Managing endpoint security is crucial to a defense-in-depth strategy. Symantec Client Security 2.0 includes a bevy of detection and prevention capabilities that mitigate and contain malicious threats on local and remote hosts.
Client Security goes beyond Symantec's standard AV protection to provide firewall/IDS functionality and VPN compliance checking. The firewall/IDS can detect and block inbound and outbound e-mail worms. VPN compliance checking ensures that remotely connecting clients have the correct security software and configurations. Client Security can delete or quarantine infected files and terminate malicious processes.
The client-server architecture allows security managers to configure, install and administer security functions and enforce policies for client systems. Its location awareness feature applies a predefined policy according to the machine's physical location based on its IP address. For example, a security manager could define a policy restricting Internet access to HTTP traffic in the office but allowing POP3 traffic so users can check personal e-mail on the road or at home.
MORE INFORMATION ON ENDPOINT SECURITY:
- Join us for a
- live interactive webcast on Thurs., July 29 at noon ET with Christopher King on policy compliance for end-point devices. (Webcast will be available on-demand after July 29.)
- Learn more about network device compliance in this Security Tool Shed column.
- Attend Information Security Decisions Oct. 6-8 in Chicago and learn more about the latest developments in network and endpoint security.
Client Security doesn't include a Web-based console, but it enables remote access from a workstation via pcAnyware or the Remote Desktop Protocol for administering the management server. The management server performs myriad tasks, including logging, reporting, scheduling system scans and issuing threat alert messages.
Installing and configuring the management server and our mix of Windows 2000 and XP client workstations was straightforward but less intuitive than you'd expect from a Symantec product. Online documentation was a big help and provided useful deployment scenarios, though security managers need to consider how the product scales to their environment. While smaller organizations can run all of the console tools on a single management server, larger enterprises might require additional servers to alleviate network bandwidth and bottleneck issues.
The AV functionality performed flawlessly, detecting a wide assortment of viruses including a Netsky variant. It provides signature-based spyware and adware detection (signatures are updated regularly by Symantec). Client Security also performs heuristics-based scanning to detect outbound worm traffic. Malware remediation can be done automatically based on policy or manually by security managers.
Because the firewall supports intrusion detection and data privacy controls, it requires more time to configure than the AV client. Symantec augments the firewall policy creation process with preconfigured and customizable templates. Security managers, for example, can restrict outbound traffic and nonbusiness apps through the templates. Client Security blocks access to Active Directory by default, allowing access through user-defined rule sets.
Security managers can configure a policy to block pop-up ads based on specific URL strings or domains and block client browser identification information from being sent to a remote Web server during an HTTP exchange.
Using menu-based selections, we set firewall policies that successfully detected and blocked attacks (ranging from a simple port scan to more advanced exploit code). Security managers can also set the firewall to block traffic at the touch of a button, minimizing the damage to other systems by stopping all inbound and outbound traffic in the event of a client-based attack.
Although our network configuration, running Cisco VPN clients, didn't allow us to test the VPN compliance-checking feature, Client Security supports VPN clients from Symantec, Check Point Software Technologies and Nortel Networks. The included VPN Sentry feature detects the version of the supported VPN clients to ensure appropriate compliance checks against predefined policies. Noncompliant clients can be quarantined, with options for automatic or manual remediation.
Despite the need for multiple management servers for effective large-scale deployment and some limits on VPN client support, Symantec Client Security 2.0 is a good choice for organizations looking to centrally manage and integrate key security functions at the client level.
This was first published in July 2004