Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts in English
Sara Pan | 03 Mar 2014 | 2 comments

We have an important update to share with you regarding Symantec Network Access Control. At Symantec, we actively monitor security threats and trends in the industry, and after careful review and consideration, we have made the decision to End of Life (EOL) Symantec Network Access Control. The growth of Bring Your Own Device (BYOD) and the integration of access control technology into networking devices offered by most network hardware vendors have reduced the need for standalone NAC solutions. The discontinuation of Symantec Network Access Control will free up valuable resources to focus on our endpoint security offerings, including advanced threat protection and protection from newer security risks that impact your enterprise today.

Moving forward, Host Integrity, a feature of Symantec Network Access Control, will be integrated into a future release of Symantec Endpoint Protection (SEP). Customers who have SEP entitlement can continue to use the Host Integrity feature....

Chip Epps | 03 Mar 2014 | 0 comments

Virtualization and “software defined” initiatives have shifted how we look at security controls. Let’s take a look at some of the factors to consider in designing security controls for a software defined data center (SDDC). To this end, Symantec has introduced a suite of data center security products:

  • Symantec Data Center Security: Server, and
  • Symantec Data Center Security: Server Advanced

dcs-blog-1.png

Key Challenges:

Abstraction
Security has often leveraged or worked within “physical” boundaries, e.g. a single task server with fixed resources (CPU, memory, disk space). Administrators could easily associate a piece of hardware, in location X, with a particular set of applications or services. With abstraction and the advancement of virtualization comes the transition...

Brian Burch | 25 Feb 2014 | 0 comments

Over the next few weeks, 23 million small businesses will file their taxes.[1]  While many of these companies are investing time and money to identify their 2013 tax deductions,  most don’t realize that small businesses like theirs are being identified as online targets—an oversight that could result in devastating financial loss for their business.  And at tax time, small businesses are especially lucrative targets for cybercriminals, particularly in the BYOD era where work and personal data is accessed on the same device, including bank records and sensitive emails.

In today’s interconnected world, organized crime syndicates utilize a variety of malicious tax-themed scams designed to lure victims and steal important financial information. For example, Symantec has detected a rise in tax-season-specific ‘phishing’ scams—referring to the attempted theft of sensitive information such as usernames, passwords, or...

SebastianZ | 25 Feb 2014 | 0 comments

Apple released a security update of iOS 7.0.6 - details as follows:

---------

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID-> CVE-2014-1266:

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary private...

Chetan Savade | 21 Feb 2014 | 3 comments

Hello,

Symantec Endpoint Protection 12.1.4a and 11.0.7.4a has been released on Feb 13' 2014.

The Builds version is: 12.1.4023.4080

SEP released version details are available here: https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

Download here Symantec Endpoint Protection 12.1.4a and 11.0.7.4a :

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

SEP 12.1 Enterprise Edition:

12.4a_1.jpg

For Small Business Customer 12.1:

...

SebastianZ | 11 Feb 2014 | 0 comments

Microsoft Security Bulletin

On Tuesday the 11th of February Microsoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

 

  • MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software:
Microsoft Windows, Internet ExplorerSumamry

  • MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

  • MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution...
Vince Kornacki | 10 Feb 2014 | 11 comments

​In previous installments we installed our mobile development toolchain and cross compiled LIBPCAP and TCPDUMP. Now it's finally time to install and execute TCPDUMP! CyanogenMod includes a terminal emulator, however in my humble opinion it's much easier to type commands on a regular workstation keyboard. We can utilize the Android Debug Bridge (ADB) in order to connect to our CyanogenMod Mobile Device from our Debian Workstation. First we'll need to install the ADB package onto our Debian Workstation:

root@debian $ apt-get install android-tools-adb
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
android-tools-adb
[OUTPUT TRUNCATED]

Next we'll need to enable USB debugging on our CyanogenMod Mobile Device. Open the CyanogenMod "Settings" application and notice that there's currently no "Developer...

Vince Kornacki | 10 Feb 2014 | 3 comments

In the previous installment we installed our mobile development toolchain. Let's keep the party rockin' and download the latest versions of LIBPCAP and TCPDUMP. LIBPCAP is the packet capture library required by TCPDUMP. First let's unpack LIBPCAP and move into the newly created LIBPCAP directory:

root@debian $ tar zxvf libpcap-1.6.1.tar.gz
libpcap-1.6.1/
libpcap-1.6.1/grammar.y
libpcap-1.6.1/pcap_setnonblock.3pcap
libpcap-1.6.1/fad-glifc.c
[OUTPUT TRUNCATED]

root@debian $ cd libpcap-1.6.1

Now it’s time to make the magic happen! Time to cross compile TCPDUMP! I know that’s not as exciting as pulling a rabbit out of hat or sawing a lovely assistant in half, but you can only do so much in a blog post. First we'll need to set the "CC" environment variable to specify the ARM C compiler:

root@debian $ export CC=arm-linux-gnueabi-gcc

Note this environment variable syntax is specific to Bash and...

The Conquistador | 07 Feb 2014 | 2 comments

I have come across some instances where servers would have failing services or instances where they would have perticularly unusual behavior. Typically resulting in a restart of the services or the server. Even with the most current version of SEP, malicious/dangerous files can still be hidden. I have had a few cases where I ran complete windows updates and have found malicious files that SEP did not detect. I have come to learn that SEP alone cannot get rid of every threat out there, so I make sure that my systems are up to date and alerts are in place if anything occurs. The approach I will use is to run a complete scan of a suspected machine, clean and make sure it is up to date. I would advise caution depending on what your server is utilized for.

I would continue to make sure that it is current with Windows and SEP updates. If there is an instance that is repetitive there is a pretty large chance that this is an undetced infection.

DomSYMC | 05 Feb 2014 | 0 comments

Within Authentication Services there are three types of SSL certificates. These different types of SSL certificates each contain different features and level of authentication that is required in order to get it issued. Understanding these differences can prepare you in knowing what you need to prepare for in order to get the certificate issued as fast as possible.

The Three Types Are:

Extended Validation (EV) SSL
Examples: Secure Site with EV, Secure Site Pro with EV, True business ID with EV, SSL Web Server with EV, MPKI for SSL EV validated

A premium business class SSL security product fully authenticated, visually confirming the highest level of authentication available among SSL certificates. It gives your customers two highly  visible ways to confirm that your web site is secure—the green address bar and the True Site Seal, while providing strong encryption to protect their confidential...