Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Comment tourner le BYOD à votre avantage ?

0
0

La consumérisation des technologies de l’information oblige les DSI à remettre à plat leurs stratégies de sécurité. Dans le cas d’une PME aux ressources limitées, ce nouvel impératif génère des pressions importantes. Or, dans un monde du travail en pleine mutation sous l’impulsion des médias sociaux et du BYOD (Bring Your Own Device), comment vous protéger contre la multiplication des menaces de sécurité : violations de données sur le réseau, fuites d'informations par négligence humaine, attaques par malware, pertes de matériels, etc. ?

Il n’y a pas si longtemps, la frontière entre vie professionnelle et vie privée était encore parfaitement définie. Aujourd’hui, c’est une tout autre histoire. Les barrières sont tombées, faisant de la sécurité un enjeu majeur. De fait, dans son rapport intitulé State of the Media: The Social Media Report, l’observatoire des médias sociaux Nielsen estime qu’une personne passe en moyenne 22,5 % de son temps en ligne.

Vous avez tous très certainement eu vent de l’énorme battage autour des terminaux mobiles et de la culture BYOD. En réalité, la plupart d’entre vous a déjà dû ou doit désormais faire face aux problématiques associées.

14075 Wildwest Q4-FR.jpg

Il faut bien avouer que le gros de ce buzz s’avère particulièrement pessimiste, multipliant les mises en garde contre l’exposition toujours plus grande des entreprises aux risques de vol de leurs données. On nous dépeint des cybercriminels tapis dans l’ombre, prêts à bondir sur leur proie dès lors qu’elle ose connecter son smartphone ou autre techno-gadget au réseau de son entreprise.

Résultat : la terminologie associée au BYOD est souvent fortement connotée et inquiétante. En réaction, certaines entreprises ont tout bonnement interdit tous ces types d'appareils. D’autres, au contraire, acceptent l’inévitable et s’ouvrent à cette nouvelle culture, en espérant la tourner à leur avantage.

D’ailleurs, les opposants au BYOD devraient peut-être y réfléchir à deux fois car cette tendance est faite pour durer, voire même s’imposer à terme, jusqu’à s’octroyer une place comparable à celle des PC au sein des entreprises.

Les origines de cette opposition au BYOD : les perturbations et inconvénients perçus, voire même une certaine crainte. Pire encore, aux yeux des opposants, le BYOD s’apparente parfois à une pratique sans foi ni loi. Chacun apporte son propre appareil mobile… et advienne que pourra ! Ils craignent une perte de contrôle qui compromettrait la sécurité réseau, quel que soit le nombre de shérifs désignés pour maintenir l’ordre.

Or, ces craintes ne sont pas sans fondements. Certaines entreprises sont effectivement mieux armées que d’autres pour lutter contre les pires excès du BYOD. Certains pays aussi. Selon un récent rapport d’Imation Mobile Security, 50 % des Allemands interrogés affirmaient toujours respecter les règles définies par leur entreprise quant à la pratique du BYOD. Au Royaume-Uni, ce chiffre descend à 36 % seulement. En réalité, 18 % des Britanniques interrogés admettaient même ne pas appliquer les directives dont ils avaient parfaitement connaissance. Je me demande à mon tour combien de mes lecteurs sont surpris (ou non) par ces statistiques…

Toutefois, cette étude ne met pas en cause uniquement les salariés. D’après Imation Mobile Security, dans la plupart des entreprises britanniques, les contrôles de sécurité ne sont pas obligatoires et 92 % des responsables informatiques n’exigent pas de leurs salariés qu’ils changent régulièrement leurs mots de passe sur leurs appareils à usage professionnel. Vous conviendrez donc que la marge de progression est encore large.

En conclusion, les entreprises ont un réel devoir d’évaluation des avantages qu’elles pourraient dégager du BYOD et, le cas échéant, d'implémentation des politiques et procédures communes à toute leur structure afin de réduire les risques de sécurité potentiels. En ce sens, le transfert d’informations professionnelles et confidentielles des ordinateurs de l’entreprise vers les appareils personnels des salariés constitue une préoccupation majeure. Par conséquent, bien que ce nouveau phénomène ait vocation à doper la productivité de vos collaborateurs, son adoption doit s'accompagner d’une gestion rigoureuse. Dès qu’un appareil se connecte à un système d’entreprise, il devrait être soumis aux mêmes mesures de sécurité que les autres. Bref, il est vital d'adopter une approche entièrement intégrée du BYOD.

Pour en savoir plus sur la sécurité des sites Web, téléchargez le rapport Symantec sur les menaces de sécurité des sites Web


VENTAJAS DEL USO DE DISPOSITIVOS PERSONALES EN LA OFICINA

0
0

Ante el fenómeno de la «consumización» de las TI, los profesionales informáticos se ven obligados a abordar la seguridad desde una nueva perspectiva. En las pymes, donde los recursos suelen ser más escasos, la presión cada vez es mayor. Con la omnipresencia de las redes sociales y la llegada de los dispositivos personales a la oficina, el entorno laboral está cambiando y no es fácil proteger la empresa frente a un número de amenazas para la seguridad que no deja de aumentar: robos de datos en la red, filtración de información por parte de los empleados, ataques con código dañino (malware), dispositivos extraviados, etc.

Hasta hace no mucho tiempo, todo era mucho más sencillo, pues la vida personal y la laboral estaban mucho más separadas. Ahora la situación ha cambiado radicalmente y la frontera entre ambos ámbitos se ha borrado. Se calcula que pasamos conectados a Internet el 22,5 % del tiempo (según el estudio State of the Media: The Social Media Report, elaborado por Nielsen, un organismo que analiza el uso de las redes sociales), lo que hace que sea complicado garantizar la seguridad.

14075 Wildwest Q4-ES.jpg

Probablemente haya oído hablar del auge de las tecnologías móviles y de la creciente tendencia a llevar dispositivos personales a la oficina. Es más, puede que en algún momento haya tenido que abordar cuestiones relacionadas con este asunto, o esté haciéndolo ahora mismo.

Resulta triste constatar lo negativos que suelen ser la mayoría de los comentarios sobre este tema: abundan las previsiones funestas, según las cuales las empresas estarán cada vez más indefensas y los ladrones de datos tendrán vía libre en cuanto alguien ose conectar a la red empresarial su smartphone u otro de sus artilugios preferidos.

Así, cuando se habla del uso de dispositivos personales en la oficina, se tiende a hacerlo de forma negativa, lo que fomenta el miedo y lleva a ciertas empresas a adoptar una postura prohibicionista. Otras, en cambio, aceptan que es una tendencia inevitable y tratan de aprovechar su lado positivo.

Los que han optado por la prohibición tal vez estén echando piedras sobre su propio tejado, pues el uso de dispositivos personales en la oficina no va a desaparecer y quizá incluso aumente, hasta que se convierta en algo tan habitual en las empresas como los propios ordenadores.

¿Por qué rechazan este fenómeno? En gran parte, porque les parece que causará todo tipo de trastornos, pero también porque les da miedo. Piensan que, en el peor de los casos, la oficina llegará a convertirse en un terreno sin ley: si los empleados llevan sus dispositivos, se desencadenará un infierno y, por muchas medidas que intenten tomar para evitar el caos, la situación se les irá de las manos y la seguridad de la red correrá peligro.

En parte son temores justificados, pues no todas las empresas son igual de eficaces a la hora de limitar los peores excesos relativos al uso de dispositivos personales en la oficina. También hay países más virtuosos que otros en este sentido. En un estudio reciente de Imation Mobile Security, la mitad de los encuestados alemanes aseguraron que siempre respetaban las normas de la empresa en este campo, mientras que en el Reino Unido el porcentaje se reducía al 36 %. Es más, el 18 % de los participantes del Reino Unido admitieron que, aunque conocían las directrices al respecto, no las obedecían. ¿Le sorprenden estas estadísticas o están dentro de lo que se esperaba?

En cualquier caso, los empleados no son los únicos culpables. El estudio mencionado revela que la mayoría de las empresas del Reino Unido no imponen controles de seguridad, y el 92 % de los responsables informáticos no obligan a los empleados a cambiar periódicamente las contraseñas de los dispositivos que usan en el trabajo. Desde luego, la situación deja bastante que desear.

Lo cierto es que las empresas tienen que decidir si les conviene que los empleados lleven sus dispositivos a la oficina y, en caso de que decidan permitirlo, tienen que implantar las normas y los procesos oportunos para reducir al mínimo los riesgos. Uno de los factores que más preocupación despierta es el hecho de que, cada vez con más frecuencia, la información confidencial relacionada con el trabajo se copia del ordenador de la oficina al dispositivo personal. Por lo tanto, si bien es cierto que esta tendencia puede contribuir a mejorar la productividad de los empleados, es algo que se debe gestionar con cuidado. En cuanto un dispositivo se conecta a un sistema empresarial, debe someterse a las mismas medidas de seguridad que protegen los equipos de la oficina. Es fundamental elaborar un plan y una serie de normas integradas que regulen el uso de dispositivos personales en el trabajo.

Para obtener más información sobre la seguridad en los sitios web, descargue el informe de seguridad web de Symantec.

Ist BYOD Fluch oder Segen?

0
0

Die Grenze zwischen privater und beruflicher Nutzung von Informationstechnik schwindet und die IT muss ihre Sicherheitsstrategie überdenken, will sie Herr der Lage bleiben. Vor allem mittelständische Unternehmen mit begrenzten Mitteln stehen hier vor keiner leichten Aufgabe. Soziale Medien und BYOD (Bring Your Own Device) verändern die Arbeitswelt von Grund auf und reißen immer neue Löcher in das Gefüge der Sicherheitsmaßnahmen. Wie können Sie sich vor Datenverlust durch Schwachstellen im Netzwerk, Informationsweitergabe durch Mitarbeiter, eingeschleuste Schadprogrammen und verloren gegangene Hardware schützen?

Noch vor nicht allzu langer Zeit waren Beruf und Privatleben strikt voneinander getrennt und alles schien einfacher zu sein. Doch diese Zeiten sind vorbei. Die Grenze ist gefallen: Rund 22,5 Prozent unserer Zeit verbringen wir mittlerweile im Internet (wie Social-Media-Beobachter Nielsen in State of the Media: The Social Media Report schreibt) und setzen die Sicherheit damit gewaltig unter Druck.

Der Mobilgeräteboom und die neue BYOD-Kultur sind Ihnen sicher nicht entgangen. Wahrscheinlich müssen Sie sich bereits mit ihren Folgen auseinandersetzen.

14075 Wildwest Q4-DE.jpg

Häufig wird dieser Boom leider in düsteren Farben dargestellt, begleitet von der unheilvollen Vorhersage, dass die Unternehmen den Datendieben immer schutzloser ausgeliefert sein werden – diesen modernen Straßenräubern, die im Dunkeln lauern und sich auf jeden stürzen, der sein Smartphone oder sonstiges technisches Spielzeug mit dem Firmennetzwerk zu verbinden wagt.

Kommt die Rede auf BYOD, wird der Ton unweigerlich emotional und fatalistisch. Manche Unternehmen haben diese gefährlichen Geräte komplett verboten. Andere haben die Entwicklung als unvermeidlich akzeptiert und versuchen, aus der Not eine Tugend zu machen.

Die erste Gruppe – die Totalverweigerer – bringt sich mit ihrer Haltung wahrscheinlich gewaltig in Schwierigkeiten. BYOD wird nicht einfach wieder verschwinden. Ganz im Gegenteil: Früher oder später wird es genau wie der PC allgegenwärtig sein.

Warum lehnen diese Unternehmen BYOD ab? Vor allem, weil es als störend und lästig empfunden wird. Und es weckt Ängste. Für die Neinsager schmeckt BYOD nach Wildem Westen: Ein paar Mitarbeiter bringen eigene Geräte mit und schon ist im Paradies der Teufel los. Gleichgültig, wie viele Sheriffs der brave Bürgermeister anheuert, das fremde Element entzieht sich jeder Kontrolle und untergräbt auf infame Weise die Netzwerksicherheit.

Ihre Ängste sind keineswegs unbegründet, da nicht alle Unternehmen gleich gut in der Lage sind, BYOD-Exzesse zu unterbinden. Was für Unternehmen gilt, gilt auch für Länder. Einem kürzlich von Imation Mobile Security veröffentlichten Bericht zufolge halten sich 50 Prozent der befragten Deutschen, aber nur 36 Prozent der befragten Briten an die BYOD-Regeln ihres Unternehmens. 18 Prozent der britischen Umfrageteilnehmer gaben sogar zu, dass sie die Richtlinien zwar kennen, aber ignorieren. Wie viele von Ihnen überraschen diese Zahlen wohl – oder eben nicht?

Allerdings liegt die Verantwortung nicht allein bei den Mitarbeitern. Der von Imation Mobile Security vorgelegte Bericht weist auch darauf hin, dass Sicherheitsprüfungen in den meisten britischen Unternehmen nicht verbindlich vorgeschrieben sind und 92 Prozent der IT-Manager nicht verlangen, dass die Mitarbeiter die Kennwörter ihrer Arbeitsgeräte regelmäßig ändern. Das ist natürlich nicht der klügste Umgang mit BYOD.

In der Praxis muss tatsächlich jedes Unternehmen sorgfältig prüfen, ob sich BYOD für sein Umfeld eignet, und dann, falls es sich für BYOD entscheidet, das Risiko durch unternehmensweite Richtlinien und Verfahren begrenzen. Eines der größten Probleme ist dabei die zunehmende Übertragung vertraulicher geschäftlicher Informationen vom Arbeitscomputer auf private Geräte. Deshalb sollte man sich nicht nur darüber freuen, dass die Mitarbeiterproduktivität dank BYOD gestiegen ist, sondern diese neue Kultur auch umsichtig steuern. Sobald ein Gerät mit einem Geschäftssystem verbunden wird, muss es den gleichen Sicherheitsmaßnahmen unterliegen wie alle firmeneigenen Geräte. Eine umfassende BYOD-Strategie und -Richtlinie ist unerlässlich.

Ausführliche Informationen über die Website-Sicherheit finden Sie im Symantec Website Security Threat Report.

Backup: When Having Less Means More

0
0

Many small and medium-sized businesses (SMBs) are facing a common growing pain. Lot and lots of data. The amount of data they are storing is increasing enormously, and it’s becoming more and more challenging to keep up with Service Level Agreements (SLAs) and compliance requirements. And yet now they are finding out that they should be backing up all their information in order to avoid outages in the event of a disaster.

The past several years have provided plenty of evidence of the need for disaster preparedness. And making backup more complicated is the issue of virtualization, which, according to a recent Symantec survey, is being utilized by 34 percent of SMBs today. Not only do SMBs have to back up their data on physical hardware platforms they have been using for years, now they have to add a virtual environment to the list of things to back up.

Many vendors are happy to provide a solution that handles virtual environments, but they often require a separate physical backup solution. To meet the backup needs of SMBs in the midst of all these technology changes, a new approach is needed. Simply expanding our storage beyond our ability to effectively maintain it isn’t going to help, it only avoids the problem. So, what can we do?

There is good news. Despite the challenges, virtualization can improve SMBs’ ability to respond to outages. In fact, in a recent survey, 71 percent of them reported that server virtualization actually improved their disaster recovery ability. In order to achieve effective backup capabilities while deploying virtualization alongside your existing physical servers, consider the following tips:

  • As you assess backup solutions, carefully consider the user interface. A simpler solution will save a significant amount of time in the long run, and better enable users to take full advantage of its features.
  • Adopt a solution that will allow you to manage both physical and virtual backups from a central control panel, eliminating the need for two processes. This will also reduce costs and speed up the recovery process.
  • One of the most important steps to take in an effective backup program for physical and virtual servers is to eliminate the infinite retention policies employed by many businesses. Data should be categorized: Do I need to be able to recover the most recent version? Do I need to recover the 5th most recent version? Do I want to free up space by moving data to long-term archive storage?
  •  Archiving is preferable for long-term (>90 days, up to 7 years or more) storage. Information that is not important to retain for daily business or eDiscovery purposes should be archived.
  • Find a vendor that can provide a single solution that will integrate both backup and recovery abilities regardless of the server type (physical or virtual). In addition, consider adding deduplication capabilities to the recovery solution.
  • Think about keeping your backups offsite or “in the cloud” to eliminate the need for the physical transfer of backup tapes.
  • The backup solution should also facilitate the recovery of individual files or directories, rather than requiring a full restoration in each instance.

While backup has been an afterthought in the past for SMBs, they can no longer afford to dismiss the notion of an outage. There’s never been a better time to take steps to ensure productivity in case disaster strikes. Adopting a single backup solution that works in both physical and virtual environments can keep information flowing smoothly and clear the road to productivity.

Through a Handset Darkly: Grasping the BYOD Security Paradigm Shift

0
0

* This article originally ran on StateScoop on March 19, 2013.

"The golden age never was the present age."

That's a quote from Benjamin Franklin, who was about as close to a State CIO as you could get back in 18th century Pennsylvania.

And while it may seem jarring to think that we've progressed in just a few short years from a "golden age" of simple-to-secure state-owned mobile IT to a turbulent new era of employee-owned mobile IT, it's a reasonable assessment.

In state government today, attempting to own, distribute, and manage all of the mobile devices connecting to your network is about as practical as catching lightning with a kite.

The more I think about it, the more I'm convinced that the best lens through which to look at this issue is a historical one; by studying where we've been, it's much easier to grasp where we're headed.

In the past, laptops, desktops, and more than a few Blackberrys were purchased by state governments, distributed to employees, but owned, managed, and controlled centrally—giving the state a high level of control over each endpoint's governance and the security of the information it held.
 
Today, state employees are purchasing these devices for themselves, using them recreationally at home, and then bringing them to work to conduct state business. Typically, states have reacted to this development in one of two ways:

First, there's a model that says: “You can purchase the device, but we're still going to manage it for you.” In many cases, this is done by mandating specifications that facilitate state monitoring and control. Then, once those specially configured employee-owned devices are connected to the network, they're treated essentially like the state-owned devices of the past.

This is a popular model, but it isn't a long-term solution.

On the other hand, there's a model—being driven by what we call the "consumerization of IT"—in which states will cede control of their employees' hardware altogether.

This can be appealing to states, because it relieves a certain amount of financial and managerial burden. But controlling the sensitive information on these employee-controlled devices is much more complicated.
 
Remember, employees will be keeping personal applications (holding highly personal information like private financial data) on their machines, which creates the potential for a dangerous co-mingling of personal and state information.

State governments shouldn't have access to this personal data, and conversely, a state's business service applications and data cannot (by law) be co-mingled with any personal tools or applications.

As a point of fact, our security standards haven't changed; states need the same level of protection they had back during mobile computing's “golden age.” And that means we're in need of a brand new security paradigm.
 
Today's device management must become much less about the device, and much more about the sensitive information and applications it contains.

Or, as Ben Franklin once wrote: "without continual growth and progress, such words as improvement, achievement and success hold no meaning."
 

 

フィッシング詐欺師に執拗に狙われるインドの Web サイト

0
0

寄稿: Ayub Khan

シマンテックは、危殆化したインドの Web サイトにホストされているフィッシングサイトについて継続的に監視を行っています。2011 年には、危殆化したサイトの詳しい調査を実施しましたが、2012 年もフィッシングサイトについて同様の調査を実施しました。

2012 年の 8 月から 11 月にかけて、全フィッシングサイトのうち 0.11% が、危殆化したインドの Web サイトをホストとして利用していました。フィッシング詐欺師は、フィッシングサイトをホストするために多くの分野でインド国内のサイトを狙い続けています。こうしたインドのサイトは多様なカテゴリに分類されますが、標的となった大部分のサイトは、IT 関連(14.40%)、教育関係(11.90%)、製品販売・サービス(9.80%)、工業および製造業(7.30%)、観光・旅行・運輸(5.80%)でした。政府系、電気通信、ISP などセキュリティの高い Web サイトの比率は低く、リストの下位に位置しています。このことから、脆弱な Web サイトほどフィッシングの標的になりやすいことは明らかです。
 

Indian websites 2 edit 2.png

図 1.フィッシング詐欺の侵入を受けたインドの Web サイトのカテゴリ
 

教育関係は、2011 年には標的となった Web サイトの最上位を占めていましたが、2012 年になると 2 位に下がっていることに注目してください。とはいえ、インド全土の各種学校や大学を含む教育関係は、依然としてフィッシング詐欺に好んで悪用されています。教育関係のカテゴリが上位を占めたのは、ラージャスターン、アーンドラプラデーシュ、デリー、マハーラーシュトラ、パンジャーブの各州でした。都市別で上位を占めたのは、ジャイプル、ハイデラバード、デリー、チャンディガル、バンガロールでした。

インターネットを利用する場合は、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

  • 電子メールメッセージの中の疑わしいリンクはクリックしない。
  • 電子メールに返信するときに個人情報を記述しない。
  • ポップアップページやポップアップ画面に個人情報を入力しない。
  • 個人情報や口座情報を入力する際には、鍵マーク、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
  • ノートン インターネットセキュリティなど、オンラインフィッシングを防止するセキュリティソフトウェアを頻繁に更新する。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Awareness, Education, and Training

0
0

Thanks to regulatory requirements most everyone in the corporate world in the US is required to have official annual information security awareness/education/training. This isn't a bad thing per se, but I doubt few of us go beyond a stack of presentation slides with 10 multiple choice questions at the end. The compliance box gets checked, sure, but is anyone more knowledgeable about security? Has any risk been reduced?

There are many ways to impart knowledge or skill. Let's break things down at a very high level and all get on the same page. Awareness, education, and training are not interchangable terms so let me be clear on what I mean.

  • Awareness covers exposure to information, and not much else. Newsletters, posters, email blasts all fall under awareness. Note there's no requirement that the target of the awareness shows that anything has changed.
  • Education requires study and testing. Whether from a stack of slides, a website, a video, or a book knowledge is not only absorbed but you show that it sticks by taking a test.
  • Training requires hands-on. Actually doing the thing you're learning about on-the-job or in a lab.

As you can tell, awareness is cheap and can reach a broad audience, while education requires more infrastructure and accountability, and training requiring the most resources and hardest to touch the most people.

I've run awareness and education campaigns over the course of my career. I've stood up in from of 1,400 managers and above and lectured for an hour on the dangers of computer hygiene and the responsbilities of all employees for security. I've built decks and decks of slides to cover all the angles of security for my companies and devised tests that may have actually required critical thinking and understanding of the subject. It checked the checkbox but I doubt it reduced the overall security risk of my employer.

Honestly it's not the primary job of the entire organization to be security experts. That's our job. And the only way we can get through to them is by making the materials relevant to their job. I doubt there are many security programs that have the resources to customize across the entire organization so we must fall back on our primary tool of risk management. Find the high risk populations and deploy appropriate controls.

Shouldn't your Domain Admins know a little more about security than your regular employees? Shouldn't your HR recruiters be better at understanding phishing attacks since they open email attachments from unknown senders all day? Shouldn't the security team recieve the appropriate training to protect the computing environment?

Just as attacks are targeted so must be our education and training. I've done more for reducing risk by having a ten minute phone converstation with a comptroller after a DLP alert than the hour I spent in front of those managers.

Cyber Readiness Challenge - Paris - Les 5 phases d'une attaque

0
0

 

Les attaques sont de plus en plus nombreuses et ciblées. Pour bien se défendre, il faut d’abord comprendre les techniques utilisées par les attaquants. Les attaquants utilisent bien souvent des schémas répétitifs pour mener leurs actions contre leurs différentes cibles.

 

Aujourd’hui, nous retrouvons 5 étapes communes à la plupart de ces attaques.

 

Les 5 phases d’une attaque.

·      La reconnaissance

·      L’intrusion

·      La découverte

·      La capture

·      L’exfiltration

 

Dans les articles suivants, nous allons décrire certains des concepts utilisés par les attaquants dans chacune de ces phases, et finalement, les moyens à utiliser pour essayer de prévenir ces attaques.


Connect Dev Notes: 22 Mar 2013

0
0

User Facing: Desktop

  • Added more robust image upload tool that allows you to:
    • Upload images to a personal directory on the server.
    • Browse your uploaded images.
    • Resize your uploaded images.
    • Generate thumbnails (small versions) of your images.
    • Delete your uploaded images.
  • Added code that displays the Badgeville badges a user earns through Symantec partner activities.
  • Added a popup that displays when you mouse over a username. The popup displays details about the user and allows you to easily subscribe to receive email notifications when the target user posts.
  • Fixed an issue with our iCal export that was exporting the incorrect event time to our members in Arizona.
  • Fixed an issue with some videos not playing in the Connect help section of the site.
  • Fixed a regression in the new user sign up form. Users should not be required to specify what community they visit most before they've visited a Connect community.
  • Fixed a code regression that was keeping users from receiving reward points when their solution was marked as such.
  • Implemented an audit tool that awarded points that were not awarded by the regression mentioned in the previous bullet point.

Admin Facing

  • Added a tool that Community Managers can use to resolve issues with posts that are tagged for more than one forum.
  • Added the ability for privileged users to see who marked a solution.
  • Extended our "delete all posts submitted by this spammer" script to clean up the rewards transactions that were logged by the rewards system as the spammer submitted (and the admins deleted) nefarious posts.

Your chance to be famous

0
0

Happy Friday Morning! It's coming up to 9.00 am here in California and so far it's turning out to be a beautiful day. The sky is blue, the sun is out in full force and the landscape around me is simply stunning. 

One of the projects I am working on today is the creation of a Backup Exec show real and I wanted to give everyone the opportunity to be featured in this video is some shape or form.

I am looking for statements and fun facts about Backup Exec in regards to what makes it special and standout against the competition. If you have an exhilarating, exciting, astonishing or incredible (you get the idea!) fact or story and would like to provide a quote, please get in touch with me.

The top 3 responses as judged by my Product Marketing Director (Drew Meyer) will be featured in this video. To make you feel comfortable, I also wanted to let you know that we would never use your name, title or company name without your explicit approval.

So what are you waiting for? Email me today (kate_lewis@symantec.com) and tell me how Backup Exec saved your butt, recovered data in lightning speed time or protects your entire environment completely etc etc.

Everyone that responds will go into a random draw to win $100 Amazon gift voucher.

All responses must be received by 29th March 2013. Draw will take place at 9.00am on the 1st April 2013.

Have a great day,

Kate

How to Create a Report for the Results of a Filter, in Order to Save as CSV

0
0

I was wanting to save the results of a filter to an Excel file today, and I found that the filter did not have a "Save As" button. I found an article here that explained it, but I modified the report slightly to fit my needs. I was looking for way to get the list of computers in my Patch Test Group Filter. I used this SQL query to create a report to then save as a .csv:

 

SELECT Distinct 

r.Guid AS '_ItemGuid', 

r.Name AS 'Resource', 

r.[User], 

r.[System Type], 

r.[OS Name], 

vItem.Name AS FilterName

FROM 

vItem INNER JOIN

CollectionMembership INNER JOIN

vComputerEx AS r ON CollectionMembership.ResourceGuid = r.Guid ON 

vItem.Guid = CollectionMembership.CollectionGuid LEFT OUTER JOIN

Inv_AeX_AC_Identification ON r.Guid = Inv_AeX_AC_Identification._ResourceGuid

WHERE

CollectionMembership.CollectionGuid = 'd0fae853-3129-490f-86fd-e8a8bc0162f2'

ORDER BY r.Name ASC

All you need to change on this report os the Guid for your required Filter (in the SQL its called a collection still...). You can get the guid of your Filter by right clicking on your desired Filter, and click on "Properties". This will give you the guid to put in this SQL query.

 

Symantec Endpoint Protection 12.1 “This software requires the Mac OS X BSD package.”

0
0

Here is a work around (below) for this issue.  I tried the above method must the Info.plist file want not in the format shown) -

1.  Log into your Mac as an account with administrator rights

2.  Open TextEdit - Go > Applications > TextEdit

3.  Type a letter into the blank document

4.  File > Save As... > save the docuemnt as "BSD" (without quotes), leave the default file format with is "Rich Text Format" and save it somewhere you can easly get to e.g. your desktop

NOTE: You have now created a "BSD.rtf" file.  You will need to change the file extension to .pkg and move this file to the location the symantec installer is searching for, which is /Library/Receipts

5.  Next, locate the file you created, select the file, then press the cmd + i keys (cmd key is also know as the apple key) this will give you the information about the file

6. Expand the Name & Extension section (if not already extended) and change the file name from "BSD.rtf" to "BSD.pkg" (both are without quotes). Press Enter (or Return) and you will be asked to confirm which file extension you would like select " - Use .pkg".

7. Go > Computer > navigate to /Library/Receipts

8. Copy the "BSD.pkg" file here.

9. Run the Symantec Endpoint Protection 12.1 installer (you will need to logoff at the end of the installation)

10. After logging back on go to - Go > Computer > navigate to /Library/Receipts and delete the file you created - "BSD.pkg"

 

New Tidserv Variant Downloads 50 MB Chromium Embedded Framework

0
0

Tidserv (a.k.a. TDL) is a complex threat that employs rootkit functionality in an attempt to evade detection. The malware continues to be on the Symantec radar since its discovery back in 2008. The latest variant of Tidserv being distributed in the wild has began to employ the legitimate Chromium Embedded Framework (CEF). While this may not be the first time a malware has made use of a legitimate framework for nefarious purposes, this new Tidserv variant requires the download of the 50 MB framework to function correctly, which is an unusual thing for a threat to do.

The Backdoor.Tidserv variant uses a modular framework that allows it to download new modules and inject them into clean processes. Previous variants of Tidserv had used a serf332 module to perform network operations, such as link clicking and ad popups. It does this using COM (Component Object Model) objects to open Web pages and inspect page content. In the last week we have observed Tidserv downloading a new module called cef32. This new cef32 module has been found to have the same functionality as serf332 but requires cef.dll which is part of the CEF. Unusually, this requires a download of the full 50 MB CEF to the compromised system.

There has been a considerable increase in the download of the CEF over the last 18 days. While we cannot be certain as to how many of these downloads may relate to Tidserv infection activities, if these downloads are a result of the malware the number of computers compromised with Tidserv would be sizeable.
 

new tidserv 1.jpeg

Figure 1. Chromium Embedded Framework downloads, last 18 days
 

The CEF provides a Web browser control based on the Google Chromium project. This allows developers to build applications that include Web browser windows. The CEF libraries perform all of the functionality required to run the browser, such as parsing HTML or parsing and executing JavaScript.
 

new tidserv 2.png

Figure 2. Tidserv JavaScript passed to Chromium Embedded Framework library
 

Using the CEF allows Tidserv to move a lot of the basic Web browser functionality out of its own modules and into the CEF library. This allows for smaller modules that are easier to update with new functionality. The downside of Tidserv using CEF is that the cef32 module needs the CEF cef.dll Dynamic Link Library in order to load. The URL to the CEF zip file for download is currently hardcoded in the serf332 binary, so any change to this URL will require an update to the serf332 module.

The Chromium Embedded Framework (CEF) and its authors do not condone or promote the use of the CEF framework for illegal or illicit purposes. They will take all actions reasonably within their power to frustrate this use case. For that reason the binary that was being used by the malware product from the Google Code project page has been deleted. Other means of providing free binaries to users that protect, as much as possible, against this or similar abuses will be explored.

Symantec is continuing to track the evolution of threats such as Tidserv. Symantec recommends that you use the latest STAR Malware Protection Technologies to ensure the best possible protections are in place.

Learn to "Cut the Clutter" @ Vision 2013 in Las Vegas

0
0

 

It’s no secret that email and file data continue to grow exponentially.   At the same time new regulations such as Dodd-Frank and FINRA 10-06 & 11-39 require even more content to be captured and controlled including social media, IM, and even voice communications – adding to the storage burden.  

 

Next Month at Vision Las Vegas 2013 we offer practical advice on managing storage costs and limiting exposure.   This session will include clear guidance the impact of new regulations and an overview of how to best capture social media and ease the review experience.  Learn how to limit exposure and manage storage costs by implementing a defensible deletion strategy for both active and archived content.

 

Be sure to attend session #IA B25 entitled “Cut the clutter – What you have, what you need and what you can safely get rid” on Wed, April 17, at 11:00 AM featuring myself and Phil Favro.

Different Wipers Identified in South Korean Cyber Attack

0
0

Our analysis of Trojan.Jokra, the threat which recently caused major outages within the Korean Broadcasting and Banking sectors, has produced another wiper.

Security researchers the past few days have been discussing the wiper component found in this Trojan, specifically different wiper versions and the timings involved. We have seen the following strings used in four different variants:

  • PRINCIPES
  • HASTATI
  • PR!NCPES
  • HASTATI and PR!NCPES in combination
  • PRINCPES

Three wipers are packaged as a position-independent executable (PIE) and a fourth as a dynamic-link library (DLL) injection. There are also some differences in regard to the timing.
 

table1.jpg

Table. Trojan.Jokra wipers
 

Two of the wipers were instructed to immediately wipe upon execution. Another was instructed to wipe specifically at 2 PM on March 20, 2013. We have recently come across another sample (530c95eccdbd1416bf2655412e3dddb) that wipes at 3 PM on March 20, independent of year.
 

image1.jpg

Figure. Trojan.Jokra wiper countdown
 

To ensure that your machine is protected from Trojan.Jokra and other threats, please ensure that your computer has the latest patches installed and that you have the most up-to-date antivirus definitions installed.


Unable to Archive Public Folder Tree with Enterprise Vault

0
0

 

Some people might say that it's a minor annoyance, but inconsistencies really bug me.  What am I talking about?  I'm talking about being able to archive a whole folder with the Enterprise Vault Outlook Add-in.  Specifically a whole public folder.

 

A few revisions ago when the Enterprise Vault Outlook Add-in was extended to support all functionality in the HTTP client, so that all-the-expected-functionality was available for Outlook 2010 and higher, we got back the ability to store a whole folder in an archive:

 

Screen Shot 2013-03-15 at 17.34.02.png

But, as I found out the other day, you can't do this on a folder inside the Public Folder hierarchy:

Screen Shot 2013-03-15 at 17.34.14.png

 

Of course I can see some of the arguments around why this might be a bad idea ...  for example there might be millions of items underneath a public folder tree structure, and that certainly would be a good way to have Enterprise Vault archive them all.  But it just screams inconsistency to me.  The point about it might cause an issue with a large number of items applies equally to regular mailboxes.  I've seen many instances of problems when >1000 items are selected for archiving, so if the reason for not archiving a whole public folder is because of the number of items, then the same should hold true of archiving items in a mailbox, but it doesn't.

Maybe in the future this inconsistency will be addressed, but in the meantime like the pop-up message says, the only way forward is to manually select individual items and archive them, or of course you can use the archiving task, but then that's not end-user driven.

MS12-060 Compliance Result Dropping Abruptly Since the Latest PMImport

0
0

I have a customer that is following the compliance status of their computer for MS12-060 in details (as this vulnerability as a high priority in their environment) and yesterday they got back to find out that the compliance status had dropped by about 50% over the week-end.

Looking into the Applicable and Installed update tables they could see that the KB2687441 was on both, so the update was installed and the computer compliant, so why would it show up as not compliant on their report?

We had a remote session this morning and found out the following element:

  • MS12-060 updates were effectively compliant
  • comctl.ocx update applicable were now from:
    • KB2687441 (MS12-060)
    • KB2598041 (MS12-027, superseded by MS12-060)
    • KB2687493 (not associated with any bulletin from the Microsoft site)
  • KB2687493 was not on the installed table
  • KB2687493 was not in the MS12-060 bulletin from Microsoft
  • KB2687493 was associated with MS12-060 in Patch Management
  • KB2687493 was associated with MSWU-732
  • MSWU-732 had no Software Update Policy enabled
  • MS12-060 policy did not contain any update for KB2687493
  • The Patch Assessment Scan does not check this vulnerability and as such cannot report if it is installed or not (by KB).

So, it looks like KB2687493 is incorrectly associated with MS12-060 causing the compliance status to go right out of line.

As a temporary solution we delete the ResourceAssociation that linked KB2687493 to MS12-060. This allowed the customer to run their report and find that the compliance was still on the up (close to 95% now)!

NetBackup Snapshot Client Method

0
0

 

  •  

    In the Computer and Storage World a snapshot is the state of a system at a particular point in time. More in detail, a snapshot is a point-in-time, read-only, disk-based copy of a client volume (see Blog Link). 

    In the backup world, after the snapshot is created, NetBackup backs up data from the snapshot, not directly from the client’s primary or original volume. Users and client operations can access the primary data without interruption while data on the snapshot volume is being backed up. The contents of the snapshot volume are cataloged as if the backup was produced directly from the primary volume. After the backup is complete, the snapshot-based backup image on storage media is indistinguishable from a backup image produced by a traditional, non-snapshot backup. 

    NetBackup Snapshot Client Tecnology providing high performance, low impact protection features and: 

    • Enabled through NetBackup Snapshot Client allows customers to use either host or array-based snapshots methods
    • Access a variety of hardware and software snapshot-based technologies via a single client
    • Combine with Application & Database Pack to enable off-host application backups 

 

 

  • What are the snapshots type that NetBackup Snapshot Client can provide to the customer? NetBackup provides a variety of snapshot-based features and can create different types of snapshots. Each snapshot type that you configure in NetBackup is called a snapshot method. Snapshot methods enable NetBackup to create snapshots within the storage stack (such as the file system, volume manager, or disk array) where the data resides. If the data resides in a logical volume, NetBackup can use a volume snapshot method to create the snapshot. If the data resides in a file system, NetBackup can use a file system method, depending on the client OS and the file system type.

    Clone, split-mirror, and copy-on-write are common term that we used ever day to refer to snapshot technology. If we wnat to generate a snapshot we could use more than one method; if the client data is in a VxFS file system over a VxVM volume, NetBackup could create the snapshot with a file system method, or alternatively NetBackup could use a volume manager method to create the snapshot of the same data, such as VxVM or FlashSnap (FlashSnap combines the speed of raw-partition backups with the ability to restore individual files).

    It is clear that we have more methods to generate a snapshot,  but we must also take in mind that these method relies on the snapshot technology that is built into the storage subsystem where the data is stored. To laverage this technology build into the Storage subsystem we need of libraries that enable the cominucation between Netbackup and the Subsystem; Netbackup provides this Libraries, called snapshot providers and a document called NetBackup (tm) 7 Snapshot Client Compatibility that lists all the supported third-party devices.

    Considering the high volume of storage vendor and storage subsystems on the market, we can consult  a document contains information for Symantec NetBackup 7.x. (NetBackup Server, Client, and Snapshot Client) . Each major section (that is, Arrays, Agents, OSes, VSS providers) represents the same data, but sorted differently. These sections can be accessed by expanding the bookmarks on the left.

  • Through the Netbackup console, on the NetBackup policy tab, you specify the method you want to use. When the policy runs, the snapshot method calls the snapshot provider library. The Library then accesses the underlying commands in the storage subsystem to create the snapshot.
  •  
  • A complete guide about the NetBackup Snapshot Cliemnt facilities can be found in the Yellow Book, at the following address with other book that provide technical know-how about Symantec technology [2].
  •  
  • [1] NetBackup Enterprise Server Guide
  •  
  • http://www.symantec.com/business/support/index?page=content&key=15143&channel=DOCUMENTATION&sort=recent
  •  
  • [2] NetBackup Enterprise Server Compatibility List
  •  
  • http://www.symantec.com/business/support/index?page=content&key=15143&channel=TECHNICAL_SOLUTION&basecat=COMPATIBILITY_LIST&sort=recent 
  •  

 

 

 

Where to check the EOL or any Release Details for a Symantec Product/Solution

0
0

Product or Solution release details includes the following:

  • Version
  • Release Type
  • Release Date
  • End of Life
  • End of Limited Support
  • Last date for patch releases
  • End of Support Life
  • Last date to contact support

To get that information follow the steps below:

  1. Go to Supported Products A-Z  page.
  2. Select the product from the list
  3. On the right side box named “Product Support” select “Release Details”
  4. The information for selected product will be loaded on the main page.
  5. Use the dropdown menu to select the correct version of the product you are looking for.
  6. Example: see direct link toInventory Solution Release Details.

 

Storage Optimization - Part IV - Tiering - SmartTier

0
0

As in my series of blogs around Storage Optimization there is a commonality about the recognition of the
"data explosion" conundrum, and how this is a placing an extra burden on an already stretched IT storage team.

I've covered off how Symantec’s Thin Provisioning, Compression and Dedupe technologies can assist
with the ever expanding storage paradigm, now it’s time to change tack.
Today’s post targets getting the best value from storage, and in particular, using the appropriate tier of storage
and specifically Symantec’s SmartTier.

So what Symantec S/W are we talking about? - as ever, Storage Foundation.
SmartTier can offer better data placement on the correct tier of storage and reduce the cost of storage ownership.

What is Tiering ?
Simply put, tiering is selecting the correct tier of Storage for data to reside on, by aligning the data
classification with the appropriate storage requirements.

Is all data equal ? of course, the answer is NO
Data is classified in many different ways, as we can see in the examples below :
Is it current ?
Does it need to be accessed frequently ?
Is it mission critical ?
Does it require High performance Storage?
What are the file extensions - .dbf, .jpg, .txt, .wav ?

If we are able to identify and answer the classification questions then we can match the data with the
tiers of storage, i.e. Tier0 SSDS' | Tier 1 - Premium SAN HDD's | Tier 2 - NAS | Tier 3 - Jbod
The definitions are not important as classifications, but serve as an example, as data importance is specific
to individual companies.

As data evolves and structures change we must bear in mind data classification isn't persistent,
i.e. what's mission critical today, may not be tomorrow. For example, a mobile phone companies billing information
for the current month is very important, however this may not be so for the next month, and thus this makes it a
target for dynamic tiering to re-evaluate classification.

Equally H/W arrays have there own tiering mechanisms. H/W tiering works on IOTemperature, which requires data
that's accessed frequently to be promoted to a higher tier. By the time data is hot, the job may have completed.
H/W Arrays are unable to identify file type classifications, where as Symantec's File System is required for that
function (VXFS) enabling extension based migration.

SmarTier can be used proactively - if you can identify target data then you can proactively move it to the correct
tier prior to the start of a job, and convexley move it at the end of a job.

In summary therefore, Symantec’s tiering differentiators include :
The ability to proactively move data prior to job commencement.
Tiering on many different parameters.
Migration between different array types.
A consistent tiering function across disparate arrays.
Definition of data by extension type, .dbf .redo. .wav
Defining specific data types never to migrate between tiers.

As is the common mantra, Symantec’s values are such that we have no H/W agenda and we realise no benefit from selling more tin, we genuinely want customers to achieve storage optimization benefits.
Therefore if you are looking to use your storage more effectively and gain benefits from adopting tiering,
contact your Sales rep now !

Viewing all 5094 articles
Browse latest View live




Latest Images