Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Travel Log Turkey: Reflections

0
0

The Symantec Service Corps Turkey team has returned from their month-long pro bono assignment, and is settling back in to their roles at Symantec. Here, Shantanu Gattani, one of the participants, shares his final reflections on his experience.

Symantec Service Corps (SSC) 2015 has been officially over for a few weeks now, and the team is back in their respective homes. As I reflect on my time in Turkey, I find myself missing the entire SSC family. I also realize that this journey taught me a number of important lessons.

SSC has been a memorable journey of hard work, new relationships, and self-discovery, with a healthy dose of fun. It has taught me to live outside of myself in several ways and how incredibly satisfying it can be. I was happy to be part of an incredible team working for, Doga Dernegi, the Nature Society of Turkey. In one short month we were able to deliver on Doga’s need for sustainable logistics management, marketing plans and fundraising strategies. Our clients were excited and grateful for the outcome and even yesterday I received an email from a contact there, saying how glad she was to have us in their office. This brings me to my first reflection –the journey to success will likely be hard, but it does not have to be long!

Before I set out for Turkey, I wrote that I had trepidations. Trepidations that I might not be able to give as much. Even then a friend of mine told me to throw trepidation out the window because just our presence would make a difference! How right she was. Though I feel extremely enriched by this experience, I feel – no, I know – that we have all made a lasting impact for our clients. And this is because we were all singularly motivated.

IMG_1672.JPG

We all came in to work on projects which we knew almost nothing about. We were grouped into sub-teams with a variety of skills. We all had the same uncertain butterflies in our stomachs, even the second week in. But we all knew that we wanted to complete what we came here to do. We did, and we did it well! And we did it while having fun and more fun. So my second and third lessons – a motivated team can solve any problem, no matter how hard it may seem at the outset. And we must always build for change. Nothing that we make will stay the same. Some will change in a few years and some in millenia. So why fight it!

If you’ve been reading our blog, our first two weeks in Turkey were spent getting to know each other, the city and culture we were in. We found out more about our clients, their mission and our respective projects. But up until the very last day we were learning something new, whether it was about our clients or our SSC team. We all shared stories of our lives and what brought us to where we are. We also learned about where we all want and hope to be. I realized how important it is to listen, learn, see and feel. It seems obvious, but I realized that I don’t do enough of these. Also everything we say and do, no matter how trivial, makes a difference– so we must weigh each thing carefully.

IMG_0539.JPG

IMG_2177.JPG

Lastly, make happy memories– those will last a lifetime at least,  Even though we all have tried to chronicle our time in Turkey on this blog, there are things that just cannot be captured. How do we know that we succeeded in our work ? The expressions on the faces of our clients when we made our final presentations. The emotions in the room and the tears in the eyes. For a month we worked, played, ate, drank and danced together. We thought that work would be hard, but the goodbyes were the hardest. I definitely lost control of my emotions as did most of us. Even though right now it seems that there will be always be something missing, I am sure that the memories we made together will be able to fill the gap.

IMG_1666.JPG

I got so much more than what I hoped for when I set out on this journey.

Turkey March, 2015 274.JPG

Related links:

Shantanu Gattani is Symantec's Principal Software Engineer


Microsoft Patch Tuesday – April 2015

0
0
This month the vendor is releasing 11 bulletins covering a total of 26 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

続きを読む

Backup Exec 2014 digest powershell script.

0
0
Cutting down notification clutter

I was tired of getting close to 100 backup status reports each day, so I wrote a quick digest script and disabled notifications on all my jobs. I'm not very good with Powershell, so it's pretty ugly, but it works, and I get a nice quick digest that tells me if I have anything to really address.

Hopefully this helps someone who is struggling onder the weight of backup reporting get out from under the weight.

STUFF -

1. This script only cares about errors, cancellations, successes and exceptions. If you want more things, just add more tables.

2. Only verified on Powershell 3.0

3. I run this as a system task on a daily basis on my BE server.

4. YMMV, but they are just GET cmdlets, you aren't doing anything but gathering data and emailing it.

Credit - "sendemailstatus" is a function I picked up from -Mark- on technet because I like the emails it sends.

#Email report of error jobs sorted by Time ended

#Importing Backup Exec Powershell awesomeness
import-module bemcli

#last 24 hours
$lastday = (Get-Date).adddays(-1)

###########Lets make some variables##################################
$SmtpServer = 'your.mail.server'
$From = 'BES@domain.com'
$To = 'Your_Email'
$Subject = 'Backup Exec Job digest'
###########Thats enough variables####################################

Function SendEmailStatus($From, $To, $Subject, $SmtpServer, $BodyAsHtml, $Body)
{	$SmtpMessage = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
	$SmtpMessage.IsBodyHTML = $BodyAsHtml
	$SmtpClient = New-Object System.Net.Mail.SmtpClient $SmtpServer
	$SmtpClient.Send($SmtpMessage)
	$SmtpMessage.Dispose()
}

$Style = "<Style>BODY{font-size:12px;font-family:verdana,sans-serif;color:black;font-weight:normal;}" + `
"TABLE{width:100%;border-width:1px;cellpadding:0;cellspacing:0;border-style:solid;border-color:black;border-collapse:collapse;}" + `
"TH{background:#d3d3d3;font-size:12px;border-width:1px;padding:10px;border-style:solid;border-color:black;}" + `
"TR{font-size:12px;border-width:1px;padding:10px;border-style:solid;border-color:black;}" + `
"TD{width:15%;font-size:10px;border-width:1px;padding:4px;border-style:solid;border-color:black;}</Style>"

$Table1 = get-bejob | Get-BEJobHistory -FromStartTime $lastday -jobstatus Error | sort Name | select Name,JobType,JobStatus,@{name='Size (GB)';expression={$_.TotalDataSizebytes/1073741824}},ErrorMessage | Convertto-html -fragment
$Table2 = get-bejob | Get-BEJobHistory -FromStartTime $lastday -jobstatus Canceled | sort Name | select Name,JobType,JobStatus,@{name='Size (GB)';expression={$_.TotalDataSizebytes/1073741824}},ErrorMessage | Convertto-html -fragment
$Table3 = get-bejob -jobtype backup | Get-BEJobHistory -FromStartTime $lastday -jobstatus Succeeded | sort Name | select Name,JobType,JobStatus,@{name='Size (GB)';expression={$_.TotalDataSizebytes/1073741824 -as 'Int'}} | Convertto-html -fragment
$Table4 = get-bejob -jobtype backup | Get-BEJobHistory -FromStartTime $lastday -jobstatus SucceededWithExceptions | sort Name | select Name,JobType,JobStatus,@{name='Size (GB)';expression={$_.TotalDataSizebytes/1073741824 -as 'Int'}} | Convertto-html -fragment

$TablesHead = "<html><head>$Style</head>"
$TablesBody = "<body><table><TR><TD align=center bgcolor=RED><font color=WHITE><B>JOBS WITH ERRORS</B></font></TD></TR></table>$Table1$Table2 `n<table><TR><TD align=center bgcolor=Green><font color=WHITE><B>SUCCESSES</B></font></TD></TR></table>$Table3<table><TR><TD align=center bgcolor=Orange><font color=WHITE><B>SUCCESSES WITH EXCEPTIONS</B></font></TD></TR></table>$Table4</body>"
$TablesFoot = "</html>"
$email = $TablesHead + $TablesBody + $TablesFoot

SendEmailStatus -From $From -To $To -Subject $Subject -SmtpServer $SmtpServer -BodyAsHtml $True -Body ($email)

Cheers

Security at the Speed of Need- Symantec Data Center Security @ RSAC

0
0
Software-defined security for the software-defined data center

Security at the speed of need.

Imagine that. Let’s come back to that thought in a moment.

The modern data center has come a long way from the “server room” of twenty-plus years ago. Today, data centers might be hiding inside large, football-field-sized industrial areas, protected by fences and secure physical access. With that size and utilization, companies are working to run their data centers as efficiently as possible: power consumption and cooling come to mind, but virtualization is incredibly important. The widespread use of virtualization is taking us into the era of the software-defined data center (or SDDC).

The software-defined data center introduces many new possibilities for businesses, the key being the ability to power up new workloads supporting their business processes very quickly and easily. Adding new capabilities or capacity is now quite easy and the expectation has changed, from it taking weeks or months to setup and provision new environments to hours or even minutes.

And that brings us back to our original thought. Security at the speed of need.

Security has long been a speed bump in the race to deploy, be it the historical server room up to the modern SDDC. In today’s SDDC, it’s common practice that an application administrator can request an application from a self-service portal and, in a matter of minutes, multiple virtual machines (VMs) could easily be provisioned, deployed, and made available for use. However, security provisioning practices can inhibit that speed. Why is that? Well, let’s consider what happens once an application administrator submits their request for an application: (see Figure 1)

Screen Shot 2015-04-14 at 1.50.08 PM.png

  1. The security and server teams must assess the application’s requirements, taking into consideration details such as:
    1. Will this workload be public-facing or internal only?
    2. What type of data is involved, e.g. credit card information, healthcare information, etc.?
    3. Are there any compliance issues to factor in?
  2. The server team creates the VMs and delivers them to the security team.
  3. The security team now sets up policies for each security product such as anti-malware, server hardening, compliance, encryption, firewall settings, etc. based upon the requirements from step 1.

At that point, the application is ready to be deployed to productive use, but depending upon the processes in place to get through those steps above, that deployment might take days or weeks. How do we solve this?

The recently released Symantec’s Data Center Security 6.5 suite of products includes a feature: Operations Director (or OD). Operations Director addresses the security provisioning dilemma by enabling customers to automate and orchestrate security provisioning of anti-malware, hardening, firewall, and network intrusion prevention services at the application-level across VMware environments. Here’s how it works: (Figure 2)

Screen Shot 2015-04-14 at 1.53.38 PM.png

  1. When the application request is submitted, OD will determine the security requirements of the application by asking the application requestor a series of questions about the nature of the data in use and the overall service level requirements for the application.
  2. Based upon the responses to those questions, OD will determine the required security policies that will sufficiently protect the application. These policies (and the corresponding questions in step (1) are setup ahead of time by the security team in accordance with the organizations security and compliance best practices.  This approach enables the automation of policy-based security settings, thus allowing security to bypass the need to query the application owner for the details they need to determine the appropriate level of security.
  3. With the policies determined, once the workload is started, Operations Director will detect the application and apply the appropriate policies on the virtual application by orchestrating the security products required by the workload.
  4. Once the security policies are applied, the security and server teams are notified that the application is ready to be added to the production network.

With Operations Director, the request-to-deployment process that previously required manual processes and time spent in meetings or exchanging e-mails can now be accomplished in a matter of minutes – Truly, security at the speed of need.

With the March 2015 release of Symantec’s Data Center Security 6.5, Operations Director can deliver security orchestration for three types of security policies:

  1. Anti-malware policies delivered by Symantec Data Center Security : Server
  2. Server hardening and host-based intrusion prevention/intrusion detection policies delivered by Data Center Security: Server Advanced
  3. Firewall policies using Palo Alto Networks VM series firewall appliances

Operations Director delivers orchestration through REST API based connections with security products and the list of integrated security products and virtualization platforms is growing. However, Operations Director also has built-in integration with VMware NSX, VMware’s SDDC platform. As more security products are certified NSX-compatible, the breadth of security controls Operations Director can orchestrate will automatically expand.

Does the idea of security at the need of speed sound interesting to you?  Let’s talk.

Symantec is a Platinum Sponsor at the RSA Conference, being held April 20 - 24, 2015 at the Moscone Center in San Francisco.

  • Attend the “Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain” session (#2067) on Tues, April 21 @ 2:20pm PST at Moscone West 2009
  • Stop by the Symantec Booth (#3811) at Moscone North Hall at the RSA Conference Expo. Here, our product management team will demo the new features available in Data Center Security 6.5, including Operations Director,   hardening of Openstack Keystone, and security configuration assessments for Cisco iOS networks.
  • Contact your account rep or certified Symantec partner to schedule a demo and learn more.

On April 22nd, we’ll also be presenting a deep dive into the new Data Center Security 6.5 and a sneak preview of the next version. This is available to anyone in the San Francisco area at that time, even if you aren’t attending the RSA Conference.  Register for this session now.

その他の投稿者: 

2015 Internet Security Threat Report: Attackers are bigger, bolder, and faster

0
0
Volume 20 of Symantec’s Internet Security Threat Report (ISTR) reveals that cyberattackers are infiltrating networks and evading detection by hijacking company's infrastructures, while also extorting end-users via their smartphones and social media.

続きを読む

Stay up to date on potential changes to RC4 encryption algorithm

0
0
Twitter カードのスタイル: 
summary

index.jpg

All the major browsers provide “security user interface”, meaning visual elements to inform the user of the security of their connection to the web page they’re visiting. Up until now, those interface elements were tied to the use of SSL/TLS certificates served by the web site. For example, if you went to http://www.example.com, no special elements would be displayed, but if you visited https://www.example.com, you would see a lock icon indicating the presence of a trusted SSL/TLS certificate. You would also see in the address bar the name of the company responsible for the web site, if the web site used an EV certificate. Most browsers change user interface indicators for mixed content (when a secure page loaded scripts, images or other content from a non-secure site).

Some browser vendors are planning to warn users about potential weaknesses in RC4, a popular stream encryption algorithm used in various ciphersuites defined for SSL/TLS, by changing their security user interfaces.

Concerns about RC4 have led the Internet Engineering Task Force (IETF) TLS Working Group to declare that “RC4 can no longer be seen as providing a sufficient level of security for TLS sessions.”, even though it was the preferred method of defense against the BEAST attack years ago.

If your browser and the website you’re visiting negotiate to use a ciphersuite that includes RC4, browsers will warn you by a security user interface change. If the site has an EV certificate, the browser may decline to show the EV display. This is important to understand, since users may expect that security user interface warnings indicate a problem with the website’s certificate, but there may be nothing wrong with the certificate or its chain.

Perhaps more importantly, browser vendors are considering security user interface warnings if RC4 is used in any sub-connection used to build a page. Recall that most modern web pages are built on the fly from multiple sources: static images may be served by a Content Distribution Network (CDN), scripts may come from open source sites, and seal images may be served by the Certificate Authority that issued the website’s certificate. The use of RC4 in any of those connections could result in a broken lock icon or the loss of EV display.

We’re not arguing that it’s unwise to warn about RC4 in a sub-connection – we’re just concerned that many website owners may assume something is wrong with their certificate, and it’s very difficult to determine which sub-connection used RC4 and was responsible for the user interface downgrade. Browser vendors can help by developing enhanced error reporting that pinpoints the cause of the downgrade, allowing website owners to quickly remediate the problem. By the way, remediation would consist of re-configuring the offending web server to de-prioritize or remove those ciphersuites that use RC4. Modern alternatives exist that do not use RC4 and therefore are not affected by its weaknesses.

Symantec provides web-based tools like SSL Toolbox to detect problems with SSL/TLS certificates and chains. We’re also investigating tools and methods to locate websites that still use RC4, to help our customers address RC4-related issues and restore favorable security user interface indicators.

ccSVcHst dmp files need to be stopped

0
0

I've tried below step in a machine & it worked fine.

But we have around 250-275 machine in our network, in which nearly 100 machines(including Servers) this files are getting generated. Is there any solution for stopping it from centralized manager? Please let me know

1) Disable Tamper Protection.
2) Open a Command Prompt window.
3) del "C:\ProgramData\Symantec\Symantec Endpoint
Protection\12.1.5337.5000.105\Data\Install\Logs\*.dmp"
4) Using regedit.exe, set
HKEY_LOCAL_MACHINE\SOFTWARE(\Wow6432Node)\Symantec\Symantec Endpoint
Protection\CurrentVersion\Common Client\Debug\CrashHandler\DumpOn* to 0.
5) Re-enable Tamper Protection.
6) Open a Command Prompt window.
7) cd "C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\12.1.5337.5000.105\Bin"
8) smc -stop
9) smc -start

Symantec Endpoint Protection Continues to Support Windows Server 2003

0
0
On 14th July 2015, Microsoft will end support for all versions of Windows Server 2003
Twitter カードのスタイル: 
summary

On 14th July 2015, Microsoft will end support for all versions of Windows Server 2003, meaning that Microsoft will no longer offer the following:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates

Symantec Endpoint Protection 12.1 customers who are on up-to-date maintenance can be reassured that their Windows Server 2003 machines will still be protected from the latest malware, even after July 14th.  We strongly encourage customers to leverage all the protection layers within SEP including Network Threat Protection, Insight, and SONAR. In addition, we suggest taking advantage of the policy control features, such as Application Control, System Lockdown, and Host Integrity for added protection.

We recognize that organizations sometimes stick with their legacy Windows systems even after the support ends because they want to avoid the risk of downtime caused by changing an OS across the entire organization. Migrating to a new OS can also be manpower-intensive, and can lead to time and cost overruns. However, we recommend that customers migrate to a supported system as soon as possible, not only for better protection, but also to avoid possible instability issues due to compatibility issues with newer hardware and software.

To learn more about how you can secure and migrate your Windows Server 2003 effectively with Symantec, visit go.symantec.com/2003migration

Other Resource:

How Windows Server 2003 End of Support affects Symantec Endpoint Protection[SP1] 

Solution Brief: Simplify Your Windows Server Migration

Windows Server 2003 Migration: Secure in Place


DV SSL Certificates and Ecommerce don't mix

0
0
Phishing using DV certificates is becoming more common

Symantec’s just released Internet Security Threat Report shows that cybercriminals have been busier than ever. And social engineered attacks are one vector that continue to see growth due to the likelihood of success. Although the attacks come in different forms, one approach fools unsuspecting users to click a link which takes them to a “look-a-like” website. That imitation site is typically a highly-phished domain, (i.e. Apple ID or a popular bank or credit card site). But now, to prove their legitimacy, phishers obtain Domain Validated (DV) SSL certificates because they know that consumers have been trained to look for the padlock or “https” in the browser URL window. The appearance of this lock further legitimizes the attack and tricks consumers into disclosing their credentials or banking/credit card details.

There are three types of SSL certificates, each requiring a different level of authentication: DV, OV and EV. Understanding the differences among each SSL certificate type is important to help prevent falling victim to scammers. For example, DV certificates are quick and easy to procure and don’t require any type of information indicating the person trying to get the DV certificate actually represents a legitimate business. Fraudsters often use DV certificates to lure consumers to phishing websites that look authentic but are designed to steal sensitive information. For this reason, doing any type of ecommerce transaction on a DV-only site poses risk. While there are appropriate use cases for DV certificates, it’s important to know how cybercriminals are taking advantage of DV certificates to conduct phishing scams and how to protect against these types of cybercriminal attacks.

Online shopping isn’t going away. Until the industry requires an OV or EV certificate for e-commerce sites or an easier way to identify the types of certificates, consumers will have to bear some of the burden of combatting cyber risks. Knowing the risks ahead of time, however, is half the battle. 

The Bias within All of Us

0
0

Who me, biased? Yes, you. Well not just you, all of us.

Most of you are probably thinking – I am the exception. I know I thought that when I first heard this. However, through my role as a diversity leader I have been challenged to think about equality and diversity differently, to seek out the latest research on what drives inequalities in our company, our industry and society.

Here is what some of the research tells us about the way we think and process information:

According to a 2014 Fast Company article“You're faced with around 11 million pieces of information at any given moment…..The brain can only process about 40 of those bits of information and so it creates shortcuts and uses past knowledge to make assumptions.”

These assumptions, or what we call our “unconscious bias”, are applied constantly in our daily lives to form positive and negative perceptions of a person, situation, statement, etc. These assumptions or biases are not all negative, in fact they help us process information more quickly. However, the fact that we are often not aware of their influence on us makes them even more powerful and challenging to address.

{Click here to register with Project Implicit of Harvard University and test for your hidden biases}

As a diversity leader, my primary goal is to break down inequalities in our workforce and culture. Symantec’s ability to attract, develop, promote, retain and fully engage a wide range of talented individuals enhances innovation in our products and services and improves our competitiveness. We therefore continue to develop leading diversity policies and programs to ensure we have a diverse workforce and inclusion culture, and have set a goal to increase the diversity of our workforce at all levels of the company by 15 percent by 2020 (using a FY14 baseline year).

Tackling Unconscious Bias

Tackling unconscious bias has become central to meeting this goal, but also to creating a truly inclusive culture. Culture is what makes our processes effective, it makes us able to reach and surpass our goals. As our VP of Corporate Responsibility Cecily Joseph stated in a recent Huffington Post article at Symantec we are now asking'how can we bring in more diverse employees?’ but also, 'how can we change our organization's culture so that it embraces diversity?'

For this reason, unconscious bias is now integrated into our global diversity and inclusion road map and will help us deliver across our three strategic focus areas: talent acquisition (increasing our access to a more diverse talent pool), leadership accountability (establishing executive level metrics on talent to drive change) and talent development (building and retaining a talented workforce).

We are looking at three key avenues to accomplish this:

  • Education: What is the science telling us about our unconscious biases, and how can we further educate our employees on how to recognize and minimize them?
  • Impact: What impact is this having on Symantec’s ability to recruit and retain the diverse workforce we need, the diversity of perspectives and knowledge to continually innovate?
  • Action: What actions can we take at Symantec to minimize the role of unconscious biases? While we recognize that we cannot eliminate them fully, we are confident that by educating our employees on the topic and providing them with disruption strategies to address bias, we can minimize their presence and impacts.

Our first step is a training on unconscious bias that will begin with our executive leadership, followed by our people managers, our diversity champions and advocates, and finally to all employees.

What can you do?

I encourage everyone to learn more about the topic and challenge you to think about what your unconscious biases may be. As I mentioned before, we all have them, and they are not all bad. But it is important to acknowledge them and think about how they are affecting you, and others? What are the drivers behind them? And how can you address these to help your company, organization or community continue to foster an equal and inclusive culture.

{Wondering what your unconscious bias is? Click here to register with Project Implicit of Harvard University and test for your hidden biases}

Antoine Andrews is Symantec's Director, Global Diversity and Inclusion

Patching Windows HTTP vulnerability should be prioritized

0
0
Recently fixed CVE-2015-1635 vulnerability could allow remote code execution and facilitate DoS attacks.

続きを読む

Microsoft’s launch of Certificate Reputation

0
0
Continuing to improve trust in the CA/Browser ecosystem

A few weeks ago, Microsoft launched a new addition to their Bing Webmaster Tools which allows website operators to monitor their web domains to help insure there are no improperly issued SSL certificates.

This is a great benefit to those owners because:

  1. It’s easy to use and Microsoft monitors this for free

  2. The Certificate Authorities do not need to do anything special. Certificates are automatically monitored by Microsoft

  3. It’s integrated into the Bing Webmaster toolset. There is no need to sign up separately for the service

  4. It works for all types of SSL certificates, not just EV

However, there are a few limitations today:

  1. This is currently a “preview” and only collects data from users on Windows 10 which itself is currently only in a preview release. Hence the data is limited. However, this will improve with the formal release of Windows 10.

  2. The data that Microsoft is gathering is not made public which prevents the public at large from also seeing the certificates. However, the need being addressed is that of website owners.

More details are in this Microsoft blog.

Trust continues to be enhanced in the Browser/Certificate Authority ecosystem (as discussed in this prior blog) and Certificate Reputation is another tool (along with Certificate Authority Authorization-CAA, Certificate Transparency-CT, and Public Key Pinning) along this path.

NetBackup 5330 Appliance: Leading the Pack on Environmental Efficiency!

0
0

Datacenter floor space is a lot like closet space, you can never have enough of it. My first house was built in the late ‘40s, and had tiny closets. This meant my wife got the bedroom closet, and I got the closet in the second bedroom. Over the years, we have moved and remodeled, and have always filled the closets to capacity. Datacenters are a lot like this, except 1) data center floor space is much more expensive, and 2) other areas of the building are not suitable for data center equipment.    

How Severe is the Problem? 

The challenge with limited data center resources impacts companies in two areas;

  • Cost:  power, cooling, and data center floor space are expensive.  According to Gartner,  “Energy-related costs account for approximately 12 percent of overall data center expenditure and are the fastest-rising cost in the data center”.1
  • Limited Resource Availability:  To expand power, cooling, or floor space often requires a significant amount of lead time, capital improvements, and can be a major distraction to existing operations. Nearly 85 percent of enterprises said issues with data center power, space and cooling capacity have delayed or canceled application rollouts, reduced their ability to support customers and resulted in unplanned reallocation of resources away from strategic goals during the past year2, according to IDC.

NetBackup Addresses the Environment

When we recently introduced NetBackup 5330 Integrated Appliance, we highlighted its environmentally-friendly design. While it is fairly straightforward to measure performance, scale, and resiliency, how is environmental impact measured? 

One measure and validation of a product’s energy efficiency is the United States Environmental Protection Agency program, Energy Star. Most often associated with consumer products, such as washers and dryers, the Energy Star program applies to business products. The benefit of this program is it provides an independent certification and enables businesses to easily compare products from an energy efficiency standpoint. 

Energy Star.png  NetBackup 5330 appliance is Energy Star compliant, and is the only integrated purpose-built backup appliance (PBBA) with this certification.  No other integrated, or target PBBA, has this distinction! 

Not only does the appliance reduce power and cooling expenses compared to other backup appliances, but it has great density. Density is important as it supports more TBs per rack space unit (RSU) or floor space, which means greater efficiency and less cost in the data center. 

How Does NetBackup 5330 Compare?

To put the environmental impact into perspective, I compared the NetBackup 5330 to the DataDomain 990, a target deduplication appliance. Based on published information (columns B, C, and D), I calculated the TB per RSU (B/C) and Watts per TB (D/B). 

NetBackup 5330 Comparison to DataDomain 990

 

Usable Capacity* (TB)

(B)

Total Rack Space Units (RSU)

(C)

Total Power (Watts)

(D)

TB Per RSU

(B/C)

Watts Per TB

(D/B)

DataDomain 990518.4767,040  6.813.6
NetBackup 5330219.2102,44221.911.1
                      * Adjusted to reflect Base2.  (i.e. 1TB = 1,099,511,627,776 bytes).
 
 
Based on the above calculations; the NetBackup 5330 appliance is more efficient than the DD990: 
  • 3.2 times more space efficient. In the same amount of space, NetBackup 5330 can store and protect 3.2 times more data than the DataDomain 990. Or, if reducing space is a goal, NetBackup 5330 will require 69% less space than a DD990. 
  • 18% more energy efficient. NetBackup 5330 will use 18% less power for the same amount of capacity. 

storage and power savings_0.png

Note: as a target appliance, the DD990 would require backup software and media servers to run the software. This would increase DataDomain’s hardware and software costs, increase its power and cooling requirements, and require more rack space. In other words, I have taken a conservative approach with DataDomain’s power, cooling, and density usage compared to NetBackup 5330. As an integrated appliance, the NetBackup 5330 includes the media server, backup software, and storage.   

Conclusion

The NetBackup 5330 delivers performance, scale, and resiliency, AND addresses the environmental factors of power, cooling, and floor space. NetBackup 5330 is the only Energy Star certified purpose-built backup appliance. For organizations looking for an industry-leading backup solution that reduces floor space and power consumption, the NetBackup 5330 is the perfect choice. 

To learn more about the NetBackup 5330 integrated appliance, two resources are;

Footnotes:

  1. Gartner Press Release, “ Gartner Says Energy-Related Costs Account for Approximately 12 Percent of Overall Data Center Expenditures”, September 29, 2010. 
  2. IDC WHITE PAPER, “The Datacenter's Role in Delivering Business Innovation: Using DCIM to Enable a Common Management Approach”, Richard L. Villars, November 2012, #237737.

The Internet of Things (IoT) and Security Risks

How SymGauge and Quantitative Security (aka Moneyball for Security) are Home Runs for the Cybersecurity Industry

0
0

MoneyballRSAscreengrab_1.png

It’s an exciting time at Symantec. Like the start of a new baseball season, we’re entering the RSA Conference 2015 with a fresh lineup of upcoming offerings that further advance our Unified Security vision: SymGauge and Quantitative Security (aka Moneyball for Security)

And we believe they’re Home Runs for the whole industry.

SymGauge and Quantitative Security are each being built on top of our Unified Security intelligence platform, which aggregates security-relevant intelligence from Symantec-protected devices, networks, and clouds from around the world. And by intelligence, we don’t simply mean traditional security alerts, but rich telemetry such as user, system and network behaviors, data access patterns, and so on. These two upcoming offerings, described below, are the first of a new class of Security Analytics Applications that will transform the industry and future horizons.

Think of it like a MLB manager trying to squeeze another strikeout from a pitcher in the 9th inning. With the right intelligence (data) on the opposing team’s batter, you can make informed decisions on when to switch pitches (strategies) to protect your lead. At Symantec, with our innovative Unified Security approach, we use data to gain an advantage over the adversary (attackers/threats).

Let me explain how SymGauge and Quantitative Security (aka Moneyball for Security) each work and support our Unified Security vision.

SymGauge
The current security industry landscape shows traditional security risk assessments are often process-oriented, manual and take several weeks of effort. SymGauge aims to change up the current game. With its data-driven and analytical approach, SymGauge wants to disrupt the security market in the same way that Zillow did to the real-estate market. With SymGauge, enterprise customers will have a comprehensive and fine-grained understanding of their security risks and be able benchmark their security performance against peers.

SymGauge is powered by Symantec’s deep visibility into the enterprise IT environment, our global threat intelligence and deep understanding of how threats work, and our understanding of security risks facing consumers. As a leader in global threat intelligence and actionable cybersecurity, we’re uniquely positioned to utilize our insights into our Unified Security approach. SymGauge is non-intrusive and requires no installs – it simply leverages our already vast enterprise and consumer install base. 

Quantitative Security (aka Moneyball for Security)
In his book “Moneyball: The Art of Winning an Unfair Game,” author Michael Lewis wrote how the General Manager of the Oakland A’s applied data analytics on a wide array of attributes to quantitatively determine the best team for a given budget. Despite consistently having one of the smallest budgets in baseball, the A’s have made the playoffs eight times in the past 15 years. As many of you also know, they made a film based on the book.

Let’s apply “Moneyball” to the current cybersecurity industry. 

Today, enterprises leverage entirely qualitative techniques when purchasing, deploying and configuring their security products and services. But then questions arise:

  • Should I use white-listing or sandboxing to defend my servers?
  • What sensitivity setting should I use for my behavioral protection?
  • What is the impact of running Adobe Acrobat v9 in my enterprise vs. the latest version?

These questions are currently determined in a qualitative fashion, based on anecdotal evidence, marketing pitches, and guesswork. It’s a lot like old baseball teams selecting their players based on a small number of metrics, and a lot of gut instinct.

But with our new Quantitative Security approach, we’re going to change that. Here’s how: 

  1. Symantec will first use our products and services to gather telemetry that enables us to measure key security outcomes for each enterprise; for example, the number of infections per thousand machines per month, or the number of console-hours per security analyst per month.
  2. We will then gather actual product deployment and configuration details from each enterprise; for example, what security products/versions each customer has deployed and the configuration settings for those products.
  3. Armed with both classes of telemetry, Symantec can derive correlations between different product deployment scenarios and various outcomes across our customer base.

In the future, as an example, we’ll be able to tell a customer: “Changing from behavior blocking sensitivity level 6 to 7 will results in 22% fewer infections per thousand machines per month, which will likely translate to 200 fewer person-hours per month on remediation time.”

Moreover, we will similarly be able to estimate the negative impact to each enterprise based on historical data; for example, “Switching to sensitivity level 7 will result in 3% more false alarms, which will likely translate to 5 more person-hours of investigation per month.”

And this won’t just apply to optimizing settings – we will now be able to quantitatively help each enterprise decide how to best spend their limited security budget based on their unique circumstances, which vulnerabilities to patch first, and so on, enabling them to optimize for their most important outcomes.

We believe that this will transform the way enterprises buy, deploy and configure security software. It’ll turn protection into a science rather than an art.

See you at RSA Conference 2015

AmitMoneyballRSASG_0.png


Altiris DS 6.9 SP5 - Server side script returns error "A required privilege is not held by the client"

0
0
Solution

I recently had a problem where a server side (Altiris DS) script was outright failing to run giving an error 1314 - A required privilege is not held by the client. If the job was run on a client, it worked first time.

I did a little searching and saw this article on the support forums:

http://www.symantec.com/connect/forums/running-ser...

There didn't appear to be an answer in the thread and it was since locked.

After playing with the job in quiestion I've managed to replicate this symptom twice in different circumstances, one with a blank job another with a job that contained file paths. In my job, it didn't seem to matter what I put into the script at any point, even the first line was not getting processed, so the script itself didn't seem to matter. That made me think about how the DS works when it parses a script to be run - I thought the problem may involve UAC / user elevation.

In my particular job I had file paths specified that pointed to C:\windows\temp as a directory for a temporary output text file.
Content was supposed to be written into this text file that was then parsed for various strings.
The job would fail outright with the error message above - A required privilege is not held by the client (1314)

Our Altiris DS implementation runs under a Windows service account, not local system.
The service account that the Altiris DS runs under is a local administrator and the ACL on the C:\windows\temp folder did contain "administrators".
However I'm fairly sure as we run UAC on our servers, to be able to actually use this ACL group membership an elevation will be required.
It appears that the DS application is potentially unaware or unable to cope with this mechanism in 6.9 SP5.
.
Placing the service account onto the ACL for the C:\Windows\Temp directory, directly with modify rights solved the issue and the script ran.

So onto the issue of a blank job, I think the same principal applies here.
When the DS parses a script it usually writes the content into a file called "RxScript.bat" and places it in the temp directory on the machine of execution.
The thing to check here if *any* script doesn't run at all, including a blank one when executed server side is the ACL on the DS temp directory.

Ensure your service account (if you are using one) has modify access to the local temp directory - try %temp% for a user account or c:\windows\temp for the system by default. As long as the account that the DS runs under has write/modify access to the temporary working area without the need for elevation the script will not error on execution.

You may also consider removing UAC completely from your server platform hosting the DS, but if you do chose this route be aware of the security implcations before doing so and obtain the appropriate sign off from a documented change control process. (In other words, test it and cover yourself).

P

Symantec’s essential guide to today’s threat landscape. Part 1 Out now

0
0

In 2014 , the foundations of Internet security were shook by the Hearthbleed bug, a vulnerability of human-built software that reminds us of the need for vigilance, better implementation and more diligent website security.

As part of that story, we saw criminals grow more professional, sophisticated and aggressive in their tactics to the detriment of businesses and individuals.  Poodle and Shellshock provided ways to criminals to use websites to access servers, steal data and install malware;  cryptoware – variant of ransomware encrypts a victim’s files – increased significantly  and  even social media and phishing scams took advantage of people’s fears around hacking to entice them into clicking.

Symantec  has the most comprehensive source of Internet threat data in the world and also maintains one of the world’s most comprehensive vulnerability databases. Spam, phishing and malware data is captured through sources including   Symantec.cloud and other Symantec security technologies; Our websites security solutions provides 100 percent availability and processes over 6 billion online certificate status protocol looks-ups per day.  These resources give Symantec analysts unparalleled sources of data with which to identify, analyse, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam.

The result is the Symantec Website Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their systems effectively now and into the future.

Let’s start to point out some of the trends in cybercrime we saw last year:

Web threats

Web threats got bigger and much more aggressive in 2014 as holes in commonly used tools and encryption protocols were exposed and criminals made it harder to escape their malicious clutches.

With no doubt, Heartbleed was the most remarkable security event last year;  a vulnerability in the OpenSSL cryptographic software library meant attackers could access the data stored in a web server’s memory during an encrypted session. Although the response was swift and within five days, that event caused many more people to take note and improve standards in SSL and TLS implementation.

ShellShock and Poodle were other example of vulnerability that appeared last year.

Of all the websites Symantec scanned for vulnerabilities in 2014, around three quarters were found to have vulnerabilities – about the same as last year, however,  the number of websites actually found with malware was much lower than last year, having reduced from 1 in 566 to 1 in 1,126.

Ecrime & Malware

Every day, personal banking details are phished by fake emails and websites. Computers infected with malware are used to send out spam or contribute to distributed denial-of-service attacks. Perhaps the most unlucky see all their files encrypted and their computer made unusable by ransomware.

The underground black market is thriving. Criminals are moving their illegal marketplaces further from public gaze; they have become more professionals and have sophisticated their cybercrime techniques.

Malware – distributed by email- has declined in 2014 but it still reminds as a very dangerous tool of cybercrime or  Ransomware, alternative way of cybercrime-  used to encrypt the data on victims hard drives and demand payment to unlock the files; both are some examples of how criminals work.

Malvertising

During 2014, we saw ransomware and malvertising cross paths as the number of victims getting redirected to the Browlock website hit new heights.

Browlock itself is one of the less aggressive variants of ransomware. Rather than malicious code that runs on the victim’s computer, it’s simply a web page that uses JavaScript tricks to prevent the victim from closing the browser tab.  But iIt’s not just ransomware that malvertising helps to spread: malicious adverts also redirect to sites that install Trojans.

From the website side, it is hard to prevent malvertising, as they have no direct control over the ad networks and their customers. However, site managers can reduce risk by choosing networks that restrict ad functionality so advertisers cannot embed malicious code in their promotions. And of course, when selecting an ad network, due diligence goes a long way.

15948-Symantec-WSTR-403x403fb-V2_0.jpg

Download your free copy of the Symantec Website Security Threat Report Part 1 here: https://www.symantec-wss.com/uk/WSTR-2015-1/social

Discover more about today’s threat landscape in Part 2 of the WSTR. Coming soon.

How to Automate Password Change Notification Through Email

0
0
Email Users a Active Directory Password Expiration Notification and Save your Time
Automating Password Expiration Notifications

Windows users who logon to their system with a local logon account or a domain logon account are familiar with the password expiry notifications. These messages alert the user of password expiry in advance so that he can change it before its expiry. But how it works on your computer? Can you configure its day settings as per your wish? Here are the answers.

How does Windows Logon Mechanism Work?

In all recent Windows as well as Windows Server versions, it is mandatory to validate user identity to log on to a system. A successful logon comprises authentication, a user action and authorization, a software action.

  • Authentication

Authentication is a user action. The user supplies his log on credentials (user name and password).

  • Authorization

In authorization, the software (after checking the authentication credentials) decides if the user is authorized access the resources.

Interactive Log on – Using Local User Account or Domain User Account

Interactive Logon is possible when a user logs on to computer using a Local User Account or Domain user account.

  • Local User Account

A local user account is created in the Security Accounts Manager (SAM) of the local computer. Its user information is stored in local computer registry only, even if it is a network computer. Users have access to local resources only.

  • Domain User Account

A domain user account is created in the Active Directory of the domain. The computer evidently is a network computer, and users have access both to the resources of the local system and the domain.

How password expiry notifications work in interactive logon?

Password expiry, implemented for security reasons, forces users to change their passwords periodically. It is expected that all users change their passwords prior to its expiry so that they do not have to depend on IT help desk or administrator for password resetting. Windows operating system, from Windows 98 version onwards, owns the facility to remind users of the imminent password expiry in advance. This default facility works as such unless your AD administrator configures it differently. Administrators can set password expiry and its configurations using AD facilities. Otherwise you can edit some of the interactive logon policies by yourself.

‘How many days in advance users need to be reminded of password expiry’ - set it yourself

With administrative rights there with you, you can set how many days in advance the reminder message should appear (provided AD administrator has not done it). This is done using the Local Group Policy Editor of your system. This is how you can do it:

  1. Click Start > Run, and enter gpedit.msc

1.JPG

  1. When the Group Policy Editor appears, expand its nodes Computer Configuration, Windows Settings, Security Settings, and Local Policies; select Security Options.

2.JPG

  1. Open the policy ‘Interactive Logon: Prompt user to change password before expiration.’

  1. You can see a default value for this setting. Change the value as per your requirement and click Apply.

3.JPG

Note: to know more about this setting, just click the Explain This Setting tab.

4.JPG

  1. If required, you can try modifying some more Interactive logon settings. More about each setting can be learned from Explain This Setting tab of the corresponding policy window.

5.JPG

How Administrators can configure password settings?

Active Directory administrators can use Group Policy Settings to configure many password related policies at the domain level.
 

Lepide User Password Expiration Reminder - Automate Password Expiry Email notifications

Lepide User Password Expiration Reminder (LUPER) is a professional tool that makes password management easy for Administrators. Apart from notifying users of password expirations in advance, it prepares many comprehensive password related reports that are extremely helpful for administrators. It minimizes password expiry related disarrays, and reduces the work load of administrators and IT help desks.

6.JPG

Blog Summary

It is a good practice to reset user passwords periodically as it improves the overall security of systems as well as domains. To enforce such a habit in the organization, administrators need effective password expiration reminder tools like LUPER. This tool makes it easy to notify password expirations, and also gives all password related information at administrators’ fingertips to lessen their workload.

How to install RAWS on a Windows CORE Operating System?

0
0
Twitter カードのスタイル: 
summary

It has been widely noticed that the remote agent installation of the Agent for Windows fails with the error

06-05-2014,14:58:57 : Return Value of Microsoft Visual C++ 2010 Redistributable (x86) : 1603
 
+ 06-05-2014,14:58:57 : ERROR: Failed to execute VC 10.0 runtime installer. Error code 1603.
 
CAUSE:
 
This issue occurs on servers that have the Windows Security Update KB2918614 installed.
 
SOLUTION:
 
1. Copy the AGENTS folder from the installed location of Backup Exec . X:\Program Files\Symantec\Backup Exec to the C Drive of the Windows Core OS server using the Windows UNC path.
 
2. Once done, perform a command line installation of the Agent for Windows
  1. Open Command Prompt and browse to the RAWS folder which was copied on the local drive using DOS commands.
     
  2. In the command prompt window type setupaa.cmd (for 32-bit OS) or setupaax64.cmd (for 64-bit OS) and press enter to install Agent for Windows.

NOTE: The installation process might take around 2 to 3 minutes during which, there will not be any changes happening in the Command Prompt.

3. Add the server in Backup Exec and establish a trust relationship before proceeding with the backup.

REFERENCE: http://www.symantec.com/docs/TECH179142

IT Management Suite 7.6 HF1 is now available

0
0

IT Management Suite 7.6 HF1 is available through SIM. The release has the following highlights:    

  • Support for RHEL 5.11 and 6.6
  • Support for Microsoft SQL Server 2008 R2 SP3
  • Fixes for several customer issues
  • Easier ways to import the third-party certificate to Internet gateway
  • OpenSSL is upgraded to version 1.0.1m
  • New check box for the Deploy Image task

You can access the ITMS 7.6 HF1 release notes from the following location:

http://www.symantec.com/docs/DOC8505

その他の投稿者: 
Viewing all 5094 articles
Browse latest View live




Latest Images