Deploying an enterprise-class e-mail-archiving product, such as Enterprise Vault, may pose some technical challenges, but having such a system in place also could result in far costly organizational, political and legal challenges.
Although enterprise e-mail managers have always had the ability to snoop on other people’s messages, a tool such as Symantec’s Enterprise Vault (EV) take this capability to a whole new level. EV offers the capability to search deep into messages across every user in the enterprise.
Article Source : www.networkworld.com
Monday, September 3, 2007
Symantec unifies sales strategies under enterprise role By Rob Irwin, Computerworld
Symantec has installed its former director of strategic accounts, David Dzienciol, to the new role of director of enterprise partnerships. The appointment completes a five-month search to replace former channels boss, David Blackman, who left to join VMware in January.
Symantec Pacific Vice President David Sykes said Dzienciol's new role covered Blackman's old areas of responsibility as well as internal sales.
"When David left us, we took the chance to completely revise our structure," he said. "David [Dzienciol] will look after both external partnerships - such as distribution relations - in addition to inside sales and sales specialist teams."
Sykes said bringing internal and external partner relationships together might sound odd at first, but made for a more unified structure where one executive could see into both sides of the equation. The change had been some time coming, he said.
"It's been two years since we merged with Veritas and we've spent it getting our house in order and our structure right," he said. "We wanted to bring together various components relating to partnerships under one single leader. David is the kind of leader we need who understands the business and has the personal characteristics to do that."
Prior to managing strategic accounts, Dzienciol worked at Veritas as an Asia-Pacific reseller account manager. In this role, he established a team to secure business with key outsourcers including EDS, CSC and IBM.
For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
Article Source : www.networkworld.com
Symantec Pacific Vice President David Sykes said Dzienciol's new role covered Blackman's old areas of responsibility as well as internal sales.
"When David left us, we took the chance to completely revise our structure," he said. "David [Dzienciol] will look after both external partnerships - such as distribution relations - in addition to inside sales and sales specialist teams."
Sykes said bringing internal and external partner relationships together might sound odd at first, but made for a more unified structure where one executive could see into both sides of the equation. The change had been some time coming, he said.
"It's been two years since we merged with Veritas and we've spent it getting our house in order and our structure right," he said. "We wanted to bring together various components relating to partnerships under one single leader. David is the kind of leader we need who understands the business and has the personal characteristics to do that."
Prior to managing strategic accounts, Dzienciol worked at Veritas as an Asia-Pacific reseller account manager. In this role, he established a team to secure business with key outsourcers including EDS, CSC and IBM.
For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
Article Source : www.networkworld.com
Symantec enhances backup software By Deni Connor, Network World
Symantec has added disk-backup capability to its NetBackup software.
The company announced a new version of its data-protection software on Tuesday that focuses on disk rather than tape backup.
The company’s Veritas NetBackup 6.5 now includes virtual tape library capability, continuous data protection, disk-based backup, data deduplication, snapshot backup and replication capabilities.
NetBackup integrates Symantec’s PureDisk Deduplication Option, a technology that ensures that redundant backup information is stored only once across the backup environment. In addition, a new Flexible Disk Option allows backup administrators to perform high-speed SAN backup to a disk pool shared by the entire backup environment, thus speeding performance and increasing use.
For customers deploying virtual tape libraries (VTL), NetBackup 6.5 now includes a Virtual Tape Option that copies data directly from the VTL to tape. The company has added the OpenStorage Option, which allows VTL appliances to integrate natively with NetBackup.
Further, NetBackup 6.5 can now back up virtual machines created with VMware. This support allows for the consolidated backup of virtual machines, granular file-level and image-level recovery from a single backup image and deduplication for VMware backups. NetBackup makes use of the VMware Consolidated Backup to guarantee consistency of data and remove the backup burden from the primary VMware server.
For Microsoft SharePoint environments, NetBackup 6.5 allows database and document-level recovery from the same backup, eliminating the need for multiple backups of the same system. For Microsoft Exchange environments, NetBackup provides an instant recovery that lets systems administrators recover from a disk-based snapshot.
Finally, Symantec has introduced new capacity-based pricing for NetBackup. Customers can now either be charged by the amount of data be protected or by the number of servers being backed up.
The software is expected to be available in the third quarter.
Article Source : www.networkworld.com
The company announced a new version of its data-protection software on Tuesday that focuses on disk rather than tape backup.
The company’s Veritas NetBackup 6.5 now includes virtual tape library capability, continuous data protection, disk-based backup, data deduplication, snapshot backup and replication capabilities.
NetBackup integrates Symantec’s PureDisk Deduplication Option, a technology that ensures that redundant backup information is stored only once across the backup environment. In addition, a new Flexible Disk Option allows backup administrators to perform high-speed SAN backup to a disk pool shared by the entire backup environment, thus speeding performance and increasing use.
For customers deploying virtual tape libraries (VTL), NetBackup 6.5 now includes a Virtual Tape Option that copies data directly from the VTL to tape. The company has added the OpenStorage Option, which allows VTL appliances to integrate natively with NetBackup.
Further, NetBackup 6.5 can now back up virtual machines created with VMware. This support allows for the consolidated backup of virtual machines, granular file-level and image-level recovery from a single backup image and deduplication for VMware backups. NetBackup makes use of the VMware Consolidated Backup to guarantee consistency of data and remove the backup burden from the primary VMware server.
For Microsoft SharePoint environments, NetBackup 6.5 allows database and document-level recovery from the same backup, eliminating the need for multiple backups of the same system. For Microsoft Exchange environments, NetBackup provides an instant recovery that lets systems administrators recover from a disk-based snapshot.
Finally, Symantec has introduced new capacity-based pricing for NetBackup. Customers can now either be charged by the amount of data be protected or by the number of servers being backed up.
The software is expected to be available in the third quarter.
Article Source : www.networkworld.com
Symantec 'Project Nextgen' to merge compliance tools By Robert McMillan, IDG News Service
Symantec plans to integrate two of its compliance assessment products to make it easier for IT administrators to manage the software, a company executive said Thursday.
Engineers at the company are working on integrating Symantec's Enterprise Security Manager and Control Compliance Suite, said Tom Kendra, president of Symantec's Security and Data Management group, speaking on a Webcast of the company's annual financial analyst conference Thursday.
The project, code-named "Nextgen," is expected to ship in 2008, or possibly even as soon as the end of the year, Kendra said.
Symantec did not disclose many other details about Nextgen. "The real key with Nextgen is it will be combining agent and agentless technologies," according to a company spokesman.
These compliance products are used to identify systems on the network that are misconfigured or that do not have the latest security patches. Control Compliance Suite can perform scans of the network without requiring the installation of "agent" software on the devices being scanned.
Article Source : www.networkworld.com
Engineers at the company are working on integrating Symantec's Enterprise Security Manager and Control Compliance Suite, said Tom Kendra, president of Symantec's Security and Data Management group, speaking on a Webcast of the company's annual financial analyst conference Thursday.
The project, code-named "Nextgen," is expected to ship in 2008, or possibly even as soon as the end of the year, Kendra said.
Symantec did not disclose many other details about Nextgen. "The real key with Nextgen is it will be combining agent and agentless technologies," according to a company spokesman.
These compliance products are used to identify systems on the network that are misconfigured or that do not have the latest security patches. Control Compliance Suite can perform scans of the network without requiring the installation of "agent" software on the devices being scanned.
Article Source : www.networkworld.com
Symantec outgrows underground nuclear bunker By Jeremy Kirk, IDG News Service
Symantec has emerged from its bunker in the British countryside, moving its malware-fighting operations from a former U.K. military nuclear shelter to a more conventional office in Reading.
The nuclear bunker, with concrete walls and an obscure entrance on a hillside near Twyford, England, was used for one of the company's Special Operations Center (SOC).
The regional centers are used by security analysts who are part of the company's Managed Security Services. Companies hire Symantec to help with part or all of their IT security operations.
The nuclear shelter may have been good public relations for a security company, but it wasn't comfortable: it lacked windows and had "sanitation" problems, company officials said.
On Wednesday, Symantec offered a tour of its new facility in Reading to journalists, analysts and customers. The facility, formerly used by storage company Veritas, which Symantec acquired in 2005, has twice as much space as the bunker and was needed to accommodate Symantec's growth.
Symantec now has under one roof its consultancy, moved from Maidenhead, England, to the new facility, and its SOC, a move that will help dealing with customers, said Arthur Wong, senior vice president of Symantec Managed Security Services.
Symantec only allowed visitors a brief peak at the SOC analysts working on Wednesday, through a glass window with parted blinds. Those analysts sift through reports that note suspicious events on different companies' networks.
Although much analysis of the log reports is automated, humans are still needed to look at data, said Alan Osborne, senior manager for Europe, the Middle East and Africa operations. Symantec's service-level agreements mandate that they notify a client within 10 minutes of a critical problem, Osborne said.
About 30 analysts work in the U.K. SOC. Symantec operates four other SOCs in the U.S., Australia and Japan, which can be called on during emergencies. On Tuesday, a fire alarm went off, and the U.K. SOC's operations were rolled over to a U.S. SOC within minutes, Osborne said.
Symantec officials said they are seeing rapid growth in managed security services, due in part to companies trying to keep IT costs down while dealing with complex threats and government regulation.
The oil company BP PLC started using Symantec's managed services about five years ago when it wanted to separate networks used to control oil production, such as those that turn on and off values, and its corporate network, said Robert W. Martin, DCT Digital Security. Access to one network from the other could be catastrophic, Martin said.
BP usually gets between three to 10 security alerts a month from Symantec, which performs functions such as firewall monitoring, Martin said. For example, Symantec notified BP when it detected peer-to-peer traffic on their network, Martin said, which can be a sign of malicious activity.
Other companies, such as Imperial Chemical Industries PLC, are looking to managed services to outsource capabilities they don't have in-house. Paul Simmonds, the chemical company's chief information security officer, said they are considering Symantec services since they offer greater depth and research on threats.
Now, hackers have typically focused on other industries, but "we know one day someone will work down the food chain and hit on ICI," Simmonds said.
Article Source : www.networkworld.com
The nuclear bunker, with concrete walls and an obscure entrance on a hillside near Twyford, England, was used for one of the company's Special Operations Center (SOC).
The regional centers are used by security analysts who are part of the company's Managed Security Services. Companies hire Symantec to help with part or all of their IT security operations.
The nuclear shelter may have been good public relations for a security company, but it wasn't comfortable: it lacked windows and had "sanitation" problems, company officials said.
On Wednesday, Symantec offered a tour of its new facility in Reading to journalists, analysts and customers. The facility, formerly used by storage company Veritas, which Symantec acquired in 2005, has twice as much space as the bunker and was needed to accommodate Symantec's growth.
Symantec now has under one roof its consultancy, moved from Maidenhead, England, to the new facility, and its SOC, a move that will help dealing with customers, said Arthur Wong, senior vice president of Symantec Managed Security Services.
Symantec only allowed visitors a brief peak at the SOC analysts working on Wednesday, through a glass window with parted blinds. Those analysts sift through reports that note suspicious events on different companies' networks.
Although much analysis of the log reports is automated, humans are still needed to look at data, said Alan Osborne, senior manager for Europe, the Middle East and Africa operations. Symantec's service-level agreements mandate that they notify a client within 10 minutes of a critical problem, Osborne said.
About 30 analysts work in the U.K. SOC. Symantec operates four other SOCs in the U.S., Australia and Japan, which can be called on during emergencies. On Tuesday, a fire alarm went off, and the U.K. SOC's operations were rolled over to a U.S. SOC within minutes, Osborne said.
Symantec officials said they are seeing rapid growth in managed security services, due in part to companies trying to keep IT costs down while dealing with complex threats and government regulation.
The oil company BP PLC started using Symantec's managed services about five years ago when it wanted to separate networks used to control oil production, such as those that turn on and off values, and its corporate network, said Robert W. Martin, DCT Digital Security. Access to one network from the other could be catastrophic, Martin said.
BP usually gets between three to 10 security alerts a month from Symantec, which performs functions such as firewall monitoring, Martin said. For example, Symantec notified BP when it detected peer-to-peer traffic on their network, Martin said, which can be a sign of malicious activity.
Other companies, such as Imperial Chemical Industries PLC, are looking to managed services to outsource capabilities they don't have in-house. Paul Simmonds, the chemical company's chief information security officer, said they are considering Symantec services since they offer greater depth and research on threats.
Now, hackers have typically focused on other industries, but "we know one day someone will work down the food chain and hit on ICI," Simmonds said.
Article Source : www.networkworld.com
Symantec offers compensation for bad software update By Sumner Lemon, IDG News Service
More than a month after Symantec knocked out 50,000 Chinese PCs with a bad software update, the company is ready to offer compensation. But Chinese users eligible for the offer have to act fast; it's only good for a couple of weeks.
Symantec's problems in China began on May 18, when it released a bad software update that caused its Norton antivirus software to wrongly identify two system files in the Simplified Chinese version of Windows XP as malware and quarantine them. That mistake, which Symantec blamed on "an automated process," left tens of thousands of PCs crippled and Internet bulletin boards full of angry posts.
Chinese users who lost data because of Symantec's faulty update demanded compensation, and at least two lawsuits were filed against the company. But Symantec was slow to respond, saying earlier this month it was considering requests for compensation.
After five weeks, Symantec is ready to make amends. The company is offering affected Chinese consumers a 12-month Norton license extension and a copy of Norton Save & Restore 2.0. Corporate customers are being offered Symantec Ghost Solution Suite licenses, depending on the number of PCs affected. Symantec is not offering to extend Norton licenses for corporate customers affected by the bad update.
Symantec described its offer as "a gesture of our goodwill."
Chinese users will have to move fast if they want to take Symantec up on the deal. The company is only accepting applications for compensation during a brief window of time: from June 27 to July 15. Symantec's statement did not explain why the offer period is so short or detail terms of its offer, including whether users must agree not to pursue legal action for damage caused by the company.
Users who want to take Symantec up on its offer must apply at a special Web site, which will validate their copies of Norton Antivirus to make sure they are licensed copies and eligible for the offer.
Article Source : www.networkworld.com
Symantec's problems in China began on May 18, when it released a bad software update that caused its Norton antivirus software to wrongly identify two system files in the Simplified Chinese version of Windows XP as malware and quarantine them. That mistake, which Symantec blamed on "an automated process," left tens of thousands of PCs crippled and Internet bulletin boards full of angry posts.
Chinese users who lost data because of Symantec's faulty update demanded compensation, and at least two lawsuits were filed against the company. But Symantec was slow to respond, saying earlier this month it was considering requests for compensation.
After five weeks, Symantec is ready to make amends. The company is offering affected Chinese consumers a 12-month Norton license extension and a copy of Norton Save & Restore 2.0. Corporate customers are being offered Symantec Ghost Solution Suite licenses, depending on the number of PCs affected. Symantec is not offering to extend Norton licenses for corporate customers affected by the bad update.
Symantec described its offer as "a gesture of our goodwill."
Chinese users will have to move fast if they want to take Symantec up on the deal. The company is only accepting applications for compensation during a brief window of time: from June 27 to July 15. Symantec's statement did not explain why the offer period is so short or detail terms of its offer, including whether users must agree not to pursue legal action for damage caused by the company.
Users who want to take Symantec up on its offer must apply at a special Web site, which will validate their copies of Norton Antivirus to make sure they are licensed copies and eligible for the offer.
Article Source : www.networkworld.com
Symantec declares Chinese offer a success, withholds numbers By Sumner Lemon, IDG News Service
Symantec declared its compensation offer for Chinese users who saw their computers damaged by a bad software update a success Sunday, but declined to say how many users had accepted the deal.
Symantec ran into trouble May 18, when the company issued a faulty software update for its Norton antivirus software that wrongly identified two system files in the Simplified Chinese edition of Windows XP as malware, and quarantined them. That blunder rendered an estimated 50,000 Chinese PCs unusable, Symantec said.
New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management
The incident also provoked an angry outcry from Chinese users, who demanded compensation for the damage wrought on their systems by Symantec. At least two users filed lawsuits against Symantec over damage done to their PCs by the company.
Five weeks after the bad update was released, Symantec offered free software to those Chinese users who were affected. The company offered Chinese consumers a 12-month Norton license extension and a copy of Norton Save & Restore 2.0. Corporate customers were offered Symantec Ghost Solution Suite licenses, depending on the number of PCs affected. Symantec did not extend Norton licenses for corporate customers affected by the bad update.
The compensation offer, which was valid for two and a half weeks starting from June 27, ended Sunday night. However, the Web site created for users to apply for compensation remained up at the time of writing, on Monday morning.
In an e-mail statement sent Sunday, Symantec declared the offer a success, saying the gesture had been "well received." But the company did not offer information to back up that claim.
Symantec's offer was widely criticized in the Chinese press when it was first announced.
"Symantec's response to its Chinese consumers lacks seriousness and sincerity," Alamus, the deputy director of the China Electronic Commerce Association's committee on legal and policy issues, said at that time in a report by China Central Television (CCTV), the country's national TV broadcaster.
While Symantec's compensation offer officially ended Sunday, the company is keeping the door open for users who missed the July 15 deadline.
"After this date anyone who missed the registration date should contact Symantec Customer Support or e-mail symantec.authorised.support.cn@clts.com, and we will give consideration to extending the date for that individual customer," the company said.
Article Source : www.networkworld.com
Symantec ran into trouble May 18, when the company issued a faulty software update for its Norton antivirus software that wrongly identified two system files in the Simplified Chinese edition of Windows XP as malware, and quarantined them. That blunder rendered an estimated 50,000 Chinese PCs unusable, Symantec said.
New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management
The incident also provoked an angry outcry from Chinese users, who demanded compensation for the damage wrought on their systems by Symantec. At least two users filed lawsuits against Symantec over damage done to their PCs by the company.
Five weeks after the bad update was released, Symantec offered free software to those Chinese users who were affected. The company offered Chinese consumers a 12-month Norton license extension and a copy of Norton Save & Restore 2.0. Corporate customers were offered Symantec Ghost Solution Suite licenses, depending on the number of PCs affected. Symantec did not extend Norton licenses for corporate customers affected by the bad update.
The compensation offer, which was valid for two and a half weeks starting from June 27, ended Sunday night. However, the Web site created for users to apply for compensation remained up at the time of writing, on Monday morning.
In an e-mail statement sent Sunday, Symantec declared the offer a success, saying the gesture had been "well received." But the company did not offer information to back up that claim.
Symantec's offer was widely criticized in the Chinese press when it was first announced.
"Symantec's response to its Chinese consumers lacks seriousness and sincerity," Alamus, the deputy director of the China Electronic Commerce Association's committee on legal and policy issues, said at that time in a report by China Central Television (CCTV), the country's national TV broadcaster.
While Symantec's compensation offer officially ended Sunday, the company is keeping the door open for users who missed the July 15 deadline.
"After this date anyone who missed the registration date should contact Symantec Customer Support or e-mail symantec.authorised.support.cn@clts.com, and we will give consideration to extending the date for that individual customer," the company said.
Article Source : www.networkworld.com
XenSource, Symantec team for data protection, storage management By Deni Connor, Network World
XenSource Monday announced that it has teamed with Symantec to integrate the company’s Veritas Storage Foundation with its XenEnterprise virtualization software. The company will also develop new software called XenEnterprise HighAvailability, which will provide failover capability for servers virtualized with XenEnterprise.
The OEM agreement with Symantec will provide customers with the ability to manage servers and storage arrays from a single product. It will let customers optimize their storage utilization, enable dynamic multi-pathing between virtual machines and storage arrays and perform point-in-time copies of data. The features can be managed centrally by XenSource’s XenCenter management software.
Further, XenSource will test and certify XenEnterprise with Veritas NetBackup data protection and backup product. XenEnterprise supports both Windows and Linux servers.
XenSource claims to have as many as 500 customers. The company has previous relationships with NEC, Marathon Technologies, Stratus, Egenera and Cassatt, as well as with Novell and Red Hat. The company also has an interoperability agreement with Microsoft and has partnered with IBM since last fall.
XenSource integration with Veritas Storage Foundation will be available this fall in XenSource 4.0. While prices are not set yet for the product, XenSource indicates they will be higher. XenSource 4.0 will include not only the Veritas Storage Foundation capability but also live migration of data, which lets customers move a running virtual machine between two physical systems.
XenEnterprise is presently priced at $750 per dual socket server.
Article Source : www.networkworld.com
The OEM agreement with Symantec will provide customers with the ability to manage servers and storage arrays from a single product. It will let customers optimize their storage utilization, enable dynamic multi-pathing between virtual machines and storage arrays and perform point-in-time copies of data. The features can be managed centrally by XenSource’s XenCenter management software.
Further, XenSource will test and certify XenEnterprise with Veritas NetBackup data protection and backup product. XenEnterprise supports both Windows and Linux servers.
XenSource claims to have as many as 500 customers. The company has previous relationships with NEC, Marathon Technologies, Stratus, Egenera and Cassatt, as well as with Novell and Red Hat. The company also has an interoperability agreement with Microsoft and has partnered with IBM since last fall.
XenSource integration with Veritas Storage Foundation will be available this fall in XenSource 4.0. While prices are not set yet for the product, XenSource indicates they will be higher. XenSource 4.0 will include not only the Veritas Storage Foundation capability but also live migration of data, which lets customers move a running virtual machine between two physical systems.
XenEnterprise is presently priced at $750 per dual socket server.
Article Source : www.networkworld.com
NAC alternatives hit the mark Symantec tops Juniper, Cisco and Check Point in test of 13 NAC point products By Mandy Andress, Network World
Network-access control is a buzzword of epic proportion. And as is the case with much of larger-than-life industry vernacular, products with even the slightest aspect of access control are being pitched by their makers as integral components of the NAC fray.
In April, we assessed the role that more than 30 NAC products play in the larger NAC schemes defined by Cisco's Network Admission Control (CNAC) initiative or the Trusted Network Connect (TNC) working group of the Trusted Computing Group (see "What can NAC do for you now?").
We found that the basic functions of NAC can be carried out within CNAC or TNC, but not all IT shops have the time, inclination, network infrastructure or resources to deploy a full-blown NAC framework.
Enter the all-in-one approach to NAC -- single products that provide authentication and authorization, endpoint-security assessment, NAC policy enforcement and overall management.
We tested 13 products from Bradford Networks, Check Point Software, Cisco, ConSentry Networks, ForeScout Technologies, InfoExpress, Juniper Networks, Lockdown Networks, McAfee, StillSecure, Symantec, Trend Micro and Vernier Networks.
To ensure continuity between our previous assessment of NAC architectures and these all-in-one NAC products, our testing was based on the same methodology. Authentication and authorization testing homed in on the options available for connecting to the network physically, the authentication options supported and how each product handles authorization.
While deploying NAC in an environment with standard 802.1X authentication was a focal point of our NAC-architecture testing, in this round we deployed products using other authentication options -- for example, facilitating inline monitoring, controlling an installed network switch and acting as the access-layer switch itself -- because many organizations will want to deploy NAC before they can do so using the 802.1X standard. All the vendors tested offer at least one alternative approach, so the good news is that there is no shortage of options.
Our environmental-information evaluation -- sometimes referred to as an endpoint-security assessment -- looked at how effectively each product gathers pertinent information from endpoints. The details collected range from general machine information to specific security settings, and all are used to enforce policy decisions.
The enforcement piece of this test evaluated the options available for handling offending systems once assessment is complete and the applicable policy identified. The final management section looked at the tools available for keeping the whole NAC system running, including defining new policies, receiving alerts and reporting, all within an accessible and usable interface (see a full test-methodology guidance on testing these NAC products in your own environment).
The good news is that these products consistently functioned as advertised. Pretty much across the board, they identified, authorized (or blocked, as required) and helped remediate failed systems as their makers said they would. However, they carried out these measures in different ways and to varying degrees, so to help determine which product is the best fit for you, you'll need to have a clear understanding of which areas covered by these NAC products are the most critical for your own environment (see "6 tips for selecting the right all-in-one NAC product").
Symantec came out on top as the best-all-around all-in-one NAC product. Although other products performed better in single categories, we found that Symantec's Network Access Control provided the most solid NAC functions across the board. ForeScout, Lockdown and Juniper rounded out the top finishers.
Trends in NAC products
Our authentication and authorization tests showed that for the most part, these all-in-one NAC products slide pretty effectively into existing networks in a variety of ways. Authorizing access for known and guest users via general LAN links, remote-access connections and wireless LANs are all measures supported by most products. The technical implementation methods differ, but the goals of flexibility and pervasive coverage remain the same.
Common to the vast majority of products is integration with standard user directories, such as Microsoft's Active Directory and other Lightweight Directory Access Protocol-based repositories, and authentication servers, such as a RADIUS server. A key difference is that some products provide authentication by monitoring authentication traffic (for example, Kerberos authentication packets) passively and making note of the event, while others require the user to enter credentials actively.
Another key difference among the products is the endpoint information used during the authorization and enforcement processes. Some products rely on user information to enforce policies, while others grant access based solely on device information. A few products provide support for both approaches.
Juniper, Symantec and Vernier performed the best in our authorization and authentication testing. These products provided well-integrated deployment scenarios for our four connection methods (LAN, remote access, guest and wireless). They also supported a variety of technologies for authentication and let us configure authorization parameters based on either user or device.
Endpoint-assessment tests evaluated out-of-the-box options for system compliance checks, focusing on antivirus software, Windows security patches, host firewall status, endpoint-vulnerability status and identification of actively infected systems. Most products provided basic coverage and functions on the fundamental items.
What differentiated these products was how broadly they covered these assessment mechanisms, how easily they configured checks, how they manipulated the timing of checks and whether they could implement more-detailed checks, such as when a product supports a general vulnerability-scanning engine. Products' ability to define custom security checks ranged from checking for certain registry keys and file properties to full scripting engines.
Symantec, ForeScout excel in assessment
Symantec excelled in endpoint assessment and the collection of environmental information by providing the best all-around assessment function. ForeScout also performed well, providing enhanced assessment functions, such as anomaly detection and a full vulnerability-assessment platform.
Enforcement capabilities generally depended on the product's implementation. For example, in products that approached NAC by controlling the access switch, primary enforcement mechanisms included virtual LAN and access-control list (ACL) changes. Inline deployments most frequently offered firewall rules to control network access, though some also provided VLAN changes by modifying 802.1Q tags.
While VLAN changes are easy to implement, the bigger issue for users is the network infrastructure's overall VLAN design and management, compared with how detailed their NAC policies will be. Having different access policies for different corporate functions -- and even different access policies if endpoint systems are not in compliance -- could quickly become a VLAN management nightmare.
Another common enforcement mechanism is self-enforcement, facilitated by heavy-handed client software in which an agent controls network access. Self-enforcement is beneficial in that it helps ensure compliance when a user isn't connected to the corporate network, but you've got to factor in that the endpoint could be compromised. We recommend using self-enforcement along with a network-based enforcement mechanism, such as pushing a firewall rule, making a VLAN change or facilitating an ACL change on a switch.
Remediation efforts tended to guide users through the process of bringing their own machines up to NAC snuff. The measures provided generally included displaying a message containing a URL leading users to information or software that will let them self-remediate. Some products provided more proactive remediation functions, such as killing a process or automatically executing a program -- for instance, launching a patch-management agent such as PatchLink, pushing an enterprise-software upgrade via Microsoft's SMS or running a custom script.
ForeScout, Juniper, Lockdown and Symantec all performed well in our remediation tests, with ForeScout the remediation leader based on its flexible and extensive options, from VLAN changes to killing a rogue process.
The big area of disappointment generally across the board was the general lack of information these products provided about a user's or device's history. If a device was placed in quarantine, what check failed? What was the response? What user was logged in at the time? What action was taken? What other devices had the user connected to? What is the historical information about this device or user? Very few products were capable of this level of detail, which is required for any useful NAC deployment.
The tools to manage a NAC deployment adequately -- the general interface for policy creation and day-to-day administration, help and documentation, and alerting and reporting capabilities -- generally were the weakest components of the products tested.
GUI interfaces were cluttered and not intuitive to use or navigate. Often the tools for defining NAC policies -- a critical part of NAC administration -- were buried deep within the system and required multiple clicks just to get to the starting point. Very few products launched administrators into a dashboard of useful information. Lockdown's Enforcer had the best: A full-summary dashboard appeared when the administrator initially logged on that gave a clear picture of the system's risk posture and high-level details of its current state.
Policy creation generally was overly complex. While NAC vendors generally provide a lot of flexibility and detail with their NAC policy development engines, most have fallen short in making those engines easy to drive with the supplied management applications. Vernier's EdgeWall had the most challenging NAC methodology, but in the end, it was the most flexible and detailed of the products tested.
Another area we focused on was support-account administration, to see the level of detail supported for access control and role definition. We also looked at whether a product managed administrator accounts within an enterprise-user repository instead of maintaining a local database of administrative users. Most products supported a multiple-role structure, but some products provided more detail than others.
Reporting was the most problematic area. Some products contained no reporting function, and others provided only very basic searches. While it's important to identify and enforce network access based on endpoint integrity and defined policies, it is almost more important in today's environment to show the historical results of assessments and what action was taken concerning systems that did not adhere to defined policy.
While all the products we tested can use improvement in overall management, Check Point, ForeScout and Lockdown have the strongest showing in this area of evaluation. Their products provided the reporting and enterprise-management functions we expected to see, such as multiple alerting options to tie into enterprise-management tools, delegated administrative functions, and adequate help and product documentation.
NAC futures
Postadmission control is where most vendors are spending their development resources, and that's only natural. Once a system is admitted to the network, it needs to stay in compliance. Most products achieve this now by performing assessment checks on a schedule, such as every 15 minutes.
Some vendors, such as McAfee and StillSecure, are starting to take postadmission control a step further, integrating intrusion-detection/prevention systems that trigger an enforcement action if an alert is received about an endpoint device. This information also can be combined with a vulnerability scan to determine whether the alert is a false-positive.
Although some products do vulnerability scans now, this false-positive correlation still is a goal for vendors to reach. The next logical step is integration with security-information and security-incident and event-management products, which should provide the most complete picture to help a NAC product make the best decision on how to provide access to an endpoint device continuously.
Another future integration point for NAC should be the growing number of outbound-content-compliance and data-leakage-protection products. With this combination, companies could block network access if unauthorized data transfers were attempted or observed.
In its basic form, NAC is ready for prime time. Companies can buy a multitude of products that check the integrity of known endpoints and control access accordingly. And judging from the industry buzz about NAC, vendors are investing R&D dollars that will help facilitate enhanced features and further integration with any organization's network infrastructure. The secret to deploying an effective all-in-one NAC product is aligning yourself with a vendor that has developed its product with the same NAC priorities you've set for your own network.
Article Source : www.networkworld.com
In April, we assessed the role that more than 30 NAC products play in the larger NAC schemes defined by Cisco's Network Admission Control (CNAC) initiative or the Trusted Network Connect (TNC) working group of the Trusted Computing Group (see "What can NAC do for you now?").
We found that the basic functions of NAC can be carried out within CNAC or TNC, but not all IT shops have the time, inclination, network infrastructure or resources to deploy a full-blown NAC framework.
Enter the all-in-one approach to NAC -- single products that provide authentication and authorization, endpoint-security assessment, NAC policy enforcement and overall management.
We tested 13 products from Bradford Networks, Check Point Software, Cisco, ConSentry Networks, ForeScout Technologies, InfoExpress, Juniper Networks, Lockdown Networks, McAfee, StillSecure, Symantec, Trend Micro and Vernier Networks.
To ensure continuity between our previous assessment of NAC architectures and these all-in-one NAC products, our testing was based on the same methodology. Authentication and authorization testing homed in on the options available for connecting to the network physically, the authentication options supported and how each product handles authorization.
While deploying NAC in an environment with standard 802.1X authentication was a focal point of our NAC-architecture testing, in this round we deployed products using other authentication options -- for example, facilitating inline monitoring, controlling an installed network switch and acting as the access-layer switch itself -- because many organizations will want to deploy NAC before they can do so using the 802.1X standard. All the vendors tested offer at least one alternative approach, so the good news is that there is no shortage of options.
Our environmental-information evaluation -- sometimes referred to as an endpoint-security assessment -- looked at how effectively each product gathers pertinent information from endpoints. The details collected range from general machine information to specific security settings, and all are used to enforce policy decisions.
The enforcement piece of this test evaluated the options available for handling offending systems once assessment is complete and the applicable policy identified. The final management section looked at the tools available for keeping the whole NAC system running, including defining new policies, receiving alerts and reporting, all within an accessible and usable interface (see a full test-methodology guidance on testing these NAC products in your own environment).
The good news is that these products consistently functioned as advertised. Pretty much across the board, they identified, authorized (or blocked, as required) and helped remediate failed systems as their makers said they would. However, they carried out these measures in different ways and to varying degrees, so to help determine which product is the best fit for you, you'll need to have a clear understanding of which areas covered by these NAC products are the most critical for your own environment (see "6 tips for selecting the right all-in-one NAC product").
Symantec came out on top as the best-all-around all-in-one NAC product. Although other products performed better in single categories, we found that Symantec's Network Access Control provided the most solid NAC functions across the board. ForeScout, Lockdown and Juniper rounded out the top finishers.
Trends in NAC products
Our authentication and authorization tests showed that for the most part, these all-in-one NAC products slide pretty effectively into existing networks in a variety of ways. Authorizing access for known and guest users via general LAN links, remote-access connections and wireless LANs are all measures supported by most products. The technical implementation methods differ, but the goals of flexibility and pervasive coverage remain the same.
Common to the vast majority of products is integration with standard user directories, such as Microsoft's Active Directory and other Lightweight Directory Access Protocol-based repositories, and authentication servers, such as a RADIUS server. A key difference is that some products provide authentication by monitoring authentication traffic (for example, Kerberos authentication packets) passively and making note of the event, while others require the user to enter credentials actively.
Another key difference among the products is the endpoint information used during the authorization and enforcement processes. Some products rely on user information to enforce policies, while others grant access based solely on device information. A few products provide support for both approaches.
Juniper, Symantec and Vernier performed the best in our authorization and authentication testing. These products provided well-integrated deployment scenarios for our four connection methods (LAN, remote access, guest and wireless). They also supported a variety of technologies for authentication and let us configure authorization parameters based on either user or device.
Endpoint-assessment tests evaluated out-of-the-box options for system compliance checks, focusing on antivirus software, Windows security patches, host firewall status, endpoint-vulnerability status and identification of actively infected systems. Most products provided basic coverage and functions on the fundamental items.
What differentiated these products was how broadly they covered these assessment mechanisms, how easily they configured checks, how they manipulated the timing of checks and whether they could implement more-detailed checks, such as when a product supports a general vulnerability-scanning engine. Products' ability to define custom security checks ranged from checking for certain registry keys and file properties to full scripting engines.
Symantec, ForeScout excel in assessment
Symantec excelled in endpoint assessment and the collection of environmental information by providing the best all-around assessment function. ForeScout also performed well, providing enhanced assessment functions, such as anomaly detection and a full vulnerability-assessment platform.
Enforcement capabilities generally depended on the product's implementation. For example, in products that approached NAC by controlling the access switch, primary enforcement mechanisms included virtual LAN and access-control list (ACL) changes. Inline deployments most frequently offered firewall rules to control network access, though some also provided VLAN changes by modifying 802.1Q tags.
While VLAN changes are easy to implement, the bigger issue for users is the network infrastructure's overall VLAN design and management, compared with how detailed their NAC policies will be. Having different access policies for different corporate functions -- and even different access policies if endpoint systems are not in compliance -- could quickly become a VLAN management nightmare.
Another common enforcement mechanism is self-enforcement, facilitated by heavy-handed client software in which an agent controls network access. Self-enforcement is beneficial in that it helps ensure compliance when a user isn't connected to the corporate network, but you've got to factor in that the endpoint could be compromised. We recommend using self-enforcement along with a network-based enforcement mechanism, such as pushing a firewall rule, making a VLAN change or facilitating an ACL change on a switch.
Remediation efforts tended to guide users through the process of bringing their own machines up to NAC snuff. The measures provided generally included displaying a message containing a URL leading users to information or software that will let them self-remediate. Some products provided more proactive remediation functions, such as killing a process or automatically executing a program -- for instance, launching a patch-management agent such as PatchLink, pushing an enterprise-software upgrade via Microsoft's SMS or running a custom script.
ForeScout, Juniper, Lockdown and Symantec all performed well in our remediation tests, with ForeScout the remediation leader based on its flexible and extensive options, from VLAN changes to killing a rogue process.
The big area of disappointment generally across the board was the general lack of information these products provided about a user's or device's history. If a device was placed in quarantine, what check failed? What was the response? What user was logged in at the time? What action was taken? What other devices had the user connected to? What is the historical information about this device or user? Very few products were capable of this level of detail, which is required for any useful NAC deployment.
The tools to manage a NAC deployment adequately -- the general interface for policy creation and day-to-day administration, help and documentation, and alerting and reporting capabilities -- generally were the weakest components of the products tested.
GUI interfaces were cluttered and not intuitive to use or navigate. Often the tools for defining NAC policies -- a critical part of NAC administration -- were buried deep within the system and required multiple clicks just to get to the starting point. Very few products launched administrators into a dashboard of useful information. Lockdown's Enforcer had the best: A full-summary dashboard appeared when the administrator initially logged on that gave a clear picture of the system's risk posture and high-level details of its current state.
Policy creation generally was overly complex. While NAC vendors generally provide a lot of flexibility and detail with their NAC policy development engines, most have fallen short in making those engines easy to drive with the supplied management applications. Vernier's EdgeWall had the most challenging NAC methodology, but in the end, it was the most flexible and detailed of the products tested.
Another area we focused on was support-account administration, to see the level of detail supported for access control and role definition. We also looked at whether a product managed administrator accounts within an enterprise-user repository instead of maintaining a local database of administrative users. Most products supported a multiple-role structure, but some products provided more detail than others.
Reporting was the most problematic area. Some products contained no reporting function, and others provided only very basic searches. While it's important to identify and enforce network access based on endpoint integrity and defined policies, it is almost more important in today's environment to show the historical results of assessments and what action was taken concerning systems that did not adhere to defined policy.
While all the products we tested can use improvement in overall management, Check Point, ForeScout and Lockdown have the strongest showing in this area of evaluation. Their products provided the reporting and enterprise-management functions we expected to see, such as multiple alerting options to tie into enterprise-management tools, delegated administrative functions, and adequate help and product documentation.
NAC futures
Postadmission control is where most vendors are spending their development resources, and that's only natural. Once a system is admitted to the network, it needs to stay in compliance. Most products achieve this now by performing assessment checks on a schedule, such as every 15 minutes.
Some vendors, such as McAfee and StillSecure, are starting to take postadmission control a step further, integrating intrusion-detection/prevention systems that trigger an enforcement action if an alert is received about an endpoint device. This information also can be combined with a vulnerability scan to determine whether the alert is a false-positive.
Although some products do vulnerability scans now, this false-positive correlation still is a goal for vendors to reach. The next logical step is integration with security-information and security-incident and event-management products, which should provide the most complete picture to help a NAC product make the best decision on how to provide access to an endpoint device continuously.
Another future integration point for NAC should be the growing number of outbound-content-compliance and data-leakage-protection products. With this combination, companies could block network access if unauthorized data transfers were attempted or observed.
In its basic form, NAC is ready for prime time. Companies can buy a multitude of products that check the integrity of known endpoints and control access accordingly. And judging from the industry buzz about NAC, vendors are investing R&D dollars that will help facilitate enhanced features and further integration with any organization's network infrastructure. The secret to deploying an effective all-in-one NAC product is aligning yourself with a vendor that has developed its product with the same NAC priorities you've set for your own network.
Article Source : www.networkworld.com
Symantec patches critical Norton flaw By Robert McMillan, IDG News Service
A bug in the way Norton Antivirus software uses the ActiveX programming language could cause serious problems for users of Symantec's products.
On Thursday, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia rates the problem as "highly critical."
The flaw is an "input validation" error, meaning that Norton doesn't properly check the data it's receiving to ensure that it can't be mistaken for malicious commands. The bug affects users of the 2006 versions of Norton AntiVirus, Norton Internet Security and Norton System Works. Norton Internet Security 2006, Anti Spyware Edition is also affected.
Symantec advises these users to run the program's LiveUpdate feature as soon as possible to download the patch. Symantec's enterprise products, AntiVirus Corporate Edition and Symantec Client Security, are not affected by the bug.
These kind of ActiveX programming errors are common, but they can be nasty, said Johannes Ullrich, chief research officer for the SANS Institute. "People don't code ActiveX as carefully as they should," he said.
It's not clear how easily it will be to write attack code that takes advantage of the problem, but because Norton is so widely used, the flaw should be taken seriously, Ullrich added. "It's serious because potentially anybody that has Norton AntiVirus installed is now vulnerable," he said. "Now all that has to happen is for them to visit a malicious Web site."
Three months ago, a group of hackers underscored the problem with these ActiveX vulnerabilities, releasing details on one bug per day through May.
Article Source : www.networkworld.com
On Thursday, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia rates the problem as "highly critical."
The flaw is an "input validation" error, meaning that Norton doesn't properly check the data it's receiving to ensure that it can't be mistaken for malicious commands. The bug affects users of the 2006 versions of Norton AntiVirus, Norton Internet Security and Norton System Works. Norton Internet Security 2006, Anti Spyware Edition is also affected.
Symantec advises these users to run the program's LiveUpdate feature as soon as possible to download the patch. Symantec's enterprise products, AntiVirus Corporate Edition and Symantec Client Security, are not affected by the bug.
These kind of ActiveX programming errors are common, but they can be nasty, said Johannes Ullrich, chief research officer for the SANS Institute. "People don't code ActiveX as carefully as they should," he said.
It's not clear how easily it will be to write attack code that takes advantage of the problem, but because Norton is so widely used, the flaw should be taken seriously, Ullrich added. "It's serious because potentially anybody that has Norton AntiVirus installed is now vulnerable," he said. "Now all that has to happen is for them to visit a malicious Web site."
Three months ago, a group of hackers underscored the problem with these ActiveX vulnerabilities, releasing details on one bug per day through May.
Article Source : www.networkworld.com
Symantec CEO: Microsoft causing security price pressure By Elizabeth Montalbano, IDG News Service
Symantec Chairman and CEO John Thompson Tuesday blamed Microsoft for the current pricing competition his company faces in the consumer security market, suggesting Microsoft's pricing scheme for its first entry into the space is "monopolistic."
Speaking at the offices of the Nasdaq stock exchange in New York, Thompson said Microsoft's decision last year to offer Windows Live OneCare, a service that combines firewall, antivirus and backup capabilities, for $49.95 per year for three PCs "clearly recast prior expectations for consumer security technology."
"I don't want to say it was monopolistic, but it looked that way to some of us," Thompson said.
Symantec released Norton 360, its competitor Windows Live OneCare, last March, but the product -- at $79.99 for three PCs -- costs more than Windows Live OneCare, but has the benefit of more features and Symantec's experience in security going for it.
Using competitive pricing to try to get a leg up in a market where a company is weak is a common practice, and Symantec is no stranger to such pricing storms, Thompson said. "We have seen a continued focus on price competition in some markets and some channels," he said.
To say Microsoft has a long way to go before it can compete with the breadth of products Symantec has in the consumer and enterprise spaces is an understatement. Microsoft executives have acknowledged that the company took its time in realizing the importance of security, but they are now determined to give Symantec and McAfee a run for their money with offerings like OneCare and the Forefront security line. Still, there is wide agreement that any serious heat from Microsoft in security is several years off, if not more.
Thompson said Tuesday that his company is well-prepared to evolve with the industry and new competitors. As part of this evolution, Symantec plans to unveil its first software-as-a-service option this year, a backup service for SMBs called the Symantec Protection Network. That service will be rolled out in conjunction with the next version of its Backup Exec software.
"We've reinvented ourselves in the past, and we'll probably reinvent ourselves if not one more time than at least two more times" to keep up with industry changes, Thompson said.
Article Source : www.networkworld.com
Speaking at the offices of the Nasdaq stock exchange in New York, Thompson said Microsoft's decision last year to offer Windows Live OneCare, a service that combines firewall, antivirus and backup capabilities, for $49.95 per year for three PCs "clearly recast prior expectations for consumer security technology."
"I don't want to say it was monopolistic, but it looked that way to some of us," Thompson said.
Symantec released Norton 360, its competitor Windows Live OneCare, last March, but the product -- at $79.99 for three PCs -- costs more than Windows Live OneCare, but has the benefit of more features and Symantec's experience in security going for it.
Using competitive pricing to try to get a leg up in a market where a company is weak is a common practice, and Symantec is no stranger to such pricing storms, Thompson said. "We have seen a continued focus on price competition in some markets and some channels," he said.
To say Microsoft has a long way to go before it can compete with the breadth of products Symantec has in the consumer and enterprise spaces is an understatement. Microsoft executives have acknowledged that the company took its time in realizing the importance of security, but they are now determined to give Symantec and McAfee a run for their money with offerings like OneCare and the Forefront security line. Still, there is wide agreement that any serious heat from Microsoft in security is several years off, if not more.
Thompson said Tuesday that his company is well-prepared to evolve with the industry and new competitors. As part of this evolution, Symantec plans to unveil its first software-as-a-service option this year, a backup service for SMBs called the Symantec Protection Network. That service will be rolled out in conjunction with the next version of its Backup Exec software.
"We've reinvented ourselves in the past, and we'll probably reinvent ourselves if not one more time than at least two more times" to keep up with industry changes, Thompson said.
Article Source : www.networkworld.com
Sunday, September 2, 2007
Advanced Cluster Server Solutions In a Nutshell by Data Center | Minakshi Sehgal
Building and maintaining enterprise computing infrastructures invariably involves balancing conflicting goals high missioncritical application availability versus lowest cost as one example. Now, Symantec Veritas Cluster Server features enable new server cluster server configurations that can simultaneously provide high availability at minimum cost.
For the first time, new, powerful Symantec Veritas Cluster Server features allow enterprise IT organizations to take significant steps in balancing the two previouslyopposing clustered application demands high missioncritical application availability versus lowest cost.
Introduction
Building and maintaining enterprise computing infrastructures invariably involves balancing conflicting goals high missioncritical application availability at lowest cost as one example. Fueled by today’s nonstop, global economy business demands, many enterprise IT departments necessarily deliver five 9s (99.999 percent) computing infrastructure availability translating to 5.39 minutes of total planned or unplanned downtime per year. This meager allowance applies to servers and a spectrum of customerfacing and other missioncritical applications including core financial service transaction systems, telecommunication systems, transportation systems, and online operations such as ecommerce Web sites.
To achieve five 9s availability, many enterprise IT organizations adopt application clustering, an approach that transforms multiple computer servers into a cluster a group of servers that acts like a single system. To create these application clusters, IT organizations migrate applications from monolithic architecture servers to server clusters having proprietary and commodity architectures.
High availability required, at any cost–or is it?
Attempting to maximize clustered application availability, IT organizations commonly deploy servers in one or more of three popular, highly inefficient, configurations, all of which can significantly increase data center costs. These application cluster configurations are:
Asymmetric Clusters
In asymmetric clusters, applications run on a primary server. A dedicated backup or spare server is present to takeover following failures. The spare server is unable to perform any other functions. Asymmetric clusters have the simplest and most reliable possible configuration. The secondary server stands by with full performance capability because no other application is running on it that can present compatibility issues. This configuration is also the most expensive, as the cost of failover server is 100 percent of the cost of the protected server.
Symmetric Clusters
In symmetric clusters, each server runs a specific application or service and provides redundancy for other servers in the same cluster. For example, if two servers run two different applications, either surviving server hosts both applications following a failure of the other server. From a hardware utilization perspective, symmetric clusters may appear far superior to asymmetric clusters since they overcome the common objection of expensive idle systems. However, this approach presents the most complex failover process and offers the least performance. Specifically, if a single application needs one processor to run properly, an asymmetric configuration necessarily requires two processors. Running identical applications on each server in a symmetric configuration therefore requires two dual processor systems, increasing hardware costs. Additional difficulties arise in symmetric cluster configurations when a single system must host multiple applications that do not coexist smoothly – further increasing hardware costs.
Article Source : www.symantec.com
For the first time, new, powerful Symantec Veritas Cluster Server features allow enterprise IT organizations to take significant steps in balancing the two previouslyopposing clustered application demands high missioncritical application availability versus lowest cost.
Introduction
Building and maintaining enterprise computing infrastructures invariably involves balancing conflicting goals high missioncritical application availability at lowest cost as one example. Fueled by today’s nonstop, global economy business demands, many enterprise IT departments necessarily deliver five 9s (99.999 percent) computing infrastructure availability translating to 5.39 minutes of total planned or unplanned downtime per year. This meager allowance applies to servers and a spectrum of customerfacing and other missioncritical applications including core financial service transaction systems, telecommunication systems, transportation systems, and online operations such as ecommerce Web sites.
To achieve five 9s availability, many enterprise IT organizations adopt application clustering, an approach that transforms multiple computer servers into a cluster a group of servers that acts like a single system. To create these application clusters, IT organizations migrate applications from monolithic architecture servers to server clusters having proprietary and commodity architectures.
High availability required, at any cost–or is it?
Attempting to maximize clustered application availability, IT organizations commonly deploy servers in one or more of three popular, highly inefficient, configurations, all of which can significantly increase data center costs. These application cluster configurations are:
Asymmetric Clusters
In asymmetric clusters, applications run on a primary server. A dedicated backup or spare server is present to takeover following failures. The spare server is unable to perform any other functions. Asymmetric clusters have the simplest and most reliable possible configuration. The secondary server stands by with full performance capability because no other application is running on it that can present compatibility issues. This configuration is also the most expensive, as the cost of failover server is 100 percent of the cost of the protected server.
Symmetric Clusters
In symmetric clusters, each server runs a specific application or service and provides redundancy for other servers in the same cluster. For example, if two servers run two different applications, either surviving server hosts both applications following a failure of the other server. From a hardware utilization perspective, symmetric clusters may appear far superior to asymmetric clusters since they overcome the common objection of expensive idle systems. However, this approach presents the most complex failover process and offers the least performance. Specifically, if a single application needs one processor to run properly, an asymmetric configuration necessarily requires two processors. Running identical applications on each server in a symmetric configuration therefore requires two dual processor systems, increasing hardware costs. Additional difficulties arise in symmetric cluster configurations when a single system must host multiple applications that do not coexist smoothly – further increasing hardware costs.
Article Source : www.symantec.com
Migrating PST Files into EV 2007 by Risk Management | Andy Joyce
Introduction
This paper is intended to serve as a comprehensive source of information about the various tools available for PST migration with Symantec Enterprise Vault 2007. It also provides some guidance on how best to use these tools. It is assumed that the reader has some experience installing, configuring, and maintaining the core Enterprise Vault for Microsoft® Exchange solution and is familiar with Microsoft Windows®, Microsoft Outlook®, Exchange, and other products, such as Microsoft SQL Server. This paper is not a step-by-step configuration guide; therefore, it refers to related documentation, as appropriate, for such information.
Summary of the PST problem
PST files (also known as Personal Folders or Outlook data files) were not designed to handle the rigorous demands of today's large-scale corporate email requirements. However, many companies move email from Exchange into PST files for retention. Ultimately, these files create more problems than they solve and are one of the main reasons why organizations eventually seek an enterprise archiving solution. Common PST file problems include:
* Lack of centralized management of which users have created PST files, how many files exist, or what intellectual property they contain
* Propensity for data corruption with limited recovery, resulting in permanent data loss
* Impact on nightly backups, as the archive bit for any opened file will be changed and thus require a complete file backup, even if the file has only been viewed
* Increased storage requirements, as single instancing is lost when multiple copies of identical email/files are stored in disparate PST files
* Lack of content retention enforcement and compliance management · Difficulty in searching, as a user can only search one PST file at a time, and it is virtually impossible for an organization to locate and search all PST files for compliance and/or discovery purposes
Solution: Migrate the contents of PST files into Symantec Enterprise Vault
Symantec Enterprise Vault software helps organizations solve the issues outlined in the previous section by migrating PST files into a central archiving repository. Migrating PST files involves more than just importing them into Enterprise Vault. It is a process that entails the following steps:
1. Locate. Enterprise Vault offers "push" and "pull" techniques for locating PST files that are referenced in Outlook profiles and/or that reside on file servers or user client machines.
2. Determine ownership. This critical step addresses the question of who owns the PST files. If an organization cannot automatically determine who owns a PST file, then it cannot automatically assign security to the information it is about to add to the archive. Enterprise Vault offers a number of techniques for establishing the ownership of a PST file and storing that information so that it can be used later to import the data into the appropriate user's archive.
3. Report. A centralized management view of the PST migration process is critical. The Enterprise Vault Administration Console shows a view of all PST file locations, their ownership, and their migration status.
4. Import. The migration of PST files into Enterprise Vault can be triggered manually or automatically within certain time periods. There are a number of different methods to drive PST migration, but all of them assign security and rationalize storage through single instancing and compression within Enterprise Vault.
5. Display. End-user access to imported content must be familiar and easy for a PST migration project to be successful. Enterprise Vault can present imported messages in Outlook, using the same folder names and hierarchy that imported PST files had at the time of migration.
6. Disposal of migrated PST files. Following the successful migration of a PST file, Enterprise Vault can automatically delete or hide it and remove it from the user's Outlook profile.
Article Source : www.symantec.com
This paper is intended to serve as a comprehensive source of information about the various tools available for PST migration with Symantec Enterprise Vault 2007. It also provides some guidance on how best to use these tools. It is assumed that the reader has some experience installing, configuring, and maintaining the core Enterprise Vault for Microsoft® Exchange solution and is familiar with Microsoft Windows®, Microsoft Outlook®, Exchange, and other products, such as Microsoft SQL Server. This paper is not a step-by-step configuration guide; therefore, it refers to related documentation, as appropriate, for such information.
Summary of the PST problem
PST files (also known as Personal Folders or Outlook data files) were not designed to handle the rigorous demands of today's large-scale corporate email requirements. However, many companies move email from Exchange into PST files for retention. Ultimately, these files create more problems than they solve and are one of the main reasons why organizations eventually seek an enterprise archiving solution. Common PST file problems include:
* Lack of centralized management of which users have created PST files, how many files exist, or what intellectual property they contain
* Propensity for data corruption with limited recovery, resulting in permanent data loss
* Impact on nightly backups, as the archive bit for any opened file will be changed and thus require a complete file backup, even if the file has only been viewed
* Increased storage requirements, as single instancing is lost when multiple copies of identical email/files are stored in disparate PST files
* Lack of content retention enforcement and compliance management · Difficulty in searching, as a user can only search one PST file at a time, and it is virtually impossible for an organization to locate and search all PST files for compliance and/or discovery purposes
Solution: Migrate the contents of PST files into Symantec Enterprise Vault
Symantec Enterprise Vault software helps organizations solve the issues outlined in the previous section by migrating PST files into a central archiving repository. Migrating PST files involves more than just importing them into Enterprise Vault. It is a process that entails the following steps:
1. Locate. Enterprise Vault offers "push" and "pull" techniques for locating PST files that are referenced in Outlook profiles and/or that reside on file servers or user client machines.
2. Determine ownership. This critical step addresses the question of who owns the PST files. If an organization cannot automatically determine who owns a PST file, then it cannot automatically assign security to the information it is about to add to the archive. Enterprise Vault offers a number of techniques for establishing the ownership of a PST file and storing that information so that it can be used later to import the data into the appropriate user's archive.
3. Report. A centralized management view of the PST migration process is critical. The Enterprise Vault Administration Console shows a view of all PST file locations, their ownership, and their migration status.
4. Import. The migration of PST files into Enterprise Vault can be triggered manually or automatically within certain time periods. There are a number of different methods to drive PST migration, but all of them assign security and rationalize storage through single instancing and compression within Enterprise Vault.
5. Display. End-user access to imported content must be familiar and easy for a PST migration project to be successful. Enterprise Vault can present imported messages in Outlook, using the same folder names and hierarchy that imported PST files had at the time of migration.
6. Disposal of migrated PST files. Following the successful migration of a PST file, Enterprise Vault can automatically delete or hide it and remove it from the user's Outlook profile.
Article Source : www.symantec.com
Symantec Security Information Manager by Security | Paul Agbabian
Overview
Symantec Security Information Manager (SSIM) enables IT organizations to identify, prioritize, investigate, and respond to security threats that impact missioncritical business applications. It serves as a log consolidation system for identity management monitoring, compliance, and forensics requirements. Realtime correlation of network and host security breaches with Symantec's trusted global security threat intelligence makes SSIM the vehicle for a world class incident response system ensuring the integrity of business critical information assets.
SSIM ensures the integrity and security of information assets by delivering the following capabilities:
* Captures, filters, normalizes, and reports on security and availability events from a myriad of Symantec and leading 3 rd party host and network products (event logs, antivirus, firewall, intrusion detection/prevention, vulnerability management, policy compliance, backup, etc.), and custom data sources, enabling IT to identify critical breaches in a heterogeneous or complex network environments.
* Centralizes log management for compliance and forensics requirements, retaining normalized and raw event information in online, searchable compressed format that is easy to manage and inexpensive to maintain for very long periods of time.
* Queries, plays back, and reports on arbitrary histories of identity and user activity, host, IP address, or any other normalized event field.
* Correlates security events, in realtime, using a highspeed patent pending multistage pattern based engine, helping IT to reduce events and logs into prioritized incidents and focus on solving the most serious problems first.
* Implements a patent pending multistage normalization and classification service.
* Tracks security incidents and related response activities throughout their lifecycle from ticket creation to closure, helping IT to quickly and effectively remediate problems.
* Integrates into the enterprise infrastructure including existing management and ticketing systems so that IT can leverage their legacy investments and processes by way of industry standard web service interfaces.
* Reports on compliance and security incident metrics enabling businesses to visualize and refine the effectiveness of their security processes and posture.
* Scales via a distributed architecture for simple to complex configurations with a single point of administration.
* Delivers bestinclass functionality packaged as a highperformance appliance that is easy to deploy, use and manage for lowered cost of solution and cost of ownership.
Architecture
The SSIM system is packaged as an appliance and is built on Symantec's standardsbased enterprise security architecture. The architecture and its services form a directory enabled distributed system whose administration model is based on the DMTF Common Information Model (CIM), and its CIMLDAP mappings.
Event services provide SSIM its underlying event schema, event collection, forwarding and routing channels, detailed event storage, event level access control, preferred language event display, and query services. The event service uses the CIMXML protocol, as well as a highly efficient compressed CIMXDR binary protocol, over HTTPS. SSIM adds a custom event service router to feed events to its correlation engine in near real time.
A extensible event collection framework and collector studio enables collection of log data and realtime events using a variety of sensor types including file, syslog, Windows event log, database, SNMP, and popular vendor specific sources.
Alerting and notification services provide multiple channels of communication to users and service desk systems based on rules and schedules. Service desk channels are bidirectional.
Directory services provide authentication, user white pages, rolesbased access control, service access point location, and multidomain organizational management for a trusted federation of multiple systems with single signon capabilities. Delegation of authority and complex segregation of duties is customizable by product, task, organizational unit, groups of users, rules, queries, reports as well as entire administrative domains for regional or SOC management.
Policy configuration services provide centralized configuration of a large number of SSIM systems and collectors.
Failover of SSIM services, event data stores, and directory services enable a high availability enterprise class system. A statistics service monitors the health and liveness of system infrastructure components, and monitors event and rule processing in real time.
Article Source : www.symantec.com
Symantec Security Information Manager (SSIM) enables IT organizations to identify, prioritize, investigate, and respond to security threats that impact missioncritical business applications. It serves as a log consolidation system for identity management monitoring, compliance, and forensics requirements. Realtime correlation of network and host security breaches with Symantec's trusted global security threat intelligence makes SSIM the vehicle for a world class incident response system ensuring the integrity of business critical information assets.
SSIM ensures the integrity and security of information assets by delivering the following capabilities:
* Captures, filters, normalizes, and reports on security and availability events from a myriad of Symantec and leading 3 rd party host and network products (event logs, antivirus, firewall, intrusion detection/prevention, vulnerability management, policy compliance, backup, etc.), and custom data sources, enabling IT to identify critical breaches in a heterogeneous or complex network environments.
* Centralizes log management for compliance and forensics requirements, retaining normalized and raw event information in online, searchable compressed format that is easy to manage and inexpensive to maintain for very long periods of time.
* Queries, plays back, and reports on arbitrary histories of identity and user activity, host, IP address, or any other normalized event field.
* Correlates security events, in realtime, using a highspeed patent pending multistage pattern based engine, helping IT to reduce events and logs into prioritized incidents and focus on solving the most serious problems first.
* Implements a patent pending multistage normalization and classification service.
* Tracks security incidents and related response activities throughout their lifecycle from ticket creation to closure, helping IT to quickly and effectively remediate problems.
* Integrates into the enterprise infrastructure including existing management and ticketing systems so that IT can leverage their legacy investments and processes by way of industry standard web service interfaces.
* Reports on compliance and security incident metrics enabling businesses to visualize and refine the effectiveness of their security processes and posture.
* Scales via a distributed architecture for simple to complex configurations with a single point of administration.
* Delivers bestinclass functionality packaged as a highperformance appliance that is easy to deploy, use and manage for lowered cost of solution and cost of ownership.
Architecture
The SSIM system is packaged as an appliance and is built on Symantec's standardsbased enterprise security architecture. The architecture and its services form a directory enabled distributed system whose administration model is based on the DMTF Common Information Model (CIM), and its CIMLDAP mappings.
Event services provide SSIM its underlying event schema, event collection, forwarding and routing channels, detailed event storage, event level access control, preferred language event display, and query services. The event service uses the CIMXML protocol, as well as a highly efficient compressed CIMXDR binary protocol, over HTTPS. SSIM adds a custom event service router to feed events to its correlation engine in near real time.
A extensible event collection framework and collector studio enables collection of log data and realtime events using a variety of sensor types including file, syslog, Windows event log, database, SNMP, and popular vendor specific sources.
Alerting and notification services provide multiple channels of communication to users and service desk systems based on rules and schedules. Service desk channels are bidirectional.
Directory services provide authentication, user white pages, rolesbased access control, service access point location, and multidomain organizational management for a trusted federation of multiple systems with single signon capabilities. Delegation of authority and complex segregation of duties is customizable by product, task, organizational unit, groups of users, rules, queries, reports as well as entire administrative domains for regional or SOC management.
Policy configuration services provide centralized configuration of a large number of SSIM systems and collectors.
Failover of SSIM services, event data stores, and directory services enable a high availability enterprise class system. A statistics service monitors the health and liveness of system infrastructure components, and monitors event and rule processing in real time.
Article Source : www.symantec.com
Using VERITAS Cluster Server To Reduce Data Center Power Consumption and Carbon Footprint by Data Center | Andrew Harrison
Why You Should Read This Paper
Effective data center power and cooling management is an area of increased focus as corporations struggle to reduce their power consumption and carbon footprint. So much so, that at Gartner's 25th Annual Data Center Conference in November 2006, data center power consumption was a headline issue.
There many reasons for this heightened interest:
1. Gartner research presented at the conference predicted that half of the world's data centers will run out of power and cooling capacity by 2008 1 . A 2006 survey conducted for power supply vendor Liebert found that 96% of existing data centers will run out of power by 2011. Gartner attributes this to increasing server and storage footprints and massive increases in power density per rack. Gartner also suggested that today, a single rack can consume more than 30 KW, while less than a decade ago this figure would have been between 2 KW and 3 KW.
2. Increasing energy prices have resulted in power bills taking a larger and larger percentage of the total annual cost of running a system. In some cases the 3 year energy costs for commodity servers now exceed the initial purchase price. In the midto longterm, energy prices are expected to rise faster than inflation. "Today, energy costs typically form less than 10 percent of an overall IT budget," noted Rakesh Kumar, research vice president at Gartner. "But this could rise to more than 50 percent in the next few years. Most CIOs would struggle to justify that situation to company board members."
3. Concerns about the effects of CO2 emissions on global climate change often couple with mandatory local emissions cap and trade schemes where companies are forced to pay for emissions made above their annual limit. Many large corporations have also joined voluntary emissions trading schemes, despite not being required to do so by any local regulatory framework.
4. Availability of benchmark data showing data center energy efficiency and best practice targets.
5. Data center power consumption is becoming more visible. In 2005 data centers accounted for up to 1.7% of the total power consumed in the US. Research by Lawrence Berkeley National Laboratory in Berkeley, California suggests that data center power consumption will continue to grow at 14% per annum consuming an ever larger share of the global energy market.
6. Lack of local generating capacity, common in California, has generated increased negative publicity and pressure on large energy consumers from environmental and political groupings. The situation is so pressing that enterprises increasingly find they cannot obtain additional power at any cost.
Reasons why power budgets are inexorably increasing:
1. Poor utilization of existing assets and an inability to reclaim unused storage and servers has led to corporations deploying ever increasing numbers of servers and larger storage arrays.
2. IT organizations have focused on price/performance at the expense of energy efficiency. For example, power supplies which convert AC main inputs into DC power for commodity server use never run at 100% efficiency. Some operate at efficiencies as low as 6070%. Because energy costs are not visible to IT buyers, they have been unwilling to pay a small premium to for 90% efficiency despite this improved efficiency paying for itself within the life of the server.
3. Increasing numbers of mission critical online applications require clustered servers and highly resilient storage. A cluster of two servers consumes twice the power as a single server and, except in a minority of cases, delivers exactly the same throughput.
4. Huge growth in the number of applications deployed by organizations and footprint of these applications has resulted in large numbers of additional servers and storage being deployed to support these new and bulkier applications.
5. Data centers, designed when energy costs were relatively low, traditionally deployed inefficient physical data center infrastructure components such as chillers, UPS's and power distribution grids wasting large amounts for energy before it arrives in the system racks.
Executive Summary
Symantec provides a range of data center infrastructure products that allow customers to optimize server based solution performance, increase utilization of servers and storage, and protect services and data from downtime and loss.
This Symantec white paper examines the impact VERITAS Cluster Server and VERITAS Application Director can have on reducing data center Power Draw, in turn reducing utility bills and the carbon footprint required to support the applications hosted in an individual data center.
Utility bill and carbon footprint reductions:
* The paper shows that deploying a simple 3 node N+1 cluster instead of 2 dual node active/passive clusters can reduce power costs by up to $438,000 3 over three years while reducing the carbon footprint by 1407 metric tons of CO2 and in turn reducing carbon offset requirements if offsetting is in place.
* Deploying a 9 node N+1 cluster instead of 8 dualnode active passive clusters can reduce power costs by up to $3,069,000 4 over 3 years while reducing carbon footprint by up to 9849 metric tons and in turn reducing carbon offset requirements by up to $98,000.
Additional benefits:
* Reduced Server hardware costs to support the same level of performance and availability for mission critical applications. Similar reductions in network and SAN infrastructure requirements.
* Reduced management costs by reducing the number of servers required to support mission critical applications.
* Increased server utilization, active/passive dual node clusters can only manage 50% utilization at best. Using N+1 clustering or Application Director increases utilization.
* Reduced physical footprint. Some data centers are running out of physical space. N+1 clustering typically frees up substantial space because of the size of the servers involved.
* The possibility of delivering High Availability (HA) as a service rather than multiple HA solutions each configured subtly differently and each managed separately.
Achieving all these benefits requires no additional Symantec product expenditures because they are a N+1 clustering is standard component of VERITAS Cluster Server.
Article Source : www.symantec.com
Effective data center power and cooling management is an area of increased focus as corporations struggle to reduce their power consumption and carbon footprint. So much so, that at Gartner's 25th Annual Data Center Conference in November 2006, data center power consumption was a headline issue.
There many reasons for this heightened interest:
1. Gartner research presented at the conference predicted that half of the world's data centers will run out of power and cooling capacity by 2008 1 . A 2006 survey conducted for power supply vendor Liebert found that 96% of existing data centers will run out of power by 2011. Gartner attributes this to increasing server and storage footprints and massive increases in power density per rack. Gartner also suggested that today, a single rack can consume more than 30 KW, while less than a decade ago this figure would have been between 2 KW and 3 KW.
2. Increasing energy prices have resulted in power bills taking a larger and larger percentage of the total annual cost of running a system. In some cases the 3 year energy costs for commodity servers now exceed the initial purchase price. In the midto longterm, energy prices are expected to rise faster than inflation. "Today, energy costs typically form less than 10 percent of an overall IT budget," noted Rakesh Kumar, research vice president at Gartner. "But this could rise to more than 50 percent in the next few years. Most CIOs would struggle to justify that situation to company board members."
3. Concerns about the effects of CO2 emissions on global climate change often couple with mandatory local emissions cap and trade schemes where companies are forced to pay for emissions made above their annual limit. Many large corporations have also joined voluntary emissions trading schemes, despite not being required to do so by any local regulatory framework.
4. Availability of benchmark data showing data center energy efficiency and best practice targets.
5. Data center power consumption is becoming more visible. In 2005 data centers accounted for up to 1.7% of the total power consumed in the US. Research by Lawrence Berkeley National Laboratory in Berkeley, California suggests that data center power consumption will continue to grow at 14% per annum consuming an ever larger share of the global energy market.
6. Lack of local generating capacity, common in California, has generated increased negative publicity and pressure on large energy consumers from environmental and political groupings. The situation is so pressing that enterprises increasingly find they cannot obtain additional power at any cost.
Reasons why power budgets are inexorably increasing:
1. Poor utilization of existing assets and an inability to reclaim unused storage and servers has led to corporations deploying ever increasing numbers of servers and larger storage arrays.
2. IT organizations have focused on price/performance at the expense of energy efficiency. For example, power supplies which convert AC main inputs into DC power for commodity server use never run at 100% efficiency. Some operate at efficiencies as low as 6070%. Because energy costs are not visible to IT buyers, they have been unwilling to pay a small premium to for 90% efficiency despite this improved efficiency paying for itself within the life of the server.
3. Increasing numbers of mission critical online applications require clustered servers and highly resilient storage. A cluster of two servers consumes twice the power as a single server and, except in a minority of cases, delivers exactly the same throughput.
4. Huge growth in the number of applications deployed by organizations and footprint of these applications has resulted in large numbers of additional servers and storage being deployed to support these new and bulkier applications.
5. Data centers, designed when energy costs were relatively low, traditionally deployed inefficient physical data center infrastructure components such as chillers, UPS's and power distribution grids wasting large amounts for energy before it arrives in the system racks.
Executive Summary
Symantec provides a range of data center infrastructure products that allow customers to optimize server based solution performance, increase utilization of servers and storage, and protect services and data from downtime and loss.
This Symantec white paper examines the impact VERITAS Cluster Server and VERITAS Application Director can have on reducing data center Power Draw, in turn reducing utility bills and the carbon footprint required to support the applications hosted in an individual data center.
Utility bill and carbon footprint reductions:
* The paper shows that deploying a simple 3 node N+1 cluster instead of 2 dual node active/passive clusters can reduce power costs by up to $438,000 3 over three years while reducing the carbon footprint by 1407 metric tons of CO2 and in turn reducing carbon offset requirements if offsetting is in place.
* Deploying a 9 node N+1 cluster instead of 8 dualnode active passive clusters can reduce power costs by up to $3,069,000 4 over 3 years while reducing carbon footprint by up to 9849 metric tons and in turn reducing carbon offset requirements by up to $98,000.
Additional benefits:
* Reduced Server hardware costs to support the same level of performance and availability for mission critical applications. Similar reductions in network and SAN infrastructure requirements.
* Reduced management costs by reducing the number of servers required to support mission critical applications.
* Increased server utilization, active/passive dual node clusters can only manage 50% utilization at best. Using N+1 clustering or Application Director increases utilization.
* Reduced physical footprint. Some data centers are running out of physical space. N+1 clustering typically frees up substantial space because of the size of the servers involved.
* The possibility of delivering High Availability (HA) as a service rather than multiple HA solutions each configured subtly differently and each managed separately.
Achieving all these benefits requires no additional Symantec product expenditures because they are a N+1 clustering is standard component of VERITAS Cluster Server.
Article Source : www.symantec.com
Symantec to release security software that protects consumers during online transactions
(NewsTarget) A new security program should prevent personal data leaks when consumers are conducting online transactions, protecting valuable financial information.
Some features of Symantec's Norton Confidential include the ability to detect and remove malware, which Symantic refers to as "crimeware," such as keylogging programs that can steal credit card numbers, login names and passwords. During a secure purchase made with a credit card, Confidential will block any program that is trying to access the keyboard and monitor display.
Other features include an electronic wallet that can store credit card and online purchase information in an encrypted file, which will allow consumers to auto-fill transaction forms and keep their data in a secure place on their PC. It will also store a safe list of SSL certificates used by a few e-commerce sites and high-traffic banks. This means Confidential will not only alert users to sites that are unsecured, but it will be able to confirm that the site they are visiting is genuine, thereby helping combat pharming sites.
Not only will Confidential be able to eliminate the malware that it has been programmed to recognize, but it will also be able to recognize other malware using new behavioral technology from WholeSecurity, which Symantec obtained last year.
"[WholeSecurity software] is a complement to Symantec's antivirus software, and it's also the first Symantec product to work with other antivirus products from other vendors," Symantec product manager Olivia Schmelzle said.
Norton Confidential is set to beta test in July and go on sale in October.
Article Source : www.newstarget.com
Some features of Symantec's Norton Confidential include the ability to detect and remove malware, which Symantic refers to as "crimeware," such as keylogging programs that can steal credit card numbers, login names and passwords. During a secure purchase made with a credit card, Confidential will block any program that is trying to access the keyboard and monitor display.
Other features include an electronic wallet that can store credit card and online purchase information in an encrypted file, which will allow consumers to auto-fill transaction forms and keep their data in a secure place on their PC. It will also store a safe list of SSL certificates used by a few e-commerce sites and high-traffic banks. This means Confidential will not only alert users to sites that are unsecured, but it will be able to confirm that the site they are visiting is genuine, thereby helping combat pharming sites.
Not only will Confidential be able to eliminate the malware that it has been programmed to recognize, but it will also be able to recognize other malware using new behavioral technology from WholeSecurity, which Symantec obtained last year.
"[WholeSecurity software] is a complement to Symantec's antivirus software, and it's also the first Symantec product to work with other antivirus products from other vendors," Symantec product manager Olivia Schmelzle said.
Norton Confidential is set to beta test in July and go on sale in October.
Article Source : www.newstarget.com
A common sense approach to data security as applied to offshore accounting service
One of the first things you hear about offshoring is that it would increase the potential for data theft. Let us assess this perception in a common sense way.
When we talk about any "increase" we have to say compared to what. In this case the CPA has to assess the data security for on-shore operations before he can assess the increased risk posed by offshoring.
What is the typical level of data security in a small business or a CPA office?
* Since there are few staff members, there is little separation of duties. Such lack of separation encourages internal security problems.
* The data resides in paper files. Paper files are vulnerable to fire and water damage.
* The office is not physically secure. Staff members, leasing office personnel, and janitors have keys to the office. Any of them can copy confidential data.
* Paper records are not shredded before being discarded.
* The computers have no protection from unauthorized users or have relatively weak password control. Often the password is taped to the workstation.
* Any email communication is done in the clear.
* Workstations have recording devices which makes it easy to copy data.
* Usually all workstations have email and internet access. It makes unauthorized transmission of data easy.
Let us look at how these factors change when accounting is sent offshore.
* Internal control improves because the people who are authorizing the transactions are separated from the people doing the record-keeping.
* All files are maintained electronically. Such data is backed up to an off-premises secure server. So threats from fire, water, and copying are significantly reduced.
* Offshore contractors restrict physical access to keep unauthorized people out.
* Workstations have access to only the data that is processed on that workstation.
* Email communications are encrypted.
* All recording devices on the workstations are disabled.
* Only supervisors have access to email and internet. We believe that best security practices can be installed when the client, the CPA, and the offshore contractor work together.
The first line of responsibility lies with the client. Technical solutions are not enough. They must be combined with good practices in everyday management of the company. The CPA should advise the client to implement the common sense measures advocated in this pamphlet.
The offshore contractor must apply the same real world as well as technical solutions to security. The offshore contractor must consider the sensitivity of the data being entrusted to them and take appropriate measures to safeguard the information. A responsible contractor would only accept data than is essential to the task.
Let us now look at whether popular offshore destinations like India are more vulnerable to data theft. According to a March 2007 Symantec report entitled "Symantec Internet Security Threat Report Trends for July- December 2006", US was the country with highest level of malicious activity. China was next and India did not make it into the top ten.
Another common sense conclusion one can draw is that the thieves concentrate on high value targets. During 2005, 2006, through June 20, 2007 they reported 155 million records having been compromised. Out of that less than 1000 records were compromised in attacks that netted 100 records or less. Thus records from an offshore contractor serving small businesses are less likely to be a target of identity thieves.
The CPA needs to assess the sensitivity of the data and put a value on it. The CPA can have the contractor include a liquidated damages clause if the said data is compromised. If the contractor is not willing to agree to a reasonable liquidated damage figure, find another contractor.
Data security is a complex issue. However, we can enunciate certain principles that can be applied by a small business:
* Collect the least amount of data needed to serve the customer.
* Since a large proportion of data theft involves the employees, screen them carefully.
* In addition, the employees need to be trained to recognize various strategies used by criminals to facilitate data theft.
* Take security measures in the office; for example use a locked mailbox, lock the office when it is empty even for a short period of time, shred any paper records before disposal, reformat hard drives before donating, selling, or returning a computer etc.
* Take common sense precautions against cyber attacks. Encrypt the sensitive data, use firewalls, and keep your internet security software updated.
* Comply with any specific security standards that are applicable to your business. For instance credit card information needs to be secured to a specific standard.
Providing security costs time and money. In a competitive world no business can spend more on security than what the market would pay for. Ultimately security is determined by the customers' willingness to pay.
While more money can buy more security, one must remember that no security is absolute. Just think about how many times classified information has been stolen from the US government.
Eventually there will be a security breach. How do you deal with such a breach? It seems that the best approach is to inform the individuals or businesses whose data have been compromised, notify the law enforcement authorities, and support the affected parties to monitor their credit reports. Security is a multi-faceted problem. The key to success is co-operation between the client, the CPA, and the offshore contractor. No one party can be effective without the others.
Article Source : www.goarticles.com Author : Dev Purkayastha
When we talk about any "increase" we have to say compared to what. In this case the CPA has to assess the data security for on-shore operations before he can assess the increased risk posed by offshoring.
What is the typical level of data security in a small business or a CPA office?
* Since there are few staff members, there is little separation of duties. Such lack of separation encourages internal security problems.
* The data resides in paper files. Paper files are vulnerable to fire and water damage.
* The office is not physically secure. Staff members, leasing office personnel, and janitors have keys to the office. Any of them can copy confidential data.
* Paper records are not shredded before being discarded.
* The computers have no protection from unauthorized users or have relatively weak password control. Often the password is taped to the workstation.
* Any email communication is done in the clear.
* Workstations have recording devices which makes it easy to copy data.
* Usually all workstations have email and internet access. It makes unauthorized transmission of data easy.
Let us look at how these factors change when accounting is sent offshore.
* Internal control improves because the people who are authorizing the transactions are separated from the people doing the record-keeping.
* All files are maintained electronically. Such data is backed up to an off-premises secure server. So threats from fire, water, and copying are significantly reduced.
* Offshore contractors restrict physical access to keep unauthorized people out.
* Workstations have access to only the data that is processed on that workstation.
* Email communications are encrypted.
* All recording devices on the workstations are disabled.
* Only supervisors have access to email and internet. We believe that best security practices can be installed when the client, the CPA, and the offshore contractor work together.
The first line of responsibility lies with the client. Technical solutions are not enough. They must be combined with good practices in everyday management of the company. The CPA should advise the client to implement the common sense measures advocated in this pamphlet.
The offshore contractor must apply the same real world as well as technical solutions to security. The offshore contractor must consider the sensitivity of the data being entrusted to them and take appropriate measures to safeguard the information. A responsible contractor would only accept data than is essential to the task.
Let us now look at whether popular offshore destinations like India are more vulnerable to data theft. According to a March 2007 Symantec report entitled "Symantec Internet Security Threat Report Trends for July- December 2006", US was the country with highest level of malicious activity. China was next and India did not make it into the top ten.
Another common sense conclusion one can draw is that the thieves concentrate on high value targets. During 2005, 2006, through June 20, 2007 they reported 155 million records having been compromised. Out of that less than 1000 records were compromised in attacks that netted 100 records or less. Thus records from an offshore contractor serving small businesses are less likely to be a target of identity thieves.
The CPA needs to assess the sensitivity of the data and put a value on it. The CPA can have the contractor include a liquidated damages clause if the said data is compromised. If the contractor is not willing to agree to a reasonable liquidated damage figure, find another contractor.
Data security is a complex issue. However, we can enunciate certain principles that can be applied by a small business:
* Collect the least amount of data needed to serve the customer.
* Since a large proportion of data theft involves the employees, screen them carefully.
* In addition, the employees need to be trained to recognize various strategies used by criminals to facilitate data theft.
* Take security measures in the office; for example use a locked mailbox, lock the office when it is empty even for a short period of time, shred any paper records before disposal, reformat hard drives before donating, selling, or returning a computer etc.
* Take common sense precautions against cyber attacks. Encrypt the sensitive data, use firewalls, and keep your internet security software updated.
* Comply with any specific security standards that are applicable to your business. For instance credit card information needs to be secured to a specific standard.
Providing security costs time and money. In a competitive world no business can spend more on security than what the market would pay for. Ultimately security is determined by the customers' willingness to pay.
While more money can buy more security, one must remember that no security is absolute. Just think about how many times classified information has been stolen from the US government.
Eventually there will be a security breach. How do you deal with such a breach? It seems that the best approach is to inform the individuals or businesses whose data have been compromised, notify the law enforcement authorities, and support the affected parties to monitor their credit reports. Security is a multi-faceted problem. The key to success is co-operation between the client, the CPA, and the offshore contractor. No one party can be effective without the others.
Article Source : www.goarticles.com Author : Dev Purkayastha
How to Choose Virus-Protection Software
Most new consumer model and major brand mail-order computers include good anti-virus programs. But if you use the Internet or share files and you don't have one, you definitely need one. Buy one of the leading anti-virus programs, such as Symantec's Norton Anti-Virus, McAfee VirusScan, Quarterdeck ViruSweep, or Dr. Solomon's Anti-Virus. The major developers can be relied upon to release timely periodic updates that deal with new viruses. Check reviews and ratings on the Internet and in computer magazines to narrow your buying decision. Download a shareware anti-virus program if you cannot afford an effective commercial anti-virus program. Spend no more than $50 for a commercial anti-virus program. Evaluate the terms for frequent upgrades to your program before buying. Most manufacturers offer free upgrades that detect newly created viruses. Anti-virus programs are often bundled with other utilities and applications, offering a discount from buying the programs separately. Keep your anti-virus program current to prevent your computer from becoming infected by newly created viruses. Criminals are constantly devising ways to damage computers with viruses.
Article Source : www.goarticles.com Author : Little J
Article Source : www.goarticles.com Author : Little J
What They Don't Advertise about Computer Security Software
Standard Windows security tools just aren't enough with all the viruses online today. Most of us need more powerful computer security software than that which comes standard on our computers. The two main contenders for best computer security software are Norton 360 and McAfee Total Protection 2007. But which offers the greater protection at the best value? In this article, we'll compare security software industry leaders from a consumer's point of view.
Features
Symantec's new Norton 360 security suite was created from the ground up to form a nice looking, simple-to-use product. Best of all, it is light on system resources while including a wide range of features. However, it is missing a wireless security feature which is a critical omission.
On the flipside, McAfee's Total Protection seems to be a patchy combination of bits of McAfee's other products, creating a crude assembly that clumsily fumbles through the computer. McAfee's Total Protection comes with all of the same features as Norton 360 and then some; most notably, a full set of wireless security features. However, with so many features in the application, it can be difficult to find and use them all.
Performance
Unlike Symantec products of the past that have been resource hogs, Symantec's new Norton 360 is surprisingly light on resources. We found Norton 360 running only 3 processes with less effect on system performance than McAfee. Norton is substantially faster than McAfee in several areas including Sorensen Squeeze 4 deep scanning and boot speeds, but slower in iTunes 6 deep scanning. The two computer security software systems function with nearly the same performance in single file scanning.
In terms of protection, McAfee out-performed Norton on CheckVir certification, although both performed quite well. Both of these computer security software systems have been awarded with advanced certification on AV Comparatives.
Support
Support is an area where both companies fall short. Though each has improved their customer support, both Symantec and McAfee have a way to go before being able to claim top notch customer service. Neither company offers tutorials, a feature that would be very helpful considering the application.
Though Norton has a downloadable manual, it's quite slim and McAfee is lacking one altogether. For support and questions, both security software companies direct customers to the web. We found that both products offer adequate online knowledge bases and that both offer free email and chat support for questions that can't be solved online. While phone support is an option, it is fee-based with both companies.
Article Source : www.goarticles.com Author : Christine Harrell
Features
Symantec's new Norton 360 security suite was created from the ground up to form a nice looking, simple-to-use product. Best of all, it is light on system resources while including a wide range of features. However, it is missing a wireless security feature which is a critical omission.
On the flipside, McAfee's Total Protection seems to be a patchy combination of bits of McAfee's other products, creating a crude assembly that clumsily fumbles through the computer. McAfee's Total Protection comes with all of the same features as Norton 360 and then some; most notably, a full set of wireless security features. However, with so many features in the application, it can be difficult to find and use them all.
Performance
Unlike Symantec products of the past that have been resource hogs, Symantec's new Norton 360 is surprisingly light on resources. We found Norton 360 running only 3 processes with less effect on system performance than McAfee. Norton is substantially faster than McAfee in several areas including Sorensen Squeeze 4 deep scanning and boot speeds, but slower in iTunes 6 deep scanning. The two computer security software systems function with nearly the same performance in single file scanning.
In terms of protection, McAfee out-performed Norton on CheckVir certification, although both performed quite well. Both of these computer security software systems have been awarded with advanced certification on AV Comparatives.
Support
Support is an area where both companies fall short. Though each has improved their customer support, both Symantec and McAfee have a way to go before being able to claim top notch customer service. Neither company offers tutorials, a feature that would be very helpful considering the application.
Though Norton has a downloadable manual, it's quite slim and McAfee is lacking one altogether. For support and questions, both security software companies direct customers to the web. We found that both products offer adequate online knowledge bases and that both offer free email and chat support for questions that can't be solved online. While phone support is an option, it is fee-based with both companies.
Article Source : www.goarticles.com Author : Christine Harrell
Poor Computer Performance - 9 Free or Inexpensive Fixes
Poor computer performance by your Windows-based machine can sneak up on you gradually. You may find its performance deteriorating increasingly until one day you realize you must fix it or buy a new one. Signs of poor performance can include applications running very slowly, programs closing or freezing up suddenly, and a generally slower response time to OS (operating system)-related commands. I have compiled 9 fixes for you here that you can leverage right now to greatly improve your computer's performance.
Fix #1: Download and run MS Service Pack 2:
Every operating system requires patches and upgrades by its maker from time-to-time, with Microsoft XP being no exception. While Service Pack 2 was released in 2002, some people with older systems are still not running it: make sure your computer is. You can download it FREE from Microsoft's Web site at: http://www.microsoft.com/downloads/
Fix #2: Run the Disk Cleanup utility:
Your computer likely has a number of unused and unneeded files that take up valuable space on your hard drive and slow performance. Run your FREE, built-in Disk Cleanup utility to automatically remove these files. Find it by going to: Start | Programs | Accessories | System Tools | Disk Cleanup and following the prompts.
Fix #3: Defragment your hard drive:
Over time, your computer will store files in an increasingly inefficient manner on your hard drive, affecting file retrieval times and other performance factors. To fix this, you need to defragment your hard disk drive. To do this for FREE, just go to: Start | Programs | Accessories | System Tools | Disk Defragmenter. First, highlight the drive you want to clean up (e.g., C drive) and choose Analyze. Once complete, choose Defragment. Note that the defragmentation process could take up to an hour or more, so do this during a time when you can step away from your computer.
Fix #4: Run an anti-virus tool:
Computer viruses are malicious programs that drastically affect your computer's performance, either all at once or insidiously over time. You can stop a virus attack by installing and running anti-virus software which performs regular scans, locates the offending viruses and quarantines them. Symantec's world class antivirus tools are an excellent choice and you can find them at http://www.protected-now.com.
Fix #5: Clean your registry:
Your computer's registry is a tool that most non-computer specialists never see but which is vitally important to computer operations. Your registry stores settings and options for your hardware, operating system, and other software. Unfortunately, given its fundamental role in the performance of your system, your registry is often the target of attack or infection. To thoroughly and automatically clean your registry, run a regular registry scan using a registry cleaning tool. I recommend RegCure, which recently found 1,626 problems with my registry (ugh!), is cheap and easy to use. Download your copy now at http://www.i-feel-great.com.
Fix #6: Run anti-spyware software:
Spyware is computer software that installs itself in your computer and performs a number of unwanted functions, including monitoring your computer usage and interfere with your control. It represents a real threat and has become a significant problem in recent years. Fortunately, fixes are easy to find and include a number of free and inexpensive anti-spyware programs. Try SpyBot Search & Destroy. Get it FREE here http://www.safer-networking.org/.
Fix #7: Increase your computer's memory:
Today's applications require more and more memory (RAM) to run. If your computer is more than two years old or if you selected the minimal memory option upon purchase, you might benefit from adding another 1 GB or more to your computer. Check online or at your local computer dealer for pricing.
Fix #8: Clean your hard drive:
More comprehensive than the Disk Utility tool introduced above, cleaning your hard drive with professional cleaning software is a great way to improve performance. Try CCleaner for FREE at: http://www.ccleaner.com.
Fix #9: As a last resort, re-format your hard drive:
If after trying all of the above items and your computer still performs poorly, a last resort is to completely reformat your hard drive. Warning: proceed with caution since this action will erase your entire hard drive, including your operating system (OS)! If you decide to take this route, consult an online tutorial for how-to steps. At minimum, remember two things: be sure to back up all of your files and applications and retain a copy of your OS on CD so that you can re-install it later.
Article Source : www.goarticles.com Author : Jed Jones
Fix #1: Download and run MS Service Pack 2:
Every operating system requires patches and upgrades by its maker from time-to-time, with Microsoft XP being no exception. While Service Pack 2 was released in 2002, some people with older systems are still not running it: make sure your computer is. You can download it FREE from Microsoft's Web site at: http://www.microsoft.com/downloads/
Fix #2: Run the Disk Cleanup utility:
Your computer likely has a number of unused and unneeded files that take up valuable space on your hard drive and slow performance. Run your FREE, built-in Disk Cleanup utility to automatically remove these files. Find it by going to: Start | Programs | Accessories | System Tools | Disk Cleanup and following the prompts.
Fix #3: Defragment your hard drive:
Over time, your computer will store files in an increasingly inefficient manner on your hard drive, affecting file retrieval times and other performance factors. To fix this, you need to defragment your hard disk drive. To do this for FREE, just go to: Start | Programs | Accessories | System Tools | Disk Defragmenter. First, highlight the drive you want to clean up (e.g., C drive) and choose Analyze. Once complete, choose Defragment. Note that the defragmentation process could take up to an hour or more, so do this during a time when you can step away from your computer.
Fix #4: Run an anti-virus tool:
Computer viruses are malicious programs that drastically affect your computer's performance, either all at once or insidiously over time. You can stop a virus attack by installing and running anti-virus software which performs regular scans, locates the offending viruses and quarantines them. Symantec's world class antivirus tools are an excellent choice and you can find them at http://www.protected-now.com.
Fix #5: Clean your registry:
Your computer's registry is a tool that most non-computer specialists never see but which is vitally important to computer operations. Your registry stores settings and options for your hardware, operating system, and other software. Unfortunately, given its fundamental role in the performance of your system, your registry is often the target of attack or infection. To thoroughly and automatically clean your registry, run a regular registry scan using a registry cleaning tool. I recommend RegCure, which recently found 1,626 problems with my registry (ugh!), is cheap and easy to use. Download your copy now at http://www.i-feel-great.com.
Fix #6: Run anti-spyware software:
Spyware is computer software that installs itself in your computer and performs a number of unwanted functions, including monitoring your computer usage and interfere with your control. It represents a real threat and has become a significant problem in recent years. Fortunately, fixes are easy to find and include a number of free and inexpensive anti-spyware programs. Try SpyBot Search & Destroy. Get it FREE here http://www.safer-networking.org/.
Fix #7: Increase your computer's memory:
Today's applications require more and more memory (RAM) to run. If your computer is more than two years old or if you selected the minimal memory option upon purchase, you might benefit from adding another 1 GB or more to your computer. Check online or at your local computer dealer for pricing.
Fix #8: Clean your hard drive:
More comprehensive than the Disk Utility tool introduced above, cleaning your hard drive with professional cleaning software is a great way to improve performance. Try CCleaner for FREE at: http://www.ccleaner.com.
Fix #9: As a last resort, re-format your hard drive:
If after trying all of the above items and your computer still performs poorly, a last resort is to completely reformat your hard drive. Warning: proceed with caution since this action will erase your entire hard drive, including your operating system (OS)! If you decide to take this route, consult an online tutorial for how-to steps. At minimum, remember two things: be sure to back up all of your files and applications and retain a copy of your OS on CD so that you can re-install it later.
Article Source : www.goarticles.com Author : Jed Jones
Subscribe to:
Posts (Atom)
