Tip

Hot Pick: Symantec Client Security 2.0

Managing endpoint security is crucial to a defense-in-depth strategy. Symantec Client Security 2.0 includes a bevy of detection and prevention capabilities that mitigate and contain malicious threats on local and remote hosts.

Client Security goes beyond Symantec's standard AV protection to provide firewall/IDS functionality and VPN compliance checking. The firewall/IDS can detect and block inbound and outbound e-mail worms. VPN compliance checking ensures that remotely connecting clients have the correct security software and configurations. Client Security can delete or quarantine infected files and terminate malicious processes.

The client-server architecture allows security managers to configure, install and administer security functions and enforce policies for client systems. Its location awareness feature applies a predefined policy according to the machine's physical location based on its IP address. For example, a security manager could define a policy restricting Internet access to HTTP traffic in the office but allowing POP3 traffic so users can check personal e-mail on the road or at home.


MORE INFORMATION ON ENDPOINT SECURITY:
  • Join us for a

    Requires Free Membership to View


Client Security doesn't include a Web-based console, but it enables remote access from a workstation via pcAnyware or the Remote Desktop Protocol for administering the management server. The management server performs myriad tasks, including logging, reporting, scheduling system scans and issuing threat alert messages.

Installing and configuring the management server and our mix of Windows 2000 and XP client workstations was straightforward but less intuitive than you'd expect from a Symantec product. Online documentation was a big help and provided useful deployment scenarios, though security managers need to consider how the product scales to their environment. While smaller organizations can run all of the console tools on a single management server, larger enterprises might require additional servers to alleviate network bandwidth and bottleneck issues.

The AV functionality performed flawlessly, detecting a wide assortment of viruses including a Netsky variant. It provides signature-based spyware and adware detection (signatures are updated regularly by Symantec). Client Security also performs heuristics-based scanning to detect outbound worm traffic. Malware remediation can be done automatically based on policy or manually by security managers.

Because the firewall supports intrusion detection and data privacy controls, it requires more time to configure than the AV client. Symantec augments the firewall policy creation process with preconfigured and customizable templates. Security managers, for example, can restrict outbound traffic and nonbusiness apps through the templates. Client Security blocks access to Active Directory by default, allowing access through user-defined rule sets.

Security managers can configure a policy to block pop-up ads based on specific URL strings or domains and block client browser identification information from being sent to a remote Web server during an HTTP exchange.

Using menu-based selections, we set firewall policies that successfully detected and blocked attacks (ranging from a simple port scan to more advanced exploit code). Security managers can also set the firewall to block traffic at the touch of a button, minimizing the damage to other systems by stopping all inbound and outbound traffic in the event of a client-based attack.

Although our network configuration, running Cisco VPN clients, didn't allow us to test the VPN compliance-checking feature, Client Security supports VPN clients from Symantec, Check Point Software Technologies and Nortel Networks. The included VPN Sentry feature detects the version of the supported VPN clients to ensure appropriate compliance checks against predefined policies. Noncompliant clients can be quarantined, with options for automatic or manual remediation.

Despite the need for multiple management servers for effective large-scale deployment and some limits on VPN client support, Symantec Client Security 2.0 is a good choice for organizations looking to centrally manage and integrate key security functions at the client level.


This was first published in July 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.