security & Compliance Users Group. Hopefully you will find this site of value, contribue, and network with your peers. Ken Kelly and I will be here to help facilitate the content and answer questions.
Looking forward to the input from members!
Thanks - Scott
Scott Parker, CISSP, CISM, STS
Principal Systems Engineer, Symantec Corporation
ISSA Fellow and Past President – Alamo Chapter
Mobile: (210) 602-8998 Fax: (650) 429-9326
Imagine you are looking for a new home and after a considerable amount of research and time you find the perfect place for your budget. As you settle in and begin to meet with your new neighbors you discover an alarming trend. Within the past 6 months about one in eight of the homes in the neighborhood experienced a major security issue such as armed break ins, cat burglars snatching information, or someone redirecting their mail to a foreign address. You wonder if these people are unlucky or have you moved into a bad neighborhood. When you share your findings with a friend they respond with "I'm sure you're fine! Just check the locks on the doors every 6 months."
You may find this illustration laughable but it reflects how some IT managers respond to their web security.
Recently IDG Connect, the world’s largest technology media company, produced a report on corporate web security and found some interesting findings. The study revealed that IT managers often operate with a baseless sense of optimism within a landscape dotted with threats. When asked about how they feel about their web security they responded: 0% not secure, 15% reasonably secure, 55% very secure, 19% totally secure, & 11% were not sure.
When comparing large companies against their mid-sized counterparts the study found that they tested for vulnerabilities on a monthly basis 53% of the time vs. 13%. Interestingly the study also found that rate of not testing at all was highly discouraging with the size of the business having little bearing on rate (Large 30% vs. Medium 34%).
IT Managers Speak Out
Of the IT Managers interviewed 13% stated they experienced a breach within the last 6 months. These threats include everything ranging from brute force attacks (59%) to content spoofing (18%). Despite the optimism of the 89% that their websites were reasonably to totally secure these security issues persist. Would they not try to better protect their home if 13% of the homes in their neighborhood had their locks picked every 6 months? Would they continue to eat at a local restaurant if 13% of the regular guests came down with food poisoning twice a year?
IDG provided a simple list of measures taken by IT Managers to improve their security. We will go into the specifics in the next installment. Here are the four main ways they improved their security in order of frequency:
If you want your confidence in your web security to be well founded then I recommend testing your website for vulnerabilities once a month at a minimum as well as ensure your security software is up to date and operates with minimal system interference. Symantec provides the most reliable and widest range of solutions to protect your network. The best network offense is a proactive defense.
For more information I recommend downloading the report:
https://forms.ws.symantec.com/cgi-bin/go.cgi?a=ILVE4-2175-01-26
There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.
In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.
You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next couple of years.
Why exactly are we collecting this data? Primarily, judging by the responses to the survey, to detect advanced threats and for security incident analysis, as well as to make sure audits and compliance targets are met. But we can’t do it all on our own: third party services greatly enhance our capabilities, especially when seeking to proactively identifying potential future threats to critical systems. One popular third party service is threat intelligence; with 65% of respondents reporting use of some form of external threat intelligence today.
The value of that data is clear, with 78% saying the intelligence enhances visibility into threats and security incidents, with 95% confirming that commercial threat intelligence is effectively addressing risk.
But what forms of intelligence are in greatest demand? Vulnerability and malware intelligence top the interest list, with the most popular intelligence use cases being the proactive identification of potential threats to critical systems and the adjustment of defensive tools to address emerging threats.
You may ask, “In whose hands does that intelligence lie”? Some 92% of those surveyed say that more than five individuals have access to security intelligence on a regular basis, with security analysts, IT auditors and SOC staff being the top three roles identified. Interestingly, the CIO comes in fourth, demonstrating how much more ‘hands on’ they are now in understanding just how well informed and protected their businesses are from attacks.
As you might expect, there are also downsides to the expanding use of data in security analytics, with the main issue highlighted being a lack of adequate internal security skills.
All in all, the findings are quite encouraging, with the move toward big data security and the use of external threat intelligence well underway. Of course organisations with more mature processes will see the greatest return from these investments, … but even the longest journey begins with the first step.
For more information, you can download a copy of ‘Security Intelligence: A Key Component of Big Data Security Analytics’ here.
A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.
- Symantec™ Endpoint Protection 12.1.2 (10/12)
http://www.symantec.com/endpoint-protection/data-s...
- Symantec Endpoint Protection Small Business Edition 2013 (11/12)
http://www.symantec.com/endpoint-protection-small-...
- Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less
money (06/11)
http://www.symantec.com/protection-suite-enterpris...
- Symantec™ Protection Suite Small Business - Fastest, most effective security and recovery priced for small business (06/11)
http://www.symantec.com/protection-suite-small-bus...
- Symantec O3™ - A New Control Point for the Cloud (02/12)
http://www.symantec.com/symantec-o3/data-sheets-wh...
- Symantec™ Mobile Security - Advanced threat protection for mobile devices (07/12)
http://www.symantec.com/mobile-security/data-sheet...
- Symantec™ Endpoint Protection for Windows® XP Embedded 5.1 - Protection for Windows XP Embedded and Windows® Embedded for Point of Service (WEPOS) platforms (10/07)
http://www.symantec.com/endpoint-protection-for-wi...
- Symantec MessageLabs Email AntiSpam.cloud
http://www.symantec.com/email-security-cloud/data-...
- Symantec MessageLabs Instant Messaging Security.cloud
http://www.symantec.com/critical-system-protection...
- Symantec Protection Engine for Cloud Services
http://www.symantec.com/protection-engine-for-clou...
- Symantec Protection Engine for Network Attached Storage
http://www.symantec.com/protection-engine-network-...
- Symantec Critical System Protection
http://www.symantec.com/critical-system-protection...
- Symantec Critical System Protection Monitoring Edition
http://www.symantec.com/critical-system-protection...
- Symantec Messaging Gateway powered by Brightmail
http://www.symantec.com/messaging-gateway/data-she...
- Symantec Messaging Gateway Small Business Edition powered by Brightmail
http://www.symantec.com/messaging-gateway-small-bu...
Symantec is sponsoring a series of Cyber Readiness Challenge events to help organizations better understand cybercriminals, and improve businesses’ ability to defend against today’s threats. Symantec has hosted games in Toronto and Irvine, California, and on January 29, 2013, we brought the challenge to Dallas where underneath the Apollo 7 spacecraft and a Sopwith "pup" more than 100 people gathered to play and watch the competition unfold at the Frontiers of Flight Museum. The Symantec Cyber Readiness Challenge is a technical competition that pits users against each other, according to level of technical ability, in a capture-the-flag style environment, to perform a series of tasks attacking and defending simulated data centers.
Before launching the game, Kevin Haley, director of Symantec Security Response, gave a keynote address on today’s constantly evolving cyber threat landscape. Haley discussed the advanced nature of today’s targeted attacks and walked the audience through a theoretical attack scenario using characters from the popular book and HBO series, Game of Thrones.
Dallas technology enthusiasts competed for accolades as well as prizes. The winner was Justin Wray using the player handle “Synister_Syntax.” However, Wray wasn’t the only victor; Symantec raffled off two big screen TVs and additional participants won $4,250 in Visa gift cards along with other prizes.
“This contest is about more than white hats demonstrating the strength of their skills,” said Haley. “We want people to test how well their cyber threat acumen stacks up against their peers which, in turn, helps them learn where they may need to focus their efforts for improvement.”
Symantec partner Accuvant was also on site to talk about information security and the current cyber threat landscape.
Additional Cyber Readiness Challenge exercises are scheduled in the coming weeks, to take place in Chicago, Minneapolis and Mountain View, California.
Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..
When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.
Even though we had SCS (firewall and IPS) seclected people used the other features.
Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..
FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..
However in last few years there has been targetted attacks, specific type of institutions, specfic country or region or sometimes specific company its more Advanced Persistent Threats (APTs)
which SEP with all features enabled and configured properly is capable of dealing with but SEP 12 is the correct product to deal with threats of today.
Signature based Antivirus will be here for long but they might even detect APT threats but it is not what you can rely on today with the way each day so many malwares are created (not even written now they are all tool based)
Heuristics and Insight is the present and future of Endpoint Security, not to forget how handy Application and Device Control is..
When we recommened an upgrade its not for our good but its for the customer..
Gartner report validates how good SEP 12.1 is..its has been on top since its release..So I strongly recommend you to upgrade to SEP 12.1 and follow the security best practices.
Or else its really not safe out there in the wild :-)
To add to it SEP will only add security to your network..your companies security is not SEP but you need other layers of security as well..It doesnt has to be Symantec but here are few options..
Altiris -OS and Application (java,adobe etc) Patches
CCS-Open Shares, Compliance checks, VA Scans
SCSP -Server Hardening and Security. (Security from any kind of exploit even without patches)
PGP WDE - Hard Disk Encryption
SBG and SMS - Email Security
Symantec web gateway - For detecting malwares and suspicious contents entering your network..
Network IPS/IDS - Very critical for any type of company.
SSIM - To handle your SOC, manage and alert on critical security incidents and help in remediating them..as its difficult to review Security Logs from all devices and co-relate but SSIM can do just that..
Today i had a strange problem regarding a HP Software installation. The client had Symantec Endpoint Protection 12.1 installed.
The windows event log had the following entry:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:Program FilesSymantecSymantec Endpoint Protection12.1.671.4971.105BinccSvcHst.exe
Event Info: Open Process
ActionTaken: Blocked
Actor Process: C:HP_LJM2727_FULL_SOLUTION_AM_EMEA1SETUPHPZSHL01.EXE (PID 4192)
Time: Sonntag, 11. März 2012 16:47:26
So the Tamper protection blocked the installation of the HP software.
To fix this you can adapt the 'Exeception Policy' and add an entry for the installation folder of the HP Software. Another way would be to disable tamper protection till the installation is done (remember to update the policy or wait for the policy to be updated)
How To Create a GUP
First Installed SEP client on that machine which you want to create as a GUP. and then follow the below mention steps.
1. Login in to SEPM Console.
2. Click on Policy.
3. Then Click on Live Update.
4. Click on Add a LiveUpdate Settings Policy.
5. Then Given the Policy name and discriptions. and check mark on "Enable this Policy"
6. Click on Server Setting under Windows Setting.
7. Check mark on Use a Group update Provider and then click on Group Update Provider tab.
* If you want to create a single GUP:-
Click on Single Group Update Provider IP address or Host.
Given the Ip address of that machine which you want to create as a GUP.
ie. 192.168.x.x
Click ok.
* If you want to create multiple GUP.
Click on multiple Group Update Provider.
Click on Configure Group Update Provider List
Click on Add button.
Salect Computer IP address or Host Name.
Click on Add.
Give the IP address witch you want create as a GUP.
Click ok.
Hi Friends,
In this blog i have added some Troubleshooting Articles which can help to Repairing the Corrupted Definition
How to clear corrupt Virus Definitions from SEPM
https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm
Using the "Rx4DefsSEP" utility
http://www.symantec.com/docs/TECH93036
Using the "Rx4Defs64" utility
http://www.symantec.com/docs/TECH105038
Drive Space used by Virus Definitions Updates
http://www.symantec.com/docs/TECH141811
Disk Space Management procedures for the Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH96214
How to Backdate Virus Definitions in Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH102935
Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.
http://www.symantec.com/docs/TECH166923
How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file
http://www.symantec.com/docs/TECH102607
Script to download Definitions from SEPM
https://www-secure.symantec.com/connect/downloads/script-download-definitions-sepm
How to create a client installation settings to delete previous logs, policies and reset the client-server communication settings?
http://www.symantec.com/docs/TECH93617
Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
http://www.symantec.com/docs/TECH95790
Only 32 Bit Antivirus / Antispyware Definitions are not updating on the 32 Bit / 64 Bit Operating System.
http://www.symantec.com/docs/TECH122857
How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted
http://www.symantec.com/docs/TECH97677
Potential Symantec Endpoint Protection content definition corruption
http://www.symantec.com/docs/TECH92043
Remove Virus Definitions
https://www-secure.symantec.com/connect/downloads/remove-virus-definitions
Symantec Endpoint Protection 12.1: How to roll back the BASH definitions to a known good version
http://www.symantec.com/docs/HOWTO53366
How to update definitions for Symantec Endpoint Protection using the Intelligent Updater
http://www.symantec.com/docs/TECH102606
How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually
http://www.symantec.com/docs/HOWTO59193
Symantec Endpoint Protection (SEP) 12.1 client is maintaining multiple virus definitions versions on servers.
http://www.symantec.com/docs/TECH180056
Hope these are helpful.
Thanks
Sumit G.
Hi Friends,
In this blog i have added some Troubleshooting Articles which can help for Client level Diagnose
Proactive Threat Protection definitions will not update, showing "Waiting for updates" or initial install definitions
http://www.symantec.com/docs/TECH171458
PTP Services is not working in SEP
https://www-secure.symantec.com/connect/downloads/ptp-services-not-working-sep
Proactive Threat Protection in a Symantec Endpoint Protection client is disabled in client user interface and "Event ID 74 TruScan has generated an error: code 14: description: CAL Failure" shows in the Windows Application log
http://www.symantec.com/docs/TECH106159
Proactive Threat Protection is not enabled or is waiting for update
http://www.symantec.com/docs/TECH95919
Symantec Endpoint Protection error: PTS (or TruScan) has generated an error: code 11: description: Whitelist Failure
http://www.symantec.com/docs/TECH103825
Resolution of Error 10- The environment is incorrect
https://www-secure.symantec.com/connect/downloads/resolution-error-10-environment-incorrect
Unable to start SEP service , Error 1053: The service did not respond to start or control request in a timely fashion.
https://www-secure.symantec.com/connect/articles/unable-start-sep-service-error-1053-service-did-not-respond-start-or-control-request-timely
What to do when installing SEP 11.0 and see “Error 2318.File does not exist: C:\WINDOWS\inf\oem14.inf”
https://www-secure.symantec.com/connect/articles/what-do-when-installing-sep-110-and-see-error-2318file-does-not-exist-cwindowsinfoem14inf
SMC service will not start. Error 0x80070102
http://www.symantec.com/docs/TECH173484
The Symantec Management Client service is not able to start: Event IDs 1058, 1068, 7001
http://www.symantec.com/docs/TECH173628
Symantec Management Client service fails to start with Error : Management Client service can not start 0x8007042c .
http://www.symantec.com/docs/TECH161336
Symantec AntiVirus: "Error 1920". "The Service failed to start. Verify that you have sufficient privileges to start system services."
http://www.symantec.com/docs/TECH103676
SEP installation issue Error 1920 (SepMasterService) failed to start
http://www.symantec.com/docs/TECH187151
Support Tool Error: SRTSP Service
http://www.symantec.com/docs/TECH96029
Symantec Settings Manager will not start after an infection and the command prompt will not open
http://www.symantec.com/docs/TECH95522
Unable to start SEP service , Error 1053: The service did not respond to start or control request in a timely fashion.
http://www.symantec.com/docs/TECH138365
Error code returned: 0x8007042c
https://www-secure.symantec.com/connect/downloads/error-code-returned-0x8007042c
Runtime Error in Symantec Endpoint Protection (11.0)
https://www-secure.symantec.com/connect/downloads/runtime-error-symantec-endpoint-protection-110
Error: "0010, The environment is incorrect" or "Could not start the Symantec AntiVirus service on [server name]. The environment is incorrect."
http://www.symantec.com/docs/TECH100500
Hope these come helpful to others.
Thanks
Sumit G.
In this Blog, I have mentioned the number of articles links which can help and guide about ADC policy.
Best Practices for Deploying Symantec Endpoint Protection's Application and Device Control Policies
http://www.symantec.com/docs/TECH145973
Symantec Endpoint Protection Manager - Application and Device Control - Policies explained
http://www.symantec.com/docs/TECH104431
White Paper on Application and Device Control
http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf
How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies
http://www.symantec.com/business/support/index?page=content&id=TECH102525
DevViewer --Tool helpful for Application and Device control to find Hardware Device ID and GUID
Symantec Endpoint Protection 11.0: Application and Device Control & NTP White Paper
How to block or allow device's in Symantec Endpoint Protection
How to Block or Allow Devices in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH175220
SEP policy to block the USB and to exclude the Keyboard and Mouse
After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged
http://www.symantec.com/docs/TECH104800
To disable CD/DVD writer on System through Symantec Endpoint Protection Manager
How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control
http://www.symantec.com/docs/TECH95813
How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy
http://www.symantec.com/docs/TECH173724
How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
http://www.symantec.com/docs/TECH106304
How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299
How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779
How to use Application and Device Control to block all USB devices except those I specifically want to allow
http://www.symantec.com/docs/TECH105770
Block copy and execution of specific files from an USB.
http://www.symantec.com/docs/TECH94989
How to create a rule that will allow only specific USB’s on to your network.
http://www.symantec.com/docs/TECH92943
Data Card Policy
https://www-secure.symantec.com/connect/downloads/data-card-policy
How to block users to perform download of files with specific extentions using Application and Device Control.
Block the access of Extension (.mp3, .mp4, .mpg, .mpeg, .flv)
https://www-secure.symantec.com/connect/downloads/block-access-extension-mp3-mp4-mpg-mpeg-flv
How to Block unwanted Memory Cards
https://www-secure.symantec.com/connect/articles/how-block-unwanted-memory-cards
How do I Block File Shares using Symantec Endpoint Protection (SEP) Application and Device Control policy
How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy
Block access to Autorun.inf
https://www-secure.symantec.com/connect/downloads/block-access-autoruninf
How do I Block hosts file modification using Symantec Endpoint Protection (SEP) Application and Device Control policy
Application Control Policy for psexec.exe
https://www-secure.symantec.com/connect/downloads/application-control-policy-psexecexe
Using Application And Device Control Policy - registry access prevention
Regard
Sumit G.
Here are the Best Practices and Troubleshooting articles which are related to GUP.
Group Update Provider: Sizing and Scaling Guidelines
http://www.symantec.com/business/support/index?page=content&id=TECH95353
Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)
http://www.symantec.com/business/support/index?page=content&id=TECH93813
Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5
http://www.symantec.com/business/support/index?page=content&id=TECH96419&locale=en_US
Guide to create the GUP for remote location
How to Setup a Group Update Provider (GUP)
http://www.symantec.com/business/support/index?page=content&id=TECH105005&locale=en_US
Tips For Installing SEP In A Low Bandwidth Environment
https://www-secure.symantec.com/connect/articles/tips-installing-sep-low-bandwidth-environment
Symantec Endpoint Protection (SEP) Group Update Providers (GUPs) Selection
https://www.symantec.com/business/support/index?page=content&id=TECH198702
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
http://www.symantec.com/docs/TECH104539
How can we check which content SEP 12.1 clients are downloading from GUP?
How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
http://www.symantec.com/business/support/index?page=content&id=TECH97190
SEP Content Distribution Monitor (for GUP health-checking)
https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor
How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP
Video’s created on Group Update Provider on the Symantec Connect website.
https://www-secure.symantec.com/connect/videos/group-update-providers-part-1
https://www-secure.symantec.com/connect/videos/group-update-providers-part-2
GUP content monitoring tool video
https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction
Hope it can help to all.
Thanks
Sumit G.
On February 5, 2013, Symantec hosted another Cyber Readiness Challenge event; the series promotes discussions surrounding the evolving cyberthreat landscape with an end goal of helping organizations mitigate risk and maintain their security posture. Symantec previously hosted games in Toronto, Irvine, California and Dallas. Last week, we brought the challenge to the windy city of Chicago where more than 60 participants gathered at the University of Illinois at Chicago (UIC) campus to engage in an evening of friendly competition. In fact, the setting proved to be an ideal meeting spot, enabling both security research students from UIC and enterprise IT professionals to participate in the festivities.
Symantec’s Cyber Readiness Challenge is an interactive competition – set in a ‘capture the flag’ style environment -- designed to have users with varying levels of technical acumen, perform a series of tasks attacking and defending simulated data centers (similar to that of a hacker attempting to infiltrate an organization). Kevin Haley, director of Symantec Security Response, kicked off the event providing insight on the evolving and sophisticated nature of targeted attacks – leveraging the characters from the Game of Thrones to demonstrate one such attack example (much to the delight of the crowd, which was peppered with fans of the book and HBO television show).
The challenge participants competed for both lucrative cash prizes as well as for bragging rights among their technical peers. During the actual game, many groups were seen working together and sharing insight while still maintaining enough information so as not to jeopardize their position on the leader board. The winner of the $2,500 grand prize was Peter Snyder using the player handle “BITSLab.” When asked how he planned to spend his winnings, Snyder stated he planned to take his UIC BITSLab colleagues out to dinner -- with that amount of money, we’re sure that it will be quite a meal for the group!
Other victors at the event include Rob Shupe (player handle: LordPrestor) who took home $1,000 and Walter O’Connor (player handle: hakman5) who left the challenge with a cool $750.
Haley added, “With another Cyber Readiness Challenge completed in Chicago last week, I can say with great pleasure that the goal of the event – to increase and expand upon the knowledge of cyberthreats and cybersecurity in today’s business landscape – is resonating well among the participants. Watching students and seasoned enterprise IT staff share technology tricks and best practices confirmed why this series of challenges is so important and highly beneficial.”
Symantec partner CDW was on site to talk about cybersecurity, the evolving threat landscape and also provided event attendees with trendy new water bottles!
Over the next few months, Symantec will host additional Cyber Readiness Challenges in Minneapolis, Minnesota; Mountain View, California; and New York City.
Dear All,
As day by day security threat are increasing and u need to more proactive approach to find latest details and make security tighten. As hackers group are continously working to break out security measures but at the same time organization spending lots of resource and money to make bussiness smooth and secure.
I think this is not just spending the money on IT security and having securty experts. makes u secure by implementing the security solutions. It is equally important to you how intellegently and smartly you take care each sides of security threats and configure it accordingly.
Please also read below threads for getting updates on some recent security threats
http://www.bbc.co.uk/news/technology-19293797
http://www.technewsworld.com/story/77316.html
Security in IT doesn't come for free. It always involves cost in terms of following in addition to applicance and/or license cost:
1. System performance
2. User awareness
Every type of IT security, whether it is antivirus scan, hard disk enryption or data loss prevention agent, finally ends up in consuming processing power of computer. Neither does it add any money-wise value to the business. Security program is seen as a cost center to the business.
Many times system performance hampers serious business processing leading to some or other type of loss, which is obviously not acceptable to senior management. Therefore, all initiative of security should be taken at higer management level, then only, there are high chances of security program getting successful. Chief Information Security Officer (CISO) plays a very important and vital role in explaining the dynamically changing threat landscape and the need of security program and the cost involved in it to deal with threat landscape.
Risk Analysis helps in identifying cost to benefit ratio.
It should be understood at higher managemet level that cost of not dealing with the risk is much higher and therefore they take decision to mitigate or tranfer the risk. Bottom up approach in security program is destined to failure, right at the initial stage only.
Higher management involvement is important not only for funds approval but also to understand the actual risk involved in the nature of business being done. Again risk analysis process helps in identifying that.
In this blog, I have mentioned the number of articles links which can help and guide about ADC policy.
Best Practices for Deploying Symantec Endpoint Protection's Application and Device Control Policies
http://www.symantec.com/docs/TECH145973
Symantec Endpoint Protection Manager - Application and Device Control - Policies explained
http://www.symantec.com/docs/TECH104431
White Paper on Application and Device Control
http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf
How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies
http://www.symantec.com/business/support/index?page=content&id=TECH102525
DevViewer --Tool helpful for Application and Device control to find Hardware Device ID and GUID
Symantec Endpoint Protection 11.0: Application and Device Control & NTP White Paper
How to block or allow device's in Symantec Endpoint Protection
How to Block or Allow Devices in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH175220
SEP policy to block the USB and to exclude the Keyboard and Mouse
After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged
http://www.symantec.com/docs/TECH104800
To disable CD/DVD writer on System through Symantec Endpoint Protection Manager
How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control
http://www.symantec.com/docs/TECH95813
How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy
http://www.symantec.com/docs/TECH173724
How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
http://www.symantec.com/docs/TECH106304
How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299
How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779
How to use Application and Device Control to block all USB devices except those I specifically want to allow
http://www.symantec.com/docs/TECH105770
Block copy and execution of specific files from an USB.
http://www.symantec.com/docs/TECH94989
How to create a rule that will allow only specific USB’s on to your network.
http://www.symantec.com/docs/TECH92943
Data Card Policy
https://www-secure.symantec.com/connect/downloads/data-card-policy
How to block users to perform download of files with specific extentions using Application and Device Control.
Block the access of Extension (.mp3, .mp4, .mpg, .mpeg, .flv)
https://www-secure.symantec.com/connect/downloads/block-access-extension-mp3-mp4-mpg-mpeg-flv
How to Block unwanted Memory Cards
https://www-secure.symantec.com/connect/articles/how-block-unwanted-memory-cards
How do I Block File Shares using Symantec Endpoint Protection (SEP) Application and Device Control policy
How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy
Block access to Autorun.inf
https://www-secure.symantec.com/connect/downloads/block-access-autoruninf
How do I Block hosts file modification using Symantec Endpoint Protection (SEP) Application and Device Control policy
Application Control Policy for psexec.exe
https://www-secure.symantec.com/connect/downloads/application-control-policy-psexecexe
Using Application And Device Control Policy - registry access prevention
How to determine the cause of Scheduled Task or Query failure
Solution:
The cause of failed schedules can be determined from the Schedule Logs.
The logs for the RMS schedules are stored in text format at the following location:
\Program Files (x86)\Symantec\RMS\data\<User Name>\ScheduleLogs
Note:
The name of each log file corrosponds to the name of the schedule in RMS.
These log files are automatically overwritten by the new log files after the respective schedule re-runs.
At any given point in time, one schedule in RMS has a corresponding one schedule log file from its latest run.
How to report on an agent based Unix Server hosting multiple databases
Desired reports:
- Reports from the Unix Host
- Reports from DB1, DB2, DB3
Refer to the diagram below:
Solution:
To report on the Unix Host:
Install the Unix agent on Unix Host.
- Register Interface 1 with BVIS using command:
To report on DB1, DB2, DB3:
- Register Interface 2 with BVIS using the -lip (logical IP) commands:
- Repeat the above step to complete Unix and Oracle logical IP registrations for Interface 3 and Interface 4
Issue: When a result of a Collection Evaluation Report job is exported in CSV format, the cells break - giving a non-uniform report output.
Cause: When the evidence of the failed checks is large, Microsoft Excel cannot handle the large character count of an individual cell. This causes the cells to break.
Explaination: The capacity of Microsoft excel to handle the length of cell contents is 32,767 characters. The first 1,024 characters display in a cell and the remaining appear in the formula bar. If the character count of the evidence in a cell is more than 32,767 characters, the cell will break. This is a limitation of Microsoft Excel.
Solutions:
Solution 1:
Instead of exporting the report in CSV format, export the result to excel by the following method:
Go to the Evaluation Result >> Select "Asset Based View" >> Highlight and select the assets >> Right Click on the assets >> Export Results to Xls
This report will look some what different than the CSV report, but with uniform cells.
Solution 2:
In scenarios where the output needs to be a CSV file, re-write the check so that it will not give a large amount of data in the evidence field.
Reference:
http://office.microsoft.com/en-in/excel-help/excel-specifications-and-limits-HP005199291.aspx
Hi Friends,
In this blog i have added some Articles which can help to guide about firewall policy.
Symantec Endpoint Protection Manager - Firewall - Policies explained
Article:TECH104433 | | | Created: 2008-01-20 | | | Updated: 2010-11-30 | | | Article URL http://www.symantec.com/docs/TECH104433 |
How a firewall works
Article:HOWTO55054 | | | Created: 2011-06-29 | | | Updated: 2011-12-17 | | | Article URL http://www.symantec.com/docs/HOWTO55054 |
About Windows Firewall and Symantec Endpoint Protection's NTP
Article:TECH97986 | | | Created: 2009-01-08 | | | Updated: 2011-02-11 | | | Article URL http://www.symantec.com/docs/TECH97986 |
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348
Best Practices for using Windows Firewall with Symantec Endpoint Protection 12.1
Article:TECH196975 | | | Created: 2012-09-20 | | | Updated: 2012-09-20 | | | Article URL http://www.symantec.com/docs/TECH196975 |
Article:TECH180569 | | | Created: 2012-02-02 | | | Updated: 2012-02-02 | | | Article URL http://www.symantec.com/docs/TECH180569 |
About firewall server rules and client rules
Article:HOWTO81232 | | | Created: 2012-10-24 | | | Updated: 2013-01-30 | | | Article URL http://www.symantec.com/docs/HOWTO81232 |
About firewalls and communication ports
Article:HOWTO81451 | | | Created: 2012-10-25 | | | Updated: 2012-10-27 | | | Article URL http://www.symantec.com/docs/HOWTO81451 |
Blocking a Website using Symantec Endpoint Protection
Article:TECH92405 | | | Created: 2009-01-16 | | | Updated: 2012-08-22 | | | Article URL http://www.symantec.com/docs/TECH92405 |
How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
Article:TECH92097 | | | Created: 2009-01-28 | | | Updated: 2011-01-19 | | | Article URL http://www.symantec.com/docs/TECH92097 |
How to block all websites and allow only certain websites using Network Threat Protection Firewall rule.
Article:TECH95248 | | | Created: 2009-01-28 | | | Updated: 2012-05-31 | | | Article URL http://www.symantec.com/docs/TECH95248 |
How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy
How to block Web access to client with the help of firewall in a Proxy Environment
Article:TECH188973 | | | Created: 2012-05-17 | | | Updated: 2012-06-04 | | | Article URL http://www.symantec.com/docs/TECH188973 |
How To Block Internet address via Sep Manager Firewall Rule
Video
Allow and Block websites using Symantec Endpoint Protection Firewall
Hope it help all.
Thanks
Sumit G.
