About Symantec ESM communications security

book

Article ID: 179561

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

 

Resolution

About Symantec ESM communications security

Symantec ESM protects the security information that it gathers from the computers on your network in the following ways:

  • Symantec ESM encrypts the account names, passwords, and other data that it stores on your computers and transfers over your network.

  • Symantec ESM authenticates each incoming connection and outgoing connection. Authentication ensures that both connections involve valid Symantec ESM software. To initiate the authentication process, Symantec ESM uses the Diffie-Helman algorithm to exchange secure keys between Symantec ESM components. Symantec ESM uses the secure key to initialize the DESX encryption engine. Symantec ESM encrypts all communication between the components using the industry standard DESX algorithm. The originator verifies the transformed key. Unauthorized users cannot easily spoof Symantec ESM connections because the Diffie-Helman algorithm exchanges a different key each time.

  • Every process that connects to a Symantec ESM manager must have an authorized Symantec ESM access record. The Symantec ESM agents, the Symantec ESM console, and the installation program are all designed to connect to the Symantec ESM manager. Access records consist of a name and a password.

    ESM encrypts the password using an algorithm. The algorithm is similar to the encryption algorithm that most UNIX operating systems use for the /etc/passwd or in the Appendix /etc/shadow files. Symantec ESM stores the encrypted password in a Symantec ESM data file. Only privileged users such as root, supervisor, system, or administrator can access the file.

    If a Symantec ESM manager rejects an access record password, Symantec ESM waits for a second before and acknowledgment is returned. This delay can defeat brute force attacks against passwords.

  • Symantec ESM protects agents from unauthorized access through the manager registration process. Agents accept network connections only from Symantec ESM managers with whom they have previously registered.

    Symantec ESM maintains a list of authorized managers on each agent in the /esm/config/manager.dat file. The agent checks this file each time a manager attempts a connection. The file stores the Symantec ESM manager name for the TCP/IP communication protocols.

  • Symantec ESM requires a user to log on to the system before it makes a change to a system file. Changes to system files result from a correction from the Symantec ESM console. Only a valid privileged system account can authorize the agent to make the correction.