Earlier I wrote about the Symantec Government Symposium, and was just notified that content and presentations are now available online.
For more information including PowerPoint presentations, look here
Recently i had the opportunity to attend the Symantec Government Symposium in Washington DC. This is an event sponsored by Symantec and some of its partners. About 1500 customers of Symantec was gathered in one building to discuss what is going on in the Federal Space in regards to IT and IT Security.
The symposium started out with an introduction from John Thompson and Enrique Salem. The former president and CEO of Symantec introduced the new CEO Enrique Salem, who then introduced the keynote speaker Senator Mark Warner, from Virginia. Mr. Warner has a tech background and understand technology. However, I was disappointed in the tone of the speech as it seemed more like a campaign speech instead of a keynote speech. Mr. Warner is newly elected and perhaps that is why it seemed so much like a stump speech.
I attended the track entitled “Secure and Transparent Government.” The first session in this track was called “Assessing Security Standards Today.” The roundtable discussion was made up of Erick Hopkins (U.S. Senate Homeland Security and Governmental Affairs Committee), Ron Ross (Senior Computer Scientist and Information Security Researcher, NIST), and Tony Sager (Chief Vulnerability Analysis and Operations Group, Information Assurance Directorate, NSA). The big take away from this discussion (besides everyone having really really long titles) was in regards to the changes to FISMA (Federal Information Security Management Act). FISMA was originally passed during the Bush Administration and provides guidance on what branches of the government must do. From the discussion I learned that FISMA 2.0 will have a lot more “teeth” to it. FISMA is one new thing I will be learning.
The second session I attended was “Information Security: You can’t secure what you don’t manage.” The members of this roundtable discussion were Jaren Doherty (Associate Deputy Assistant Secretary, Office of Cyber Security, Directory of Veterans Affairs), Holly Ridgeway (Director, Justice Security Operations Center, Department of Justice), and Pete Stark (Manager, Corporate Information Security, US Postal Service). I was disappointed in this session, I thought they would have talked more about how to manage these endpoints, why managing the endpoint, etc. It seemed more discussion about what they did security policy instead of how the endpoints were managed.
The first place to start with a secure endpoint is to have that endpoint managed. This mantra is something we at ITS have been preaching since we started with Altiris back in 2001. In fact this mantra is something Mr. Salem himself has talked about when mentioned operationalizing security. The session was very disappointing.
The rest of the day I spent trying to meet and greet people and to try and get the ITS name out in the public. It was great to meet potentially new customers and more Symantec sales people to work with.
A great event if you do business with the government and with Symantec. Follow the hashtag #symgovsym on Twitter for more information
This article is part I of II on the DLP Integrated Component and how it works within the Symantec Management Console (Altiris). Part II will cover using the Integrated Component (IC) to manage your Endpoint Agents. We will discuss installation of the Symantec Management Console and then installation of the DLP Component
The Symantec Management Console utilizes the Symantec Installation Manager (SIM) to install all parts of the Management Console. SIM can be downloaded from the Symantec Website (http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_infrastruct_op&pvid=cm_suite_1) Once this is downloaded launch the executable and you will be greeted with this screen:
Select Next and you will be presented with the directory to install SMC into. A quick word of warning, the directory you select here is the directory all of the Console will be installed to.
Once the installation is finished, the Symantec Installation Manager will start allowing you to install other portions of the console.
When the Symantec Installation Manager is launched it will be default open up to Install New Solutions. While you can install both the DLP component and also the Management Console at the same time, I recommend installing just the Console and then the component.
From the Installation Manager scroll down until you find the Symantec Management Console
After selecting “Review selected products” and then Next, aceept the license agreement and continue. Fill out the required information. This information is required to verify export controls.
After the information is filled out, select Next for the systems requirement check
The Symantec Management Console requires ASP.net, IIS, IE 7.0, at least 2.0 gigs of RAM, and Windows 2003 Server along with MS SQL 2005. As you can see in the screenshot I do not meet the requirements. If you do not, close the Installation Manager and resolve any problems.
If you meet the requirements select Next to begin installation of the Symantec Management Console. While it is not necessary to restart after the installation is complete, I have had the best luck rebooting before moving on to other installations.
Once the Symantec Management Console has been installed, install the DLP Integrated Component. To do so, launch the SIM from Start -> Altiris -> Symantec Installation Manager. Once launched the following screenshot will be displayed showing installed products.
Click on “Install new products” to install the integrated component.
From the filter drop down, select “Filter by all” and scroll down till you find the DLP Integrated Component, see the following screenshot.
Follow the same steps, without making any changes you did during the installation of the management console.
When the Integrated Component is finished, launch the Symantec Management Console to begin using it.
In an earlier post, I referencedthe CEO of Symantec, Enrique Salem’s speech at the RSA conference where he talked about operationalizing your security. This week I have been working at several clients doing Proof of Concepts on Symantec DLP. This week has lead to think very hard on how the different peices of the Symantec stack fit together very neatly.
No longer are we secure because we run anti-virus plus proper firewalls in place, we need a system in place to deal with the changing threats. Three years ago I was working as a network administrator for a private bank, we had a security policy in place, we managed our Windows Updates, we had network scans done quarterly and penetration testing done as well. Were we secure? Maybe, maybe not there were a lot of things I did not have visibility into. Did we have data leakage? Were our severs in compliance? Were people copying data on to USB drives/DVD drives? I just didn’t know.
Now with the different products in the Symantec product set we can work on getting that visiblity we need. it is not be the draconian IT department that all the other departments fear. It is about being safe with our companies data and being smart with what we are trusted with.
More thoughts to follow as I start to work on Operationalizing Security