Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEPM synching for internet users

  • 1.  SEPM synching for internet users

    Posted Aug 05, 2011 08:56 PM

    Has anyone connected their SEPM server ports for policy synchronization for remote users, not using a vpn?

    Our organization has many remote users that don't either have a anti-virus application installed or do have a Av install that does not get policy updates.

    I am considering redirecting SEPM ports to our internal server and allowing / forcing the computers to get updates.

     

    Thoughts



  • 2.  RE: SEPM synching for internet users

    Posted Aug 05, 2011 10:03 PM

    Typically, what I would do is send the user's the policy to import into their client. Or for updates, set an off network policy to run LU every 2 hours.

    Not sure I would want to have an Internet facing SEPM out there...



  • 3.  RE: SEPM synching for internet users

    Posted Aug 06, 2011 08:16 AM
    I have a feature request to add a SEPM type proxy / reverse proxy that will securely allow internet SEP clients to talk to SEPM.


  • 4.  RE: SEPM synching for internet users

    Posted Aug 11, 2011 01:33 PM

    Would you consider have SEPM ports opened via a NAT process a security hole?

    If I understand the configuration accurately the only devices knowing 8014 is open would be our locally configured devices.  I looked for exploits for 8014 and didn't find anything.

     

    Thanks



  • 5.  RE: SEPM synching for internet users

    Posted Aug 11, 2011 02:51 PM

    Symantec doesn't disclose vulns so you won't find any, at least that's my understanding.

    Something along the lines of a reverse proxy would be nice.



  • 6.  RE: SEPM synching for internet users

    Posted Aug 11, 2011 03:27 PM

    Being bad here.  You wouldn't consider  using either McAfee Web Gateway or Microsoft Forefront Unified Access Gateway   would you?



  • 7.  RE: SEPM synching for internet users

    Posted Aug 11, 2011 03:33 PM

    I was actually going to mention that initially but yes I would throw a NetScaler in front of it.



  • 8.  RE: SEPM synching for internet users

    Posted Aug 11, 2011 05:37 PM

    Fyi:

    https://www-secure.symantec.com/connect/forums/secunia-advisory-sepm-1106-maintenance-patch-2-1106200754



  • 9.  RE: SEPM synching for internet users

    Posted Aug 12, 2011 09:09 AM

    many thanks, again +1. 

    At leaset Symantec resolved a securiy exploit in their protection package.  Hopefully a word in the ear to the programmer also.



  • 10.  RE: SEPM synching for internet users

    Posted Aug 12, 2011 03:37 PM

    Symantec could easily integrate something into the Symantec Web Gateway product to securely allow SEP client traffic from the internet to the SEPM server.



  • 11.  RE: SEPM synching for internet users

    Posted Aug 12, 2011 04:50 PM

    That's good to know.  We don't utilize that product yet, probably won't either.  But if it comes up it could be considered.
    At least until the fix the 11.0.7 -> 12.1 upgrade.

     

    Thanks for the insight.



  • 12.  RE: SEPM synching for internet users

    Posted Aug 12, 2011 06:10 PM

    "Security Advisories Relating to Symantec Products"

    http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=security_advisory

    sandra



  • 13.  RE: SEPM synching for internet users

    Posted Aug 15, 2011 09:36 AM

    Thanks Sandra

    Yes I was looking to see if the SEPM ports could safely be placed on the internet.  This would allow policies to be updated for our mobile users.

    Generally it seems somewaht safe. Yes there is an exploit seemingly shared by the LiveUpdate server and SEPM.  Waiting for version 12.1 being made available for 11.07 installations seems like the most prudent path.

     

    Thanks