Articles on this Page
- 04/30/15--03:59: _Amateur attackers c...
- 04/30/15--07:58: _Mind Your Back
- 04/30/15--11:02: _New! Veritas™ Capac...
- 04/30/15--11:31: _The Power of Go Cha...
- 05/01/15--09:36: _Many Cultures, One ...
- 05/02/15--13:12: _How to delete the 7...
- 05/04/15--00:46: _Symantec Unveils Cy...
- 05/04/15--03:30: _Symantec Workspace ...
- 05/04/15--03:30: _Bulk set custom loc...
- 05/04/15--03:33: _Backup Exec Securit...
- 05/04/15--08:38: _Could The Empire Ha...
- 05/04/15--10:55: _April 2015: Most Po...
- 05/04/15--20:07: _Begun the cloud war...
- 05/05/15--08:52: _Today is Silicon Va...
- 05/05/15--10:48: _How to use Horizon ...
- 05/06/15--03:22: _Setting a Retention...
- 05/06/15--09:07: _ServiceDesk Workflo...
- 05/07/15--04:29: _Information Securit...
- 05/07/15--07:35: _Great Resource
- 05/07/15--08:38: _CR in Action: Syman...
- 04/30/15--07:58: Mind Your Back
- 04/30/15--11:02: New! Veritas™ Capacity Assessment Tool
- 04/30/15--11:31: The Power of Go Channel
- Doctors Without Borders USA, an organization delivering emergency medical aid to people affected by conflict, epidemics, disasters or exclusion from health care.
- The American Red Cross, which has been working with The Nepal Red Cross (NRCS) since 1999. NRCS is headquartered in Kathmandu and has branches in all 75 districts, more than 1,300 sub-branches, 1.1 million members and 100,000 active volunteers.
- Give2Asia, which works with community-based organizations throughout Asia, connecting them to corporations, foundations and individual donors to charitable causes, coordinating comprehensive programs that address the region's greatest needs. They are currently conducting initial assessments with local partners in Nepal to develop long-term rehabilitation initiatives in the aftermath of the tragic earthquake.
- CARE, a leading humanitarian organization with seven decades of experience delivering emergency aid during times of crisis. Their emergency responses focus on the needs of the most vulnerable populations, particularly girls and women.
- Mercy Corps, a leading global humanitarian agency saving and improving lives in the world's toughest places.
- America Nepal Medical Foundation, which promotes the advancement of medical training and practice in Nepal , strengthens research capability of Nepali health professionals and fosters collaboration with North American research institutions.
- Shelter Box, providing emergency shelter and vital supplies to support communities around the world overwhelmed by disaster and humanitarian crisis.
- World Vision, which focuses on bringing children out of poverty and building communities with its relief work. The organization already has a presence in Nepal.
- Oxfam America, a global organization working to right the wrongs of poverty, hunger and injustice. Oxfam aid workers are on the ground in Nepal, providing clean water, toilets and shelter to thousands of people.
- Save the Children, which has worked in Nepal since 1976, focuses on providing children with a healthy start, the opportunity to learn and protection from harm.
- Sahayeta, which supports causes in the Himalayan region to further education, health, children's rights, elderly rights, and women empowerment.
- 05/02/15--13:12: How to delete the 7 months old catalog on Linux server
- 05/04/15--00:46: Symantec Unveils Cybersecurity Strategy at Interpol World Congress
- How to identify and prioritise key threats
- How to respond quickly to contain the impact of, and recover from, an attack
- How to measure and demonstrate the value of our spending on security
- How best to use the resources and capabilities we have to protect our organisation.
- 05/04/15--03:30: Symantec Workspace Virtualization & Streaming 7.6 Documentation
- Symantec Workspace Streaming
- Symantec Workspace Virtualization
- Symantec Virtual Composer
- In the Streaming Console, go to the top right corner of the Console and click admin > Help. The Symantec Workspace Streaming Help dialog box is displayed.
- In the Symantec Workspace Streaming Help dialog box, click Symantec Help Center link.
- Browse to the Symantec Knowledge Base at the following location: www.symantec.com/business/support/index?page=home
- Under TOP PRODUCTS, click Supported Products A to Z.
- On the Supported Products A - Z page, do one of the following:
- Click Workspace Virtualization (formerly SVS). This will bring you to the Workspace Virtualization documentation landing page. For each release, Workspace Virtualization documentation is posted at this location.
- Click Workspace Streaming (formerly AppStream). This will bring you to the Workspace Streaming documentation landing page. For each release, Workspace Streaming documentation is posted at this location.
- Example of how it looks in database "dbo.SWDPackage" SQL table when packages have default C:\ location on PS machine:
- You can SQL Query dbo.SWDPackage table and set your custom location, where Package Server will move them from C:\ drive to custom Drive path. For example, I've changed it to "D:\SoftwareManagementPackages" via SQL Query only for required software packages
- After this SQL query execution, I've run "Complete Update Membership" and "Package Refresh" tasks on SMP Server -> refresh policy on "Package Server" machine -> PS will create this custom folder on separate Drive and will move all updated packages from C:\ drive to this custom location.
- Before software package PS location path changing in database, make sure that your have separate drive available with appropriate free space on "Package Server" machine(s), where these packaged will be stored.
- 05/04/15--03:33: Backup Exec Security Blogs
- 05/04/15--08:38: Could The Empire Have Been Saved by Better Encryption?
- 05/04/15--20:07: Begun the cloud war has
- 05/05/15--08:52: Today is Silicon Valley Gives Day!
- 05/05/15--10:48: How to use Horizon with Keystone V3
- 05/06/15--03:22: Setting a Retention Category in Enterprise Vault
- 05/06/15--09:07: ServiceDesk Workflows Modification Restricted
- 05/07/15--04:29: Information Security - Prevention is better than cure.
- Confidentiality – Information should only be seen by those persons authorized to see it. Information could be confidential because it is proprietary information that is created and owned by the organization or it may be customers’ personal information that must be kept confidential due to legal responsibilities.
- Integrity – Information must not be corrupted, degraded, or modified. Measures must be taken to insulate information from accidental and deliberate change.
- Availability – Information must be kept available to authorized persons when they need it.
- Protecting confidentiality
- Ensuring integrity
- Maintaining availability
- Social engineering
- Keeping a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
- Following good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
- When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.
- Backing up their work: Whether you set your employees' computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
- Staying watchful and speaking up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
- Chain letters
- Non company sponsored charitable solicitations
- Political campaign materials
- Religious work, harassment
- And any other non-business use.
- Acceptable Use
- Social Media
- Bring Your Own Device
- Security Incident Management
- Do not share your password with anyone including staff
- Do not write your password on any paper, whiteboard or post it pad
- Do not use easy to remember words as passwords e.g. Aug2001
- Do not use personal information or any word in any language spelled forwards or backwards in any dictionary
- Do not visit inappropriate web sites e.g. pornographic or hacker web sites
- Do not download unlawful or unlicensed software from the Internet
- Do not install unlicensed software onto your computer
- Do change your password regularly for every system.
- Do use a combination of letters, symbols and number for passwords
- Do use difficult passwords which are at least 6 characters long
- Do enable your Screen Saver Password or lock your workstation
- Do scan your computer regularly for viruses and any diskettes as well before you use them on your computer
- Do check that your virus software patches have been updated when you receive the regular update emails from Desktop Support
- Do backup your data at least once a week. It is your responsibility to do so.
- Do lock away all confidential documents, files and diskettes at the end of each work day
- 05/07/15--07:35: Great Resource
- 05/07/15--08:38: CR in Action: Symantec’s FY15 Media Highlights
We demonstrate how a relatively unskilled attacker could gain access to data from more than 11,000 files in unsecured IaaS cloud environments.
Microsoft’s End of Support of Windows Server 2003 later this year has been much publicised. However for many organisations the true meaning of the tasks at-hand and the decisions to be made are not yet fully understood. For those who migrate away from Windows 2003 the planning and execution cycles will be long and complex. Through backup and recovery Symantec helps to mitigate the risk associated with migration and supports the decision to move forward, whatever the outcome.
Q: So what is the risk associated with the Windows Server 2003 End of Support Life?
A: There are two main aspects to the risk as organisations look at options for the future. Firstly and immediately, the removal of access to Microsoft support and the end of product hotfixes and security patches will leave some feeling uneasy. As we have seen in the past, platforms reaching this point can become targets for attack. Ensuring that the data hosted on legacy systems is protected is paramount – data is the number one priority. The second aspect is related to the migration itself. The ability to protect that critical data before, during and after migration is critical both for historical purposes but also to protect against the risk of failure during the migration itself.
Q: Where should organisations start when they think about this migration?
A: Three things should go into the planning cycle to begin with. Firstly, understand specifically where the risk exists in the environment. Secondly, manage the risk with a multi-tier long-term plan. The risks and outcomes are unlikely to be the same across all systems. Plan to ensure that data can be recovered and kept available whatever the outcome and whatever the risk. Backup and recovery are an important consideration early-on to help mitigate the risks before, during and after migration. Whilst the compelling event here is around software, there is also a risk around out-of-maintenance hardware; likely given the length of time since Windows Server 2003 reached end of sale.
Q: What are the likely outcomes that customers will move towards?
A: Four outcomes seem likely. Firstly, for some organisations or perhaps some parts of some infrastructures, the answer will be to do nothing in terms of migration. Custom applications for instance that require Windows 2003 may leave an organisation with no option but to maintain the Windows 2003 platform. In this instance, ensuring those systems are locked-down to prevent unintended code from being run will be important as will tight security and a frequent, regular data protection routine. The second option will be to migrate servers like-for-like. Upgrade the hardware and Windows platform to mitigate the hardware and software risk, particularly with so many Windows Server 2003 licenses being tied to the server hardware. Thirdly, and possibly most likely, migration to virtual will see risk removed with new hardware and new, consolidated operating system platforms which also server to reduce total cost of ownership, but which may leave data protection incomplete. The fourth option sees more and more organisations electing to move data and systems to the cloud. Uptake remains relatively slow, but is being seen as attractive from a cost, complexity, management perspective. Cloud is not without its own complexities and risks however and it is important to bear in mind that data in the cloud is not the only copy of data required. With the second, third and fourth options, being able to protect before, during and after migration is fundamental. Data is priority one.
Q: What characteristics should organisations look for as they think about data protection and recovery?
A: The ability to define and meet Recovery Point and Recovery Time Objectives (RPO and RTO) should be front of mind. A simple-to-use, unified data protection product will help to drive consistent, reliable recoverability before, during and after migration. Breadth of platform and application support allows for protection of all data on Windows 2003 systems with recovery to Windows 2012 systems, whether physical or virtualized. These factors contribute to an organisation’s ability to protect frequently and recover quickly. Unifying data and system protection across physical and virtual can also present opportunities to support change: the ability to transform physical to virtual for testing or recovery purposes as new applications and updated operating systems need to be checked for compatibility and expected performance. Finally, throughout any operation of this magnitude and complexity visibility into and across all data and platforms is key not only in driving immediate recoverability but also to deliver greater granularity for recovery of data and systems with different levels of importance. Whilst all systems should be included in a simple licensing framework the all-encompassing nature of such a framework is important to allow for best use of product features. Not all systems require all features, so flexibility is important, remembering that data is priority one.
Q: So what should I do now in talking to my customers?
A: Three things:
Understand - What systems, applications and data to they have today?
- Where is the risk in their environment?
- What does the migration project lifecycle look like?
Manage - What migration outcome best suits your customer’s need?
- What migration skills and plans can you help them build?
- What is the customer’s timescale relative to risk?
Plan - Data is priority one – make sure it is protected throughout
- Help with a wise choice – protect today, recover tomorrow
- Understand and match characteristics to the right product features
We are excited to announce the NEW Veritas™ Capacity Assessment Tool.
As partners and end users move to a simpler Capacity-base licensing model, the Veritas™ Capacity Assessment Tool is designed to easily and quickly identify the amount of data to protect in an environment.
How does the Veritas Capacity Assessment Tool work?
The tool is a standalone, executable that can be run from almost any Windows x86 or x64 system. Microsoft server and desktop operating system platforms are supported.
(Note: Microsoft .NET 4.0 must be installed)
After running the tool, the user simply selects the machines for which data capacity should be calculated, and then starts the assessment process.
The tool is capable of scanning the contents of the local server on which it is being run, as well as the contents of other remote servers that are available on the network. This includes scanning multiple remote servers concurrently.
How does the Veritas Capacity Assessment Tooldisplay results?
The tool generates a report after completing the assessment process. The report is designed to be user friendly and very easy to read, highlighting Total Used Space and Total Capacity in Terabytes from the assessment.
A ‘quick view’ is provided as soon as the assessment process completes. The user also has the options to switch to full view mode or to save the file for later reference.
For additional information on how Backup Exec Capacity-based licensing makes it easier to use, manage and license:
Backup Exec Capacity Edition Lite
Backup Exec Capacity Edition
Backup Exec 15 Licensing Guide
May is Asian-Pacific American Heritage Month in the United States, and we would like to take the opportunity to celebrate the generations of Asian Americans who have contributed to building the United States as a nation, and to celebrate our employees in the APJ and India regions, for their innovations and contributions to Symantec. We begin this two-part series with a look at the origin of this month as well as a prominent Asian figure in the technology sector, Sony Engineer Nobutoshi Kihara.
“My message has always been to break through what is common sense and common knowledge, and make the impossible possible,” - Nobutoshi Kihara, Sony Engineer
Asian-Pacific American Heritage Month originated in the United States in 1978, with a joint congressional resolution establishing Asian-Pacific American Heritage Week. The first 10 days of May were chosen to coincide with two important milestones in Asian-Pacific American history: the arrival of the first Japanese immigrants to the United States (May 7, 1843) and contributions of Chinese workers to the building of the transcontinental railroad, completed May 10, 1869. In 1992, Congress expanded the week to a month-long celebration. 
The theme of Asian-Pacific American Heritage Month in 2015 is Many Cultures, One Voice: Promote Equality and Inclusion. This theme is particularly apt at Symantec, where the roots of our Asian employees span over a dozen countries, cultures and languages, but come together as one workforce to innovate the best products and services for our customers worldwide.
Asian and Asian-American heritage is a very significant part of Symantec’s culture.
25% of Symantec’s workforce in the United States identify as Asian, 21% of our international employees live and work in the APJ region and 15% in India. Our employee resource group Leading and Empowering Asian Development (SymLEAD) provides a forum for our employees to celebrate Asian-Pacific culture, network with fellow colleagues, and support Symantec in keeping diversity core to our values. And our Supplier Diversity program encourages supplier partnerships with Minority Owned Business Enterprises, including those of of Asian/Asian-American ownership.
Symantec’s Singapore team celebrates Chinese New Year
Symantec employees in Pune celebrate the opening of a new Pit Stop Express, where employees can walk in and troubleshoot IT issues with service desk employees.
This coming month, Symantec’s Diversity & Inclusion team will be highlighting Asians and Asian-Pacific Americans that have made significant contributions to the field of technology. In highlighting heroes of technology from different backgrounds and experiences through our Heritage Month campaigns, we not only pay homage to these inspiring individuals - we diversify the images and stories we associate with technology beyond the mainstream.
Our first highlight is Sony engineer Nobutoshi Kihara. A Tokyo native, Mr. Kihara not only invented the Walkman for Sony, but was instrumental in the invention of the transistor radio, the tape recorder, one of the world’s first videotape recorders, the Betamax, eight-millimeter video movies, the digital still camera known as Mavica and many other products, resulting in over 700 patents attributed to him.
“Anyone can find out the common sense things, and my role is not to teach common sense,” he said in a 1994 oral history for the Center for the History of Electrical Engineering “My message has always been to break through what is common sense and common knowledge and make the impossible possible.”
Supporting Nepal Relief Efforts
On April 24, an earthquake with an estimated magnitude of 7.8 hit Nepal. While the quake struck near the capital city of Katmandu, deaths were recorded across Nepal, India and China. Current death estimates are around 5,800 people, while many thousands are injured or unaccounted for.
Symantec continues to monitor the situation and respond to relief efforts as appropriate. We are working to provide our employees with opportunities to support relief efforts through our Employee Matching Grant Program that maximizes employee cash contributions through a dollar-for-dollar match of all employees’ personal charitable contributions, up to $1,000 per employee per year.
Organizations supporting relief efforts in Nepal that employees can support through our Matching Grant Program include:
Ruha Devanesan is Symantec's Manager, Global Diversity and Inclusion
 At least 51% owned and controlled by individuals belonging to certain ethnic minority groups, such as Asian, African-American, Hispanic and Native American descent.
one of our Symantec NetBackup master server indicating dis pools is full over 94%. we are having over nine old catalogs, each one is over 6 months old. I was planing to delete multple old catalogs , in order to create additional space. here is the commands I have used .
master server name:/usr/openv/pdde/pdcr/bin# bpexpdate -recalculate -backupid ( this is backup Id that I find under catalog search window1417928400 ) -d 0 -copy 1
that meet the following criteria:
backupid master server name.es1.company name_1417928400
to expire NOW
no entity was found <<<< error message
If I am usig wrong command, what is the correct one. ?
maybe I am in wrong place to delete old catalog, what is correct path?
this is a output of folder
master server:/usr/openv/pdde/pdcr/bin # ls
.bin catalogcaseconvert crdoreader crrepair dcpcrypt dsiddel genpo pddeDR report62splog spauser stat
adler32 cdrinit.sh crfp crstat dcscan filedel md5 pddecfg reroute spextract wsget
ca_test crcollect crget crstats delayscan fileget nstpack pdstresscr spad splogscan wslog
cacontrol crcontrol crrecover dbutil dr_createlist.sh fileput pdconf prdate spadb spoold
Thanks for your time in advance.
Technology-driven security was right at the heart of the recent INTERPOL World Congress – with cybersecurity and Symantec’s leading solutions a key focus.
A key message to come out of the event was that, with more than 60,000 incidents of malware software created daily to infiltrate security systems, global efforts must now enhance cybersecurity through robust partnerships between law enforcement and private sector Internet security companies, as well as coordinated regulations across countries.
Symantec, as one of the strategic partners to the Congress, revealed its own plans for countering such challenges, including new directions for Threat Protection, Information Protection and Cyber Security Services. Indeed, exposing and dealing with such threats is an essential part of Symantec’s latest Internet Security Threat Report 2015 (ISTR) report.
Symantec used this exclusive opportunity to showcase the strengths and unique capabilities that it can offer by sharing insights on the company’s unified security strategy and its importance to the future security landscape with customer, partners and industry analysts.
Meanwhile, at a time when more and more customers are using cloud-based services and leveraging emerging new platforms such as IoT, Symantec is undertaking a cross-company effort to gather a lot more telemetry from all of its products and turn those products into rich ‘security cameras’. Through organic development, acquisitions and deep partnerships, those ‘cameras’ will be installed in new customer environments: in the cloud, virtualised environments, IoT systems, etc.
Symantec will offer capabilities to help customers better protect their environments. First, it will create the industry’s first app ecosystem for security – a secure app store where customers can test and purchase 3rd-party apps to analyse their collected data in innovative ways to help keep them secure. Secondly, Symantec will build a secure social platform where customers can interact with their IT security colleagues in other companies, sharing information, policies, best practices and intelligence with their private industry peer group.
This is Symantec’s vision for “Unified Security” where we uncover real-world attack campaigns and help organizations protect their most critical assets.
Symantec’s Cyber Security Services was at the heart of many discussions throughout the week, covering topics such as:
The key is to take a risk-based approach. With the sheer volume and sophistication of today’s threats meaning you can’t protect the organisation from everything, it is up to the CISO to evaluate where the key assets lie, attach a value to these and calculate how much it would cost the business, if such assets were compromised. That’s the kind of language that the business can understand – whereas it’s the people and process side of information security, rather than the technology, that enterprises are often so fixated on.
Threats are becoming far more pernicious, particularly through advanced persistent threats, with attackers growing ever more sophisticated and determined. Symantec’s mission is to remain ahead of such attackers, so companies can robustly defend their information and respond accordingly to such threats.
Check out this blog by Paul Wood, Executive Editor of Symantec’s Internet Security Threat Report, for more insights on the findings from this year’s ISTR: The Threat Landscape Grows Ever Darker – Time To Fight Back!
Symantec Workspace Virtualization & Streaming 7.6 contains the following products:
The following table lists the documentation that is available about the products:
|Symantec™ Workspace Virtualization 7.6 and Symantec™ Workspace Streaming 7.6 Release Notes|
|Symantec™ Workspace Virtualization and Streaming 7.6 Guides in the cloud-based help system||
You can access the cloud-based help system from the Streaming Console as well.
To open the help system:
|Symantec™ Workspace Streaming 7.6 Administration Guide||
From SWS 7.5 release onwards the Workspace Streaming Admin Guide will no more have any Workspace Streaming installation topics. For the installation related topics, please refer to the Symantec Workspace Streaming Installation and Implementation Guide.
|Symantec™ Workspace Streaming 7.6 Installation and Implementation Guide|
|Symantec™ Workspace Streaming 7.6 Server Upgrade Quick Start Guide||HOWTO111010|
|Symantec™ Workspace Virtualization 7.6 User's Guide|
To find most Workspace Virtualization & Streaming 7.6 documentation on the Knowledge Base
To find content, you can either search or browse.
To search: Enter a search term in the search box and click the arrow button.
To browse: Click a documentation type heading (Documentation, How To, Best Practices, Known Issue, Release Notes, Troubleshooting) for a complete listing of content under this category.
Packages from Software Management Solution 7.x
Sometimes user wants to change location of packages on "Package Server" machine and don't want to use a C:\ system drive for package location.
By default "Package Server" downloads packages and stores them on C:\ drive, where "Symantec Management Agent" is installed, but you can change this default location and change it to another one, for example to use D:\ drive where all packages will be stored, although "Symantec Management Agent" will be installed on C:\ drive.
If you have large amount of packages then it will hard to manually set a custom location from SMP Console, therefore you can set it via SQL Query:
UPDATE [dbo].[SWDPackage] SET "Package Server Location"='D:\SoftwareManagementPackages' WHERE Name LIKE '%SWD Res%'
Packages from Patch Management Solution 7.x
On "Remediation" settings page, you can set custom location for Patch Management software updates
Backup software not only secures and protects your data, but it must also safeguard its own operating data. For Backup Exec, some sensitive data such as logon credentials, device passwords and data encryption keys are persisted in the Backup Exec Database. It is of the utmost importance that these are protected from unauthorized access.
The Backup Exec Database and the database backup file (.bak) are located in a folder under the Backup Exec installation directory which is well protected by operating system ACLs so that unauthorized access is prevented. The restriction on the folder is set such that only Administrators, Backup Operators and System have access to it. However, once the Backup Exec Database or the Database backup file moves off of the Backup Exec server, the access controls cease to exist, which makes that data vulnerable to attacks. It is important that the sensitive contents in the database remain secure even when the ACLs are not protecting it.
Backup Exec 15 has increased the level of security in protecting its database by using an enhanced encryption algorithm. Backup Exec 15 does this by encrypting only the sensitive contents of the Backup Exec Database using AES-256 encryption. This means that only a few selected tables of data are encrypted thereby minimizing any performance impacts to the overall operation of Backup Exec.
In order to overcome the liability of weakness in User supplied passphrases, Backup Exec 15 automatically generates a unique and strong database encryption key (DEK) for each Backup Exec server. The DEK is generated during the installation, so that no user intervention is required. When you upgrade to Backup Exec 15, any sensitive tables will automatically be enabled with encryption.
The encryption keys are located on the Backup Exec server and are well protected using operating system ACLs. Symantec recommends that the DEK is not collocated along with the Backup Exec Database when you perform backups. For this reason, Backup Exec automatically excludes DEK files from being backed up. Instead, Backup Exec 15 provides you with an option to export the DEK to an external storage location such as an USB or a network share. The key can be imported back into the system whenever the Backup Exec Database needs to be recovered from a failure or when migrating to a different Backup Exec server.
Symantec recommends that the DEK be refreshed frequently and secured in an offsite location which is in accordance with your organization's policies.
We hope this is useful information about the Backup Exec database security and welcome your feedback.
I jumped at the opportunity to write this blog – as my son’s name is Luke and therefore, “Luke, I am your father”.
Let’s remember that tense moment in Garbage Compactor 3263827: after narrowly escaping Death-By-Dianoga, imminent demise again confronts Leia, Luke, Chewbacca and Han as the garbage compactor starts doing what garbage compactors do best. The young rebels frantically call C3PO and R2D2 to shut down all the compactors on the detention level – and in those gripping minutes leading to their narrow escape, even the most hyperaware geeks all totally missed evidence that the Imperial IT/IS department made some pretty bad decisions about SSL certificates.
For two decades, SSL has been the guardian of encryption and validation on a very public internet, but also within enterprises – even evil enterprises like the Death Star. And while the chronology means that SSL couldn’t have been in use a long time ago, in a galaxy far, far away, luckily the timing is fiction while SSL best practice is fact.
This little lesson’s worth the effort. Come, let me get you some SSL context:
To save his colleagues in the compactor, R2D2 got access to a Death Star control system. The Death Star’s systems believed that R2D2 was a legitimate agent of the Empire, and allowed him access. Now, let’s presume that the data exchange which ensued between system access and compactor shutdown was over an encrypted channel (a classic implementation of encryption of data in motion in a server-to-server model). Encryption wouldn’t have prevented R2D2 from doing anything – since he already had access to the network.
Had the Death Star’s systems required a digital certificate – what we now call SSL or TLS – for validation, not just encryption, the result might have been very different for not just our rebel friends, but ultimately for the Rebel Alliance and the Empire too – and for millions of Star Wars fans, in any galaxy for that matter.
After all, losing track of Death Star plans isn’t Imperial IT’s only problem. They also failed to observe best practices for usage of specific certificate types within their space station, as encryption couldn’t have prevented R2D2’s access. Only the validation function of SSL could have resolved that.
Stick with me here. Use the Force. Trust your feelings. Let go.
Effectively, R2D2 was a man-in-the-middle. Er, droid-in-the-middle. But don’t let “MITM or DITM” distract. If the Death Star’s server-to-server authentication demanded domain-validated certificates, the clever R2D2 could have easily obtained one of those since he literally was a man-in-the-middle. (Think about all the various DV authentication methods – R2 could’ve faked any of them). And upon system access, R2 just presented his DV certificate upon connecting the Death Star network and – ta da, he’s avoided any Imperial entanglements. (As I’m writing this, I realize that the Empire would likely have obtained the very first ever TLD, presumably for .ge for galactic empire – making R2’s DV cert’s Common Name to be something like r2d2.deathstar.ge)
Now, if Death Star IT/IS had configured its systems to demand organization-validated (OV) or Extended Validation (EV) certificates for server-to-server communication, R2 would have either failed to connect (by having a DV cert) or failed OV/EV verification (since he couldn’t have proven that he’s a member of the Empire).
No OV/EV = no (suitable) cert presented = this isn’t the droid you’re looking for = dead rebels.
Moreover, Imperial IT/IS would’ve been even smarter if they’d have selected any of Symantec-branded SSL certificates, which only come in OV and EV flavors – as the Symantec SSL validation and issuance infrastructures have never been compromised – since clearly the Death Star has its own breach problems.
Moral of the story: demand Symantec OV or EV certificates, even for server-to-server usage. And may the Force be with you.
Check out what's trending in the community
Happy Star Wars Day - 12 posts on "begun the cloud war has"
Today is Silicon Valley Gives Day, a 24-hour giving bonanza created to benefit charities throughout Silicon Valley. Last year, over 600 local nonprofits benefited from the first-ever event, raising $8 million in the 24-hour period!
Symantec will be matching the first $10,000 in donations to Techbridge Girls given on svgives.razoo.com. Symantec employees can triple their impact to Techbridge by donating on Silicon Valley Gives and applying for Matching Grant funds. Techbridge supports after-school activities for girls inspiring them to discover their passions in science, technology, and engineering. Since its founding in 2000, over 4,000 girls have participated in the after-school and camp programs. Last year we raised over $20,000, and this year we want to beat that number! Symantec will also match the donations from Symantec employees to other qualified charities.
With over $3 million in matching grants sponsored by SVGives supporters, there are several other opportunities to double or triple donation dollars. The Skoll Foundation is matching the first $50,000 raised during the 9am and 5pm hours. On top of that, there are also chances to earn prize grants for the charities throughout the day that started at 12:01 am!
Join Symantec by donating to your favorite local organizations online at svgives.razoo.com.
Ashley Savageau is Symantec's Community Relations Program Manager.
The V3 OpenStack Identity API has been available for a few years now. Although other services such as Nova and Glance have yet to implement V3 support, usage of V3 is gaining interest in the industry. The Horizon Kilo code contains some support for managing V3 installations, but it lacks the support for domain scoped tokens required for most V3 operations.
Setting up retention categories and applying them to archiving with Enterprise Vault can be quite a contentious issue. But, if you put that aside a question which comes up from time to time is how to set the default retention category.
Well, this is actually well thought out and well laid out with Enterprise Vault. Provisioning Groups is where this sort of thing is configured. For each provisioning group you can determine things like the policies applied to mailboxes that fall in to that group. In addition you can also specify the default retention category, as shown here:
Do you set different retention categories per provisioning group? Let me know in the comments below.
After the upgrade from ServiceDesk 7.1 to new version ServiceDesk 7.5 some Workflows that were able to modify now are restricted any change in version ServiceDesk 7.5.
Following is the list of Workflows that are available for editing:
If you need to edit any other project not contained in this list please contact Symantec Support.
Protecting your company online begins with ensuring your employees are prepared to assist in keeping your computers and networks safe.
Information security is a process that moves through phases building and strengthening itself along the way. Security is a journey not a destination. Although the Information Security process has many strategies and activities, we can group them all into three distinct phases - prevention, detection, and response.
The ultimate goal of the information security process is to protect three unique attributes of information. They are:
Attacks compromise systems in a number of ways that affect one if not all of these attributes. An attack on confidentiality would be unauthorized disclosure of information. An attack on integrity would be the destruction or corruption of information and an attack on availability would be a disruption or denial of services.
Information security protects these attributes by:
An organization succeeds in protectingthese attributes by proper planning. Proper planning before an incident will greatly reduce the risks of an attack and greatly increase the capabilities of a timely and effective detection and response if an attack occurs.
The best security technology in the world can't help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.
A firm’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. The goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of your organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.
Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:
Another important area to address is the importance of password construction and security. Seems minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this ‘minor’ step that users take every day could make a significant difference in protecting your firm’s sensitive information.
Talk to Your Employees About
Information Security Awareness Program
A good Information Security Awareness Program highlights the importance of information security and introduces the Information Security Policies and Procedures in a simple yet effective way so that employees are able to understand the policies and are aware of the procedures.
Listed below are some of the methods used to communicate the importance of Information Security Policies and Procedures to the employees.
1. Information Classification, Handling and Disposal
All information must be labeled according to how sensitive it is and who is the target audience. Information must be labeled as “Secret”, “Confidential”, “Internal Use Only” or “Public”. Documents that are labeled “Secret” or “Confidential” must be locked away at the end of the workday. Electronic information (Secret or Confidential) should be encrypted or password protected. When the information is no longer required, documents should be shredded while files should be electronically shredded.
2. System Access
No sharing of UserID and password is allowed and staff are made aware of their responsibility on safeguarding their user account and password. Staff are also provided with some useful Password Tips on how to select a good password.
All computers must have anti virus software installed and it is the responsibility of all staff to scan their computer regularly. All software and incoming files should be scanned and staff are advised to scan new data files and software before they are opened or executed. Staff are educated on the importance of scanning and how a virus can crash a hard drive and bring down the office network.
Staff are advised that they are responsible for their own personal computer backup and they should backup at least once a week.
5. Software Licenses
Software piracy is against the law and staff are advised not to install any software without a proper license.
6. Internet Use
Staff are advised that Internet use is monitored. Staff should not visit inappropriate websites such as hacker sites, pornographic sites and gambling sites. No software or hacker tools should be downloaded as well.
7. Email Use
Staff should not use the email system for the following reasons
Staff are allowed to use the email for personal use but within reason.
8. Physical security of notebooks
All notebooks should be secured after business hours in a cabinet, in a docking station or with a cable lock.
9. Internal Network Protection
All workstations should have a password protected screen saver to prevent unauthorized access into the network. For those using, Windows 7, they should lock their workstation. To prevent staff from downloading screen savers from the Internet, you can restrict the screen savers to the default ones which come with Windows 7.
10. Release of Information to Third Parties
Confidential information should not be released to third parties unless there is a need to know and a Non Disclosure Agreement has been signed. It is the responsibility of all staff to safeguard the company’s information.
Training materials should also review corporate policies and clearly detail consequences for any suspicious or malicious behavior amongst employees. For your convenience, we’ve compiled a variety of information on various security policies, including:
Dos and Don’ts
A Dos and Don’ts checklist is given to all new staff upon joining company. As it may be sometime before they attend the actual security training, the checklist would be a good and easy way for them to learn about what they should and should not do. The information in the checklist is listed below.
Training Your Employees
Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online.
Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.
I would just like to say THANKS to Archiving and E-Discovery group. I work in a mid-size company and have to wear more that one hat. This group has been an invaluable resource to me. I can easily say it is the best user group I have ever been a member of. It has saved me many times. To everyone who has helped me and will help me in the future. MANY THANKS
When a new year rolls around, people gather together to celebrate and reflect on the highlights of the past year. Symantec’s 2015 fiscal year wrapped up in March and we’ve got our sleeves rolled up and ready to take on new opportunities! But let’s just take a brief pause to tour some of FY15’s media highlights:
Symantec launches cybersecurity program to bridge workforce gap : Last June, Symantec launched its signature Corporate Responsibility program – the Symantec Cyber Career Connection (SC3)– at the Clinton Global Initiative’s meeting in Denver. In April, fourteen young adults in and around New York City became the first graduating class.
Taking Skills-Based Volunteering Around the World: Last year, the Corporate Responsibility team launched the Symantec Service Corps, a month-long pro bono initiative designed to support Symantec’s commitment to making positive social impact, building cultural awareness, and developing leaders across all levels of the organization, all while helping to enhance Symantec’s brand and reputation.
Talking Diversity at Net Impact ’14: Symantec and TriplePundit teamed up at Net Impact 2014 to create a video series about diversity and inclusion. They asked thought leaders from a variety of sectors what diversity means to them and how it can help drive sustainable business growth.
Four Reasons Why Millennials Should Care About Safer Internet Day: By Symantec’s very own SC3 student and Symantec intern, Diana Shafer. She addresses the need for her digitally-connected peers to be aware of the increasing cybersecurity risks.
50 Companies That Crush Giving Back: Symantec was showcased as one of TheCivic 50 award winners. The Civic 50 measures how a corporation's policies, activities, and employees affect the civic and social fabric of a community.
Good News for Women in Tech: Half of Fortune 10 CIOs are Women: Female CIOs are on the rise - 17.5% of 17.4% of the Fortune 500 CIOs are women. Symantec was highlighted as one of the five top fifteen Silicon Valley companies with a female CIO, Sheila Jordan.
These are just a few of Symantec’s corporate responsibility highlights in the media this past year. We’re looking forward to many more exciting moments in FY16! Be sure to follow us on this blog, Corporate Responsibility in Action, for continued news on Symantec’s corporate responsibility.
Lora Phillips is Symantec's Senior Manager, Global Corporate Responsibility.