Symantec ESM authenticates each incoming connection and outgoing connection. Authentication ensures that both connections involve valid Symantec ESM software. To initiate the authentication process, Symantec ESM uses the Diffie-Helman algorithm to exchange secure keys between Symantec ESM components. Symantec ESM uses the secure key to initialize the DESX encryption engine. Symantec ESM encrypts all communication between the components using the industry standard DESX algorithm. The originator verifies the transformed key. Unauthorized users cannot easily spoof Symantec ESM connections because the Diffie-Helman algorithm exchanges a different key each time.
Every process that connects to a Symantec ESM manager must have an authorized Symantec ESM access record. The Symantec ESM agents, the Symantec ESM console, and the installation program are all designed to connect to the Symantec ESM manager. Access records consist of a name and a password.
ESM encrypts the password using an algorithm. The algorithm is similar to the encryption algorithm that most UNIX operating systems use for the /etc/passwd or in the Appendix /etc/shadow files. Symantec ESM stores the encrypted password in a Symantec ESM data file. Only privileged users such as root, supervisor, system, or administrator can access the file.
Symantec ESM protects agents from unauthorized access through the manager registration process. Agents accept network connections only from Symantec ESM managers with whom they have previously registered.
Symantec ESM maintains a list of authorized managers on each agent in the /esm/config/manager.dat file. The agent checks this file each time a manager attempts a connection. The file stores the Symantec ESM manager name for the TCP/IP communication protocols.
Symantec ESM requires a user to log on to the system before it makes a change to a system file. Changes to system files result from a correction from the Symantec ESM console. Only a valid privileged system account can authorize the agent to make the correction.