Endpoint Protection Small Business Edition

Hi All,

I need to know how works the encryption between the communication clients-SEPM. I read the following links:

http://www.symantec.com/business/support/index?page=content&id=TECH210852

http://www.symantec.com/business/support/index?page=content&id=TECH162326

 in which is written:

"By default, the SEPM also digitally signs client packages, content updates and policy files. Policy files are also encrypted using the Twofish algorithm."

after is also written:

"All policies and content updates downloaded by clients from the SEPM Apache server are digitally signed and/or encrypted ...
Content Signing:
Managers digitally sign the policy files, content updates, and installation packages they host using the public key contained in the keystore.jks.
Content encryption:
The SEPM encrypts the signed content using the Twofish algorithm using the encryption password created when the SEPM Site is created. This password is not changed when a new certificate is imported into the SEPM using the Manage Server Certificate wizard."

I have the following questions:

1) Is not clear is policies are always encrypted (also if I if I don't configure SEPM Apache server  to accept SSL encrypted HTTPS connections) or if they can be only digitally signed

2) How I can verify if in my case is applcated by default the encryption or the digital sign of policies and content update (or both)?

Thanks

No one knows answers?

This needs to be done on the SEPM, if you don't configure it, there will be no encryption.

You can use wireshark to watch the traffic to ensure it is encrypted.

Thanks Brian,

How I check by SEPM if policies encryption is enabled?
So it not correct what is written in the Symantec article?
http://www.symantec.com/business/support/index?page=content&id=TECH210852

"All policies and content updates downloaded by clients from the SEPM Apache server are digitally signed and/or encrypted"


Thanks for your support

I have used Wireshark and I have made a policy update. Seems that data is encrypted.

How I can change this option?

Thanks

Undo the steps here:

http://www.symantec.com/docs/TECH162326

Brian,

I have arleady read the guide that you suggest me. The SSL communications between a Symantec Endpoint Protection Manager and its clients is not enabled. For example inside the file "Symantec Endpoint Protection Manager Installation folder>\apache\conf\httpd.conf" there is the string:

#Include conf/ssl/sslForClients.conf (and to enable SSL "#" must be assent)

Using Whireshark seems that data recived after policy update is encrypted.

Is possible that policies and content updates downloaded by clients from the manager are already digitally signed and configure SEPM Apache server to accept SSL encrypted HTTPS connections is useful only to achieve a higher level of security?

Thanks

Sorry, I guess I misunderstood. The policies are encrypted (if you try to export it will be in .dat and won't be able to read them). Same goes for content, it's already encrypted.

Configuring SSL in the SEPM will only affect communication between client/server.

I explain better: I have understood that enabling SSL encrypted HTTPS connections I encrypt the channel between client-server, but policies and content updates are always digitally signed and/or encrypted.

In fact at the posted link is written:

All policies and content updates downloaded by clients from the manager are digitally signed and/or encrypted. If you require a higher level of security, the SEPM Apache server can be configured to accept SSL encrypted HTTPS connections. This ensures that both the content of SEP communications is encrypted as well as the tunnel the communications are sent through.

Is it correct?

Perfect!!!

Thanks a lot Brian

Yes, that is correct.