Data Center Security

 View Only

  • 1.  Question about Symantec DCS pre-defined windows-hardening policy!

    Posted Oct 22, 2017 03:51 AM

    Dears,

     

    I am using symantec learning portal to study for DCS implementation but I am kind of confused, the scenario i am thinking about is if we have a host that have the predefined prevention policy "sym-win-hardened-sbp" applied to it and this host has an application that doesn't have a predefined sanbox in Symantec DCS in this scenario will the default prevention policy be able to protect the application or do we need to create a custom sandbox for this application and apply it to an application rule identifying this application and routing it to our custom sand box inside the applied prevention policy "sym-win-hardened-sbp" ?

     

    Another question: if i need to create a custom sandbox for this application, from what i learned from the DCS video training is that I can enable application profilling from the java management console then make the console create the custom sandbox for me but the instructor said that this is not accurate and might leave holes in the custom sandbox so we need to review the created sanbox, but doesnt this mean I need to know everything about the application like what it is accessing...etc ? so what difference does this tool make?

     

    Thanks in Advance.



  • 2.  RE: Question about Symantec DCS pre-defined windows-hardening policy!
    Best Answer

    Trusted Advisor
    Posted Oct 27, 2017 11:12 AM

    Hi Ahmed,

    The profiling in DCS would give you a good starting point on a custom sandbox if you've not used it before. As long as you apply your policy in Prevention Disabled mode to a test machine, you should then be able to analyse these "holes" you referred to above. For the profiling to work well, you need to ensure the application you're capturing is being used as much as possible so that you see all of the different interactions this application makes. 

    Thanks