The following provides best practices to ensure the security of your Symantec Endpoint Encryption installation. Each recommendation provides information on where to find additional information.

• Symantec recommends that you secure communication between Symantec Endpoint Encryption Management Server and the Active Directory server to prevent eavesdropping and tampering.
   
• It is also recommended to secure communication between Symantec Endpoint Encryption clients and Symantec Endpoint Encryption Management Server to prevent eavesdropping and spoofing.
  
  Note: For more information about securing communications, see the Symantec Endpoint Encryption 11.0 Installation Guide.
   
• Symantec recommends that you secure the Symantec Endpoint Encryption Management Server host system against unauthorized access to ensure that the database’s user password, Active Directory synchronization password, and SEMS integration password remain secure.
   
• Symantec recommends that you configure the Symantec Endpoint Encryption IIS client authentication account to have only the bare minimum privileges essential for clients to authenticate to Microsoft IIS. This account’s password is embedded into all client installers and all managed clients and thus should not have the ability to log on to any computer or access other company resources.
  
  Note: For more information about the IIS client authentication account, see Symantec Endpoint Encryption 11.0 Installation Guide.
   
• Symantec recommends that you configure the Symantec Endpoint Encryption Management Server to only use strong ciphers when communicating with clients.
  
  Note: For more information about using strong ciphers, see the Microsoft knowledgebase: http://support.microsoft.com/kb/245030.