Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

12.1 RU1 SEPM allows weak console Passwords

Created: 16 Jan 2012 • Updated: 16 Jan 2012 | 4 comments
Serengeti's picture
0 Agree
3 Disagree
-3 3 Votes
Login to vote

a minimum of 6 characters is enforced, but there is no option to enforce any complexity such as alphanumeric. This has to be compensated by operational procedures. There should be options to enforce stronger passwords.

Comments 4 CommentsJump to latest comment

toby's picture

when you use the external authentication you can structure it even more and better. I would just use the local one as worst case.

maybe following is interesting regarding the external authentication...
https://www-secure.symantec.com/connect/ideas/usersgroups-sep

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

0
Login to vote
Serengeti's picture

I have just setup one account and a directory server on my DEV SEPM. How does this scale in an enterprise environment with several SEPMs and multiple sites and domains? Is it easy to manage?

0
Login to vote
toby's picture

As long as you have 1 authentication resource configured per site you have one server trying to reach the directory server for authentication.

So for HA you may setup at least a second server with the same directory serer. I simply configured on all my SEPMs the directory server to always be able to authenticate.

The same you should do on any other Site. (As authentications via Directory are set globally on the servers the same applies for the sepm domains)

 

hope this helps

toby

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

+1
Login to vote
Serengeti's picture

Hi Toby, many thanks.

Are you confident that the directory connection does not cause any significant resource usage on AD domain controllers? Do you know if Symantec have some tech info on how the directory connection/lookups work and the traffic and queries they generate? I just need to be sure about this as due diligence.

0
Login to vote