Is Symantec Security Information Manager (SSIM) 4.8.x vulnerable to the “POODLE” vulnerability (CVE-2014-3566)? Symantec is planning to address this issue in the next Security Patch (SP6) for SSIM 4.8.1. In the meantime we recommend customers to use the FIPS operational mode detailed this documentHERE
Is Symantec Security Information Manager (SSIM) v4.7.4 or v4.8.x vulnerable to CVE-2014-6277, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187? There are hotfixes that deals with the bash Shellshock vulnerability that can be downloaded from this document HERE
Is Symantec Security Information Manager (SSIM) affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)? The current information for this vulnerability is in the document linked HERE. There is a hotfix that deals with ReverseHeartBleed vulnerability that can be downloaded from this document HERE
SSIM service and servlet debug logging switches
Article URL http://www.symantec.com/docs/TECH85647
Debug logging can put a significant load on the SSIM environment and may have a significant impact on SSIM performance. We recommend turning debug logging off as soon as the log information has been created.
You can find forget debug logging on proterties file use simple linux command;
find /opt/Symantec/simserver/ -name log4j.properties | xargs grep –color -v “#” | grep –color -r “DEBUG”
Symantec DLP Enforce UI incidents are marked for deletion by accidently. Last Chance for recovery before the purge process permanent delete from the database all marked incidents.
1. Log into SQLPlus as the protect user.
> sqlplus protect — SQLPlus will prompt for the password after, hiding it as it is typed.
> Password:
SQL> UPDATE incident SET isdeleted=0 where isdeleted = 1 and detectiondate > TO DATE(’06-29-14 17:01:01′, ‘MM-DD-YY HH24:MI:SS’);
About Purge Time;
Incidents deleted within the UI are purged from the Oracle database on a regular interval.
The interval is controlled by the manager.properties
com.vontu.manager.system.IncidentDeletion.delay=21600000
com.vontu.manager.system.IncidentDeletion.period=86400000
Both property values are milliseconds.
The delay value is how long after the Enforce starts that the first purge occurs.
The period value specifies how long after the first purge (and all subsquent purges) the next purge will occur.
The above values specify a delay of 6 hours before the first purge,
(6 hours * 60 min/hour * 60sec/min * 1000msec/sec = 21600000 msec)
and a period of 24 hours.
(24 hours * 60 min/hour * 60sec/min * 1000msec/sec = 86400000 msec)
If the Enforce Server is started at 5PM, the initial incident purge will occur 6 hours later, at 11 PM that day. All subsequent purges will occur 24 hours later, or 11 PM every day.
- Shut down the Distributed Transaction Coordinator service if it is running in Windows Services
- Navigate to the c:\software\oracle\database directory and double-click the Oracle Universal Installer file, setup.exe.
- On the Configure Security Updates panel, deselect I wish to receive security updates viaMyOracle Support, and click Next. A dialogbox displays that asks you to confirm that you wish to remain uninformed of critical security issues. Select Yes.
- On the Download software updates panel, select Skip software updates and click Next.
- On the Select Installation Options panel, select Install database software only and click Next.
- On the Grid Installation Options panel, select Single instance database installation and click Next.
- On the Select Product Languages panel, click Next to accept English as the default language.
- On the Select Database Edition panel, select Standard Edition and click Next.
- On the Specify Installation Location panel, enter the following paths in the specified fields Oracle Base: c:\oracle. Software Location:c:\oracle\product\11.2.0.3\db_1. Click Next
- On the Summary panel, click Install to begin the installation.
- On the Finish panel, click Close to exit the installer application.
- Install adb and fastboot for Mac
- Download these files from Download the latest daily image ›
- saucy-preinstalled-boot-armel+maguro.img
- saucy-preinstalled-system-armel+maguro.img
- saucy-preinstalled-armel+maguro.img
- saucy-preinstalled-phablet-armhf.img
- Download these files from Download the newest .img file here
- openrecovery-twrp-2.7.0.0-mako.img
- Plug the device in via USB
- Open Terminal and navigate to the directory you downloaded the files to
- If you haven’t unlocked the device, execute “fastboot oem unlock” and follow onscreen instructions
- Power down the device
- Enter fastboot mode by pressing volume down and power buttons at the same time until you feel it vibrate
- Once in fastboot mode, execute the following commands from Terminal
- fastboot flash recovery openrecovery-twrp-2.7.0.0-mako.img
- fastboot flash system saucy-preinstalled-system-armel+maguro.img
- fastboot flash boot saucy-preinstalled-boot-armel+maguro.img
- Using the volume keys, select recovery mode and press power >> Advanced >> select ADB sideload
- Swipe to Start Sideload
- In Terminal, execute “adb sideload saucy-preinstalled-armel+mako.zip”
- Use volume keys to navigate to “advanced”, press power, select “reboot recovery” and press power again
- Once back in recovery mode, execute from Terminal: “adb sideload saucy-preinstalled-phablet-armhf.zip”
- Once the command has completed, use the volume keys to select “restart device” and press power button
To print IP broadcast or multicast packets that were not
sent via ethernet broadcast or multicast: tcpdump ‘ether[0] & 1 = 0 and ip[16] >= 224’
To print all ICMP packets that are not echo
requests/replies (i.e., not ping packets): tcpdump ‘icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply’
For example, `ether[0] & 1 != 0′ catches all multicast traffic. The expression `ip[0] &0xf != 5′ catches all IP packets with options. The expression `ip[6:2] & 0x1fff =0′ catches only unfragmented datagrams and frag zero of fragmented datagrams.
openssl x509 -inform der -in certnew.cer -out certificate.pem
openssl pkcs7 -in cert.p7b -inform DER -print_cert -out cert.pem
– Spam Control
http://www.symantec.com/docs/TECH90043
– New Deployment
http://www.symantec.com/docs/TECH122730
– Deployment and Administration of Virtual Appliances
http://www.symantec.com/docs/TECH165030
– Performance
http://www.symantec.com/docs/TECH89920
How to enable Customer-specific rules:
DNS sunucuya TXT kaydı olarak gireceğimiz Public anahtarımızı tanımlamak için;
Yahoo tarafından tasarlanan alan adı ve e-posta eşleştirmesi sağlayan yöntemlerinden biri olan DKIM’i Symantec Messaging Gateway üzerinde tanımlamak için konsole’a girip Administration sekmesini tıkaldıktan sonra Cerificates Ayar menusunden Domain Keys sekmesini tıklıyoruz.
Create butonunu tıkladıktan sonra Public anahtar oluşturulmuş olur.
Örnek; public key
Oluşturulan public key’in domain’e atanması için;
Protocols>>Domains menusu altında tanımlı olan domain secildikten sonra açılan menüden Delivery sekmesi içinde DomainKeys Identified Mail enable edilip örnek şekildeki gibi ayarlanır ve anahtar üretilir.
Son olarak DNS TXT çıktımızı, DNS sunucumuzda TXT ZONE kaydı olarak oluşturulur örnek;
default._domainkey.selimozis.com. 86400 IN TXT “v=DKIM1; k=rsa; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZ1vPf6Hqb98oWOJeTeFix9anqnEPbkX645EOopGVBo+SdUGfmPlCdlCGJF5SpCoQVLxW8p/wNCL6uNPqCYUKkIKKHcp/7X+vtQrPT65iLmzjilPO6A9vA8u1po/bK36haXEbLlYljLpzvIcTiCRLtc+4o3ywbX3PYpNb2Eufr7QIDAQAB”
Article URL http://www.symantec.com/docs/HOWTO53750
Symantec Messaging Gateway üzerinde gelen ve giden trafiği şifreleyerek daha güvenli hala getirebilmek için TLS sertifika tabanlı şifreleme uygulayanması için konsole’a girip Administration sekmesini tıkaldıktan sonra Cerificates Ayar menusunden mx kaydında kayıtlı olan mail sunucusunun hostname bilgisine’e ait FQDN’i sertifikanın “common name” kısmına girerek Sertifika olusturulur. Bu işlem mx kaydında karşılık gelen her scanner için oluşturulur.
Oluşturulan sertifikalarin scanner’lara atanması için konsole’a girip Administration sekmesini tıkaldıktan sonra Configuration Hosts menusunden her bir scanner için inbound, outbound ve delivery smtp ayarlarinda tanımlamalar yapılır.
