File Share Encryption

 View Only

  • 1.  Is the linux of Universal server considered hardened?

    Posted Nov 22, 2012 11:35 AM

    Could anyone tell me the answer as below

      Is the linux of Universal server considered hardened (based on the principle that unnecessary services are disabled, security related settings applied & strong access control etc)?

    How it is hardened – (based on a hardened installation from the vendor or by an additional process applied to the system, e.g. running a script)?

     

    Thank you.



  • 2.  RE: Is the linux of Universal server considered hardened?

    Posted Nov 24, 2012 02:15 PM

    PGP Universal is based on CentOS but it is not an "application" running on top of CentOS.  We do the hardening ourselves.   We do not install packages we do not need, we do not enable services that aren't needed, and we we set up firewall rules to restrict access as appropriate.  There are no "users" of the system per se; you cannot log into the console and ssh access must be explicitly configured.  The only way to interact with it is through the administrative web interface or through one of the enabled services.

    With every release we run penetration tests and we regularly update packages to address vulnerabilities that get reported against those packages (e.g. in OpenSSL, DNS, the Linux kernel, etc.)

    Regards,



  • 3.  RE: Is the linux of Universal server considered hardened?

    Posted Nov 25, 2012 11:12 PM
    Hi Dfinkelstein Thank you for your respond. Our customer ask for some official answer. Do symantec has any official announce or document to prove or describe hardening of PGP Universla server. If there is, could you offer that to me? BR, Enzo


  • 4.  RE: Is the linux of Universal server considered hardened?

    Posted Nov 26, 2012 12:45 AM

    That's a great question but I don't know the answer offhand.  I'll ask the lead documentation writer for PGP Universal if there is one, and if not, I'll work with the Product Manager to see that one is produced.

    Regards,

     



  • 5.  RE: Is the linux of Universal server considered hardened?
    Best Answer

    Posted Nov 26, 2012 09:12 AM

    Hi Dfinkelstein,

    Thanks again.

    I'm curious about how often or when  cluster members synchronize with each other?

    Is there command I can use in a script to force cluster member to sychronize in a period?

    BR,

    Enzo



  • 6.  RE: Is the linux of Universal server considered hardened?

    Posted Nov 26, 2012 02:50 PM

    By default, cluster members send heartbeat messages to each other every 10 seconds.  The receiving server processes the heartbeat message (which contains high watermark information) and responds to any differenece by making requests for the new data.

    The heartbeat messsage interval is configurable but it is not something that you can change from the management console.  If you feel that synchronization isn't working properly in your environment, or that you otherwise need to run some script to manually force synchronization, you should contact Symantec Technical Support and they will assist you.

    Regards,