WINDO WS ® PRO TE CTION SOL UTIONS Protecting

WINDO WS ® PRO TE CTION SOL UTIONS Protecting
WHITE PAPER: WINDOWS® PROTECTION SOLUTIONS
Protecting the Windows
Environment: A Blueprint
for Small and Mid-sized
Organizations
White Paper: Windows Protection Solutions
Protecting the Windows Environment:
A Blueprint for Small and Mid-sized
Organizations
Contents
Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
An evolving IT environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Malicious code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Exponential increase in data volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Growing need for mobile computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Ongoing client management needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Windows in action: A scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Protecting the Windows environment: A blueprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Data security and availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
System security and availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Application security and availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Symantec solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Conclusion and recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Executive summary
Most mid-sized organizations rely on a Microsoft® Windows environment to keep their business
running and their employees productive. But these organizations often fail to recognize
the vulnerabilities in Windows based systems that place them at risk. Each day, mid-sized
organizations face challenges such as backing up and recovering mission-critical data in the
event of hardware failure or human error, protecting users from viruses and other “malware,”
and keeping their customer information and other intellectual property from falling into the
wrong hands.
Staying ahead of these challenges is complicated by the fact that threats to system security
and availability are increasing and evolving rapidly. Malware and malicious attacks are becoming
more sophisticated, complex, and frequent. And the amount of time between the discovery of a
system vulnerability and its exploitation is shrinking, making it nearly impossible to patch systems
before an attack can slip though a security hole. What’s more, as an organization’s technologies
and infrastructure evolve over time, many IT departments find that their solutions—often a
patchwork of products from a variety of vendors—no longer work together effectively to protect
their Windows environment and ensure that their business stays up and running.
In an environment of increasing risk, IT managers need to take a holistic approach to
Windows protection to stay ahead of the threat curve. This paper explores the challenges that
Windows centric IT shops encounter today. It then proposes a blueprint for mitigating risk without
adding cost and complexity. For mid-sized organizations, which typically do not enjoy the level of
IT resources deployed by large enterprise operations, a critical business priority must be to act
now to ensure the security and availability of their data, systems, and applications.
Symantec offers a streamlined blueprint for acquiring, deploying, and managing solutions
that protect data, systems, and applications and enable the enforcement of IT policies.
Symantec’s complete array of proven, award-winning solutions can help IT departments at today’s
mid-sized organizations effectively—and affordably—meet these objectives. These best-in-class
solutions make it easier to accommodate changing business requirements and help ensure that
information as well as the desktops, laptops, and servers that make it accessible are always
secure and available.
4
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
An evolving IT environment
In today’s fast-paced, networked world, the free flow of information is essential to success.
Mid-sized organizations must improve the ways they share information among employees,
partners, suppliers, customers, and other constituents to transform themselves into more
dynamic and responsive service-oriented businesses.
As the pace of business accelerates, CIOs and IT directors face new challenges in securing,
managing, and making available that information. After all, the IT environment in which they
operate has undergone an unprecedented transformation in the past decade. Consider these
aspects of today’s “threat landscape.”
Attacks
Denial of Service (DoS) attacks target a computer system or network and cause a loss of service
to users. Typically, this involves a loss of network connectivity and services due to a deliberate
maximum consumption of bandwidth or overloading of the victim’s computing resources. In the
second half of 2005, the average number of DoS attacks detected per day was 1,402—an increase
of 51 percent over the first half of the year, according to Symantec’s research.
Malicious code
During the second half of 2005, more than 10,992 new Win32 viruses and worms were
documented, a 49 percent increase over the same period the year before. Malicious code is
being used more often to generate profit and expose confidential information. During this period,
80 percent of malicious code exposed confidential information. 1
Vulnerabilities
Information security managers know that Internet-borne threats—viruses, worms, and Trojan
horses—are increasing in frequency, speed, and severity. “Blended threats” exploit multiple IT
vulnerabilities, breakouts cover the globe in just minutes, and the number of days between the
discovery of a vulnerability and its exploitation is trending toward zero. In the latest reporting
period, 1,896 new vulnerabilities were documented—the highest recorded number since 1998.
Overall, 40 percent more vulnerabilities were identified in 2005 than in 2004. Web application
vulnerabilities made up 69 percent of all vulnerabilities during this period. And the average time
between the announcement of a vulnerability and the appearance of code to exploit it was
6.8 days.2
1“Symantec
2
Internet Security Threat Report, Trends for July 05–December 05,” Volume IX, March 2006.
Ibid.
5
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Phishing
Phishing is a fraudulent attempt to acquire sensitive information, such as passwords and credit
card details, by someone posing as a trustworthy person or business in an apparently official
electronic communication. Common phishing ploys involve email purporting to be from wellrecognized financial institutions that direct the recipient/victim to a counterfeit website, where
personal information is requested and collected. With an average of 7.9 million phishing attempts
per day in the second half of 2005 (an increase of 39 percent over the first half), it’s not just users
of big banks and mainstream consumer sites who are being targeted. Increasingly, phishers
are also going after customers of smaller organizations. In the United States, consumers lost
an estimated $500 million to phishing attacks in 2005.3
Spam
Unsolicited email, meanwhile, continues to cause headaches. Spam made up 50 percent of all
monitored email traffic in the second half of 2005, according to Symantec’s research. Small
businesses are often more at risk for spam than large enterprises because they lack the proper
security infrastructure.
Emerging threats such as bot networks and customizable modular malicious code are
becoming increasingly prevalent in today’s threat landscape. Web applications and browsers
are often the focal point for targeted attacks. Whereas traditional attack activity was motivated
by notoriety and a desire to show off technical virtuosity, many threats are now driven by profit.
They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud for
financial gain.
While these threats are considered security related, there are other issues that concern
many organizations. These should be considered realities that will cause stringent IT policies
and procedures to be established and enforced within organizations.
Exponential increase in data volumes
Data volumes continue to grow at 40 to 60 percent each year,4 making it more difficult for
administrators to back up mission-critical data in acceptable time frames (or within available
backup windows). In addition, the need for instant, on-demand data recovery is fast becoming
a requirement for business operations.
3
4
“Do Security Toolbars Actually Prevent Phishing Attacks?” Min Wu, Robert C. Miller, Simson L. Garfinkel, MIT Computer Science and Artificial Intelligence
Lab, April 2006.
IDC, Cebit 2006, “Storage hardware: the backbone of the future.”
6
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
With downtime costs reaching thousands of dollars per hour, an outage results in immediate
financial impact for mid-sized companies. These organizations typically run their IT operations on
a tighter budget and with more limited resources than larger scale organizations. Nevertheless,
they are expected to provide an equivalent level of protection and IT services. The need to keep up
with growing demands for storage can lead companies to chain solutions together in an attempt
to meet Windows protection needs—but that may actually expose a company to greater risk.
Growing need for mobile computing
For today’s mid-sized companies, a mobile workforce is a given. According to International Data
Corp. (IDC), two-thirds of the U.S. workforce will be considered “mobile” by the end of 2006.
The proliferation of laptops and other mobile devices has certainly been a boon for workforce
productivity.
According to a recent global survey of 240 company executives by the Economist Intelligence
Unit and sponsored by Symantec, only nine percent of companies have incorporated a
comprehensive security architecture designed to include secure mobile device access. These
mobile devices typically carry proprietary information that could negatively impact a business
should that information be lost through a system failure or fall into the wrong hands. According
to IDC, as much as 60 percent of a company’s critical data resides on a corporate laptop or
desktop PC.5
Ongoing client management needs
Mid-sized organizations are under increasing pressure to keep end-point devices up and running
regardless of circumstances, including security vulnerabilities, system failures, human error, and
natural disasters, as well as planned maintenance. That pressure is exacerbated by limited IT
resources and the complexity of delivering on service-level agreements to remote offices and
mobile users.
5
IDC, Cynthia Doyle, “Business Continuity in 2002: It’s Not Business as Usual,” April 2002.
7
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Windows in action: A scenario
The hypothetical Acme Corporation illustrates some of the main challenges that the average
Windows centric IT shop faces today. For the purpose of this illustration, let’s assume the
following:
• Microsoft operating system (Windows 98, Windows 2000, Windows Server 2003,
or Windows XP)
• Thirteen servers: Four file servers, two application servers, two Web servers, two document
servers, one database server, one remote access server, and one Microsoft Exchange
email server
• Cisco networking gear, a switched copper 10/100 network, and a company intranet
• One corporate headquarters location with 276 nodes
• Four branch offices with 30 nodes in each
• Forty telecommuters
• Five IT staff with limited security knowledge
• Four primary IT vendors providing infrastructure acquisition, hardware and software, system
integration and networking, security, application support, and troubleshooting
Acme is a financial institution with 500 employees in five locations throughout the United
States. Like most mid-sized organizations, Acme’s IT team experiences a number of ongoing
“pain points.” One is an increasing number of Internet-based security threats.
For example, some Acme employees use their company-allocated computers for more than
just work. They may browse nonwork-related Web sites, download and install nonwork-related
software, and allow family members to use their PCs. Recently, an Acme laptop that was
compromised outside the local network was reconnected to the network and propagated
a virus to hundreds of other Acme employees’ computers.
Gartner has found that the incidence of infection is particularly high for laptop PCs used
outside the corporate network and in offices where there is no filtering of Internet content.
“Often, users are repeatedly infected, generating help desk calls on a regular basis.” 6
Acme also faces a daunting challenge when it comes to protecting the growing volume of
business-critical data on its servers, desktops, and laptops. Acme’s solution has been to promote
the use of network shares as a place where users can copy their data. However, not only does
this compromise the integrity of the protected data (because it will rarely be current), but it also
places IT in jeopardy of failing to meet its service-level agreements.
6
Gartner, “Security Best Practices Can Lower PC TCO,” Michael A. Silver, Neil MacDonald, Mark Nicolett, John Pescatore (December 8, 2005).
8
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Lately, Acme has been struggling to recover whenever its IT operations are disrupted.
Frequently, critical systems and security tools aren’t interoperable. IT operations and security
functions overlap or have conflicting priorities. Fixing the problems requires the help of dozens
of vendors. The results have been higher costs, slower response times, and an inability to access
critical business data and achieve business objectives.
Case in point: When a server failed recently, Acme’s business operations were crippled due to
an inability to access critical systems and business data (such as customer records, accounting
documents, and product development specifications). System recovery was a manual and
intensive process that occurred over many days. Steps included repairing the hardware and
reinstalling the operating system, applications, patches, system updates, and other system
requirements. After these were completed, administrators then needed to try and reconfigure
the system back to its exact state before the disaster. Several tests were required to ensure the
system was ready for production. However, recovery of the system volume was only half of the
resolution. Acme then faced the challenge of finding a reliable backup of the data that could be
restored. Acme’s experience with its backup solution was frustrating due to the lack of reliable
backups, which at times would not run or just produced errors. This process was arduous and
required multiple restore attempts. The bottom line was that Acme’s IT department spent days
and nights trying to reintroduce the server and data into the production environment.
As Acme has learned, such downtime is proving increasingly costly. Given an average of just
nine hours of downtime per incident, each outage could cost Acme an estimated US$189,450.7
If Acme experiences seven incidents this year, it could cost the company US$1,326,150.
Support presents another challenge for Acme. Tight budgets and limited staff mean that
the IT team is under continuous pressure to do more with less. These days, IT is tasked with
supporting more mobile employees and more types of devices than ever before. As a result,
Acme grapples with how to troubleshoot problems without IT members leaving their desks.
One-off requests from end users and costly travel time to resolve problems at remote sites
are taking their toll.
Finally, since email has become a mission-critical channel for business communications
and transactions, as well as a key repository of information and records, Acme’s dependency on
email—like that of most companies—has grown considerably. And this growing dependency,
not to mention Acme’s enormous growth in email volume, has placed mounting pressure on the
IT team to maintain the availability of its Microsoft Exchange email system.
7
Based on a Symantec ROI assessment.
9
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Unfortunately, spam, worms, and phishing attacks are driving up message volume
even further and exposing messaging systems to greater risk of downtime. At the same time,
government regulations and legal discovery requests are ratcheting up cost and management
pressures by mandating new requirements for monitoring, storing, and retrieving email.
As a financial institution, Acme is required to preserve email longer and to ensure that it
cannot be tampered with during mandated retention periods. This mandate has increased
Acme’s cost of storage to retain email messages and added complexity to its email management.
Despite these obstacles, the challenge must be confronted. In the final analysis, even
minimal downtime can lead to business disruption, loss of revenues, and legal liability.
Clearly, Acme faces myriad challenges in achieving a protected Windows environment. For
Acme, this will require a multipronged strategy that addresses and mitigates risks and improves
the overall protection of the data, systems, and applications residing within the organization.
Protecting the Windows environment: A blueprint
To truly protect the Windows environment, it is necessary to look at the IT infrastructure
holistically. All data, systems, applications, and IT policies must be aligned to support the end
goal: keeping the business up and running while protecting the security and integrity of the
information on which the business and its customers depend.
Accordingly, the goal of mid-sized organizations should be to identify and implement
solutions from vendors that are industry proven and reliable. Their software vendors must provide
best-in-class solutions for keeping their data, systems, and applications secure and highly
available. Furthermore, the solutions should be capable of fulfilling the needs of a large
enterprise, while offering the affordability and ease of implementation required by a mid-sized
organization.
The following blueprint, designed for adaptation to meet mid-sized organizations’ evolving
business requirements, is intended to help them:
• Secure and protect data
• Maximize system availability
• Control and optimize application environments
10
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Data security and availability
According to a Gartner research study, mid-sized businesses, on average, spend a greater
percentage of their IT budget on security than do larger enterprises.8 With typical security
spending ranging from 5 to 10 percent of their total IT budget, most mid-sized organizations
lack focused in-house security skills. Rather, the responsibility of security management is spread
among other IT groups that manage desktops and networks as well as administer email. While
this is not necessarily the wrong approach, it can result in diverse purchases from various
vendors. Consequently, the company misses the opportunity to realize cost savings through
volume licensing from one vendor, and it assumes the administrative burden of learning how
to configure and manage multiple products from multiple vendors.
Another concern with regard to mid-sized organizations is their approach to maintaining
security. Typically, they react to events as opposed to proactively anticipating threats and
breaches. Gartner reports that mid-sized businesses are weak in the area of security monitoring
and often are not even aware that they have been breached. As a result, intrusion prevention,
antispyware, and defenses against viruses and worms have been the top three security areas
of focus for these organizations in 2006.9
Instead, mid-sized organizations need to focus on solutions that protect against known,
unknown, internal, and external threats while allowing necessary information access throughout
attacks and remediation. While a majority of organizations may view servers as the focal point
for security, desktops and mobile devices must not be overlooked. In fact, a recent Gartner survey
of mid-sized organizations found that nearly 30 percent of respondents do not have personal
firewalls on their laptops, and nearly 20 percent are not using antispyware.10 With notebooks
accounting for 82 percent of all new computer purchases,11 companies must address the likelihood
that their hard and soft assets will be used outside protected company firewalls. Moreover, as
illustrated at Acme, end users tend to treat these mobile systems as their own personal devices,
taking them home and using them for extracurricular activities. Not surprisingly, Gartner found
that 35 percent of malware infections resulted from end-point intrusions while the system was
off the managed network.12
That’s why organizations need to set, enforce, and measure compliance to appropriate
IT policies, as well as to identify and evaluate solutions that can provide multilayered security
capable of assessing threats, monitoring controls, shielding individual applications, and
8
Gartner, “Mid-sized Business Security Spending Plans, 2006,” February 16, 2006.
Ibid.
Ibid.
11 CIO Update, “Mobile Workers Cut Gaping Hole in Security,” September 15, 2005.
12 Ibid.
9
10
11
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
protecting desktops and mobile systems. Mid-sized organizations should also consider a
centralized management component to provide an easier and more consistent method for security
administration among Windows based servers and end-point devices.
At the same time, instant, on-demand data recovery is becoming increasingly vital for all
business operations. While traditional tape backups have proven effective over the years, today’s
dynamic business climate demands faster, more efficient backups and on-demand recovery.
Disk-based continuous Windows protection addresses these issues in a way that eliminates the
need for backup windows, allows end users to recover their own data without contacting IT, and
delivers an integrated disk-to-disk-to-tape solution. For mid-sized organizations looking to
manage data growth, improve reliability, and speed up data recovery, continuous Windows
protection can also improve overall Windows protection without costly, high-administration
solutions. By using disk as the primary medium for Windows protection and recovery,
organizations can leverage traditional tape backups to provide secondary Windows protection
for longer term retention and offsite storage.
System security and availability
When organizations consider backup and recovery, they usually associate them with protecting
information residing on a server. It is important to remember, however, that this constitutes both
data and system information. Too often, so much importance is placed on protecting the data
that the system is overlooked. But if the system is not operable, the chances of accessing the
data are slim. When a server’s operating system fails, it can take eight or more hours (days, in
some instances) to rebuild and restore the server. This process includes reinstalling the operating
system, applications, and patches; configuring settings; and so on. Moreover, there is no
guarantee that the server will be in the exact same state as before the failure took place.
Mid-sized organizations cannot afford the luxury of maintaining extra server hardware
in case they need to replace an existing system. In fact, these organizations are constantly
negotiating prices with various vendors and may often change preferred-vendor standards. This
introduces the prospect of restoring a system on a new and dissimilar piece of hardware while
trying to preserve the integrity of the system state and the availability of the data. Organizations
must ensure that their data and system backup and recovery solutions provide the ability to
adapt to these ongoing changes.
12
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
According to IDC, the exploding growth of critical data residing on unprotected laptops and
desktops is forcing many mid-sized businesses to explore more advanced backup and recovery
solutions.13 In most cases, IT administrators advise end users to save or upload any critical
information to the server so that it can be included in the scheduled server backup. The drawback
to this approach is that end users do not find it acceptable; moreover, mobile users are most
dramatically affected by this option, since they are most often disconnected from the network.
Fortunately, regulatory requirements and business continuity demands have led
administrators to consider adopting alternative approaches to protecting the end-point devices
in their organizations. To date, this shift has mostly affected systems that belong to high-ranking
employees and those that contain information that could pose a risk if it were not recoverable.
In reality, organizations should consider backup and recovery for every end-point device,
especially where the data residing on the system is worth more than the system itself.
The role of managing systems
From the perspective of IT, a perfect computing environment would include end-point devices
that are locked down to comply with strict IT policies. The more consistent the devices (hardware
types, configurations, applications, and so on), the easier and more cost-effective they are to
manage, promoting a more secure environment. Once an end-point device is deployed into a
production environment, it is subject to constant change, customization, and potential threats,
all of which can occur without IT involvement. When the risks associated with these changes
are not monitored, organizations are more likely to overspend their IT budgets. Gartner reports
that hardware and software purchases account for only about 20 percent of today’s IT budgets,
with more than 70 percent being spent on service and support.14 In addition, organizations that
systematically manage the life cycle of their IT assets can reduce cost per asset by as much as
30 percent during the first year, and between 5 and 10 percent annually by 2010.15
Life-cycle management
Mid-sized organizations today can spend thousands of dollars per user each year to deploy and
migrate operating system and application upgrades. For many of these organizations, the
advanced capabilities offered by today’s imaging and software deployment tools can make
deployment and migration tasks easier and faster. Utilizing today’s imaging software, they can
create and deploy operating systems, application packages, user settings, and security fixes to
13
14
15
IDC, “U.S. SMB Storage 2006: The Move to More Advanced Storage Features,” March 29, 2006.
Gartner, “IT Spending: How Do You Stack Up?” 2003.
Gartner, “Ensure Healthy IT Services With Asset Life Cycle Management,” William Snyder, Frances O’Brien (August 5, 2005).
13
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
PCs across a network in minutes. With client software installed, administrators do not need to
visit the target PC to conduct routine deployment or maintenance. This translates into lower IT
management costs and increased productivity.
Leading imaging and deployment solutions combine file-based and sector-based imaging
technologies. File-based imaging technology, which provides editable images, delivers optimum
ease of use and flexibility for customizing and updating images, while sector-based imaging
completely preserves system optimizations if they were previously done. This combination enables
IT administrators to reduce the cost and time required to:
• Create standard system images for new workstations and servers
• Deploy new Windows operating systems across an organization
• Migrate users to new computers or operating systems while preserving user settings,
preferences, application settings, and data
• Deploy new or updated applications and distribute updates
• Restore a computer to its original configuration
• Refresh PCs following a system crash, failure, or conflict
At the same time, today’s mid-sized organizations support a growing number of users, many
working remotely, who are using increasingly complex hardware and software. Remote control
software, which allows a help desk technician to control a user’s PC or an unattended server over
a network, has proven to be a cost-effective way of providing support. Of course, organizations
must be confident that remote control software does not expose their data to unauthorized use.
An effective remote control solution addresses key security requirements in the areas of
authentication, authorization, and access control; perimeter and data transfer security; and
administration. It must be able to detect, diagnose, and resolve critical issues with minimal
impact to business operations.
14
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Secure system retirement
Organizations often do not realize that they are subject to risks and theft even after a system has
been “decommissioned.” IT departments delete information or even reformat a hard drive before a
computer is donated to charity or sold at a surplus sale without realizing that sensitive data can
still be retrieved from these reformatted drives. In fact, cybercriminals generally look for
information in five areas of a salvaged computer: deleted files, recovery partitions, configuration
files, password storage, and special hardware devices.
When files are deleted from a disk on a computer through the operating system, the
operating system doesn’t erase the files’ content from the disk. It only deletes references to these
files on the hard drive. Content of the deleted files continues to be stored on the disk and can be
restored easily using data recovery utilities. Disk reformatting can be a lengthy and laborious
process, and it doesn’t inhibit the ability of a low-level tool to recover the data.
Consider these cases:
• The Pennsylvania Department of Labor and Industry sold old computers that contained
“thousands of files of information about state employees.”
• The consulting firm of Dovebid auctioned off old computers that contained confidential
client information.
• A used computer sold in Purdue University’s surplus equipment exchange facility contained
a database with the names and demographic information of applicants to the school’s
Entomology Department.
• In Pahrump, Nevada, someone purchased a used computer and discovered that the prescription
records of more than 2,000 patients from a local pharmacy were still on the hard disk. Included
were the patients’ names, addresses, Social Security numbers, diagnoses, and medications.16
• Earlier this year, a laptop belonging to an Ernst & Young employee was stolen during a car theft.
Ernst & Young is the auditor for Hotels.com, and the laptop contained personal data on
Hotels.com customers.
To maintain a secure IT environment and protect a company’s digital assets, the system
retirement process cannot be overlooked or handled carelessly. IT departments must look for
certified and tested solutions that completely wipe out data from the hardware device. Bestpractice strategies for PC retirement and data disposal require support for two “disk wipe”
standards: the U.S. Department of Defense NISPOM (National Industrial Security Program
16
NY State Society of CPAs, “Protecting Information Privacy When Retiring Old Computers,” July 2004.
15
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Operating Manual) DoD 5220.22-M (1995) and the Assistant Secretary of Defense Memorandum
of Disposition of Unclassified DoD Computer Hard Drives (2001).
It is recommended that additional steps be taken to ensure that the retirement process is
consistent and supports IT best practices. These include:
1. Before retirement, create a copy or archive of the entire system and its information.
2. Transfer the copy to a new machine or archive to a backup (tape or disk) device.
3. Perform a secure disk wipe of the system, completely removing the system and data files. In
accordance with NISPOM, magnetic disks should be first cleared and then “sanitized.” The first
operation involves overwriting all addressable locations with a single character; the second
involves overwriting all addressable locations with a character, its complement, and then a
random character, followed by verification. Confirming that the wipe has been successful is
an important step. Administrators should be able to view the overwrite pattern on the disk
to confirm that the overwrite has occurred.
4. As an added level of security, remove sensitive hardware from the computer and perform a
physical disk shred.
Application security and availability
Over the past 10 years, organizations of all sizes have transitioned from leveraging email as
an alternative method of communication to depending on it as a critical application. And as a
mission-critical application and primary channel for communications and transactions, email
systems have become key repositories of intellectual property, business information, and legally
binding records. Consequently, many organizations have found that productivity falls dramatically
when email stops functioning. According to the Enterprise Strategy Group, more than 60 percent
of midtier and enterprise-tier businesses together believe that email is the number one missioncritical business application for their organizations.17 And, by some industry estimates, the
volume of email that businesses are storing is increasing by more than 60 percent each year.
At the same time, mid-sized organizations are recognizing that they must also cope with instant
messaging (IM).
17
Steve Duplessie and Peter A. Gerr, "Unlocking the True Power of Enterprise Message Management: Beyond Tactical Email Archiving Towards a Strategic
Comprehensive Information Governance Infrastructure," The Enterprise Strategy Group, Inc., September 2005.
16
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
However, the very aspects that make email valuable to an organization also expose it to a great deal
of risk and liability. The ubiquity and simplicity of email have made it the preferred method for
transferring:
• Data between users, including nonbusiness content such as multimedia files and executables, or even
company confidential information outside corporate walls
• Threats and disruptions, such as viruses, phishing attempts, and spam
Email is also increasingly subject to the costly and time-consuming process of legal discovery. Today,
companies are required to preserve email longer and to ensure that the email cannot be tampered with
during the mandated retention periods.
For mid-sized organizations with a messaging infrastructure built around Microsoft Exchange, a
layered approach to email management is essential. This approach positions different types of protection
at defined levels of the email architecture. Ensuring email security and availability begins with controlling
the flow of email information from start to finish. In functional terms, this involves removing unwanted
content from the messaging system at the earliest possible point in time.
Ultimately, a layered approach to email management can reduce the risk and potential downtime
posed by security threats and spam, help meet email policy and regulatory compliance requirements,
and optimize the accessibility and resiliency of the email infrastructure.
Symantec solutions
Today’s mid-sized organizations require Windows based protection solutions that are easy to acquire,
deploy, and manage, bringing them enterprise-class performance without the cost and complexity usually
associated with enterprise solutions. Their goal: To keep data, systems, and applications secure and
highly available at all times. Following are some of the Symantec solutions available to help these
organizations achieve that goal.
Data security and availability:
• Symantec™ Client Security
• Symantec AntiVirus™
• Symantec Backup Exec™ 10d
17
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Category Leading Windows
Data Security and
Availability Products
SAV
SCS
Symantec Client Security
Featuring Symantec AntiVirus
SAV
Symantec AntiVirus
Corporate Edition
BE
Symantec Backip Exec 10d
Clients
Servers
SCS
BE
Exchange
SCS
Internet
SAV
BE
File
SCS
SAV
BE
SQL
BE
SCS
Wireless
SCS
Remote Office/User
Backup Servers
Figure 1. Data security and availability
Symantec Client Security proactively protects businesses from viruses, spyware, and
hackers. Collaborative security elements, including client firewall, intrusion protection, and
antivirus/antispyware, deliver enhanced protection against known and emerging threats. Integrated
graphical reporting, centralized management, and automatic downloads of protection updates
make it easy to defend desktops, laptops, and file servers against known and emerging threats.
Symantec AntiVirus is the world’s most trusted antivirus solution.18 It automatically removes
viruses, worms, and Trojan horses. It also protects PCs from malicious code in email messages,
instant message attachments, Internet downloads, and other points of entry. Symantec AntiVirus
is an install-it-and-forget-it solution that works actively in the background, is fully automated, and
remains up to date by retrieving daily protection updates from Symantec without user interaction.
The 2006 version has been enhanced to automatically detect and remove today’s high-risk spyware
and adware programs.
Symantec Backup Exec 10d is the industry-leading Windows protection solution designed
for disk, providing comprehensive, cost-effective, and certified backup and recovery. By providing
continuous Windows protection and the industry’s first Web-based file retrieval, Backup Exec helps
eliminate backup windows and provides instantaneous recovery. Centralized administration allows
scalable management of distributed backup and remote servers. An intuitive interface and wizards
simplify Windows protection and recovery procedures for any level user and any size network.
18
Top-selling antivirus software product from December 2000 through June 2005, based on The NPD Group’s retail Top Selling Business Software list.
18
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Backup Exec also provides continuous desktop and laptop data protection. With a complete family
of high-performance agents and options to protect Windows, Linux®, and UNIX server data, as well
as desktops and laptops, Backup Exec offers simple, flexible, and granular Windows protection.
System security and availability:
• Symantec Ghost™ Solution Suite
• Symantec Backup Exec System Recovery
• Symantec pcAnywhere™
Category Leading Windows
System Security and
Availability Products
Clients
Servers
BESR
pcA
GSS
Archive
GSS
Symantec Ghost Solution
Suite
BESR
Symantec Backup Exec
System Recovery
pcA
Symantec pcAnywhere
Exchange
GSS
BESR
Internet
File
GSS
BESR
SQL
Wireless
Remote Office/User
Backup Servers
Figure 2. System security and availability
Symantec Ghost Solution Suite is the industry’s most widely used corporate imaging and
deployment solution. Its operating system deployment, software distribution, and PC migration
and retirement features allow IT staff to manage the entire PC life cycle easily while reducing
support costs. With Ghost Solution Suite, administrators can quickly deploy or restore an
operating system image or application on a PC and easily migrate user settings, data, and
profiles—all without having to physically touch the PC.
Symantec Backup Exec System Recovery (formerly Symantec LiveState™ Recovery) enables
customers to restore systems anytime, from anywhere, to virtually any device. It combines
the speed and reliability of disk-based, bare-metal Windows system recovery with revolutionary
19
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
technologies for lights-out operation and the independent restoration of systems to
dissimilar hardware.
Symantec pcAnywhere, the world’s leading remote control solution,19 helps mid-sized
organizations manage remote computers securely to resolve issues quickly. New gateway and host
invitation features minimize problems with connecting to devices behind routers and firewalls.
Extensive remote management tools enable fast and efficient problem resolution for help desk
and server support. And the Symantec pcAnywhere Access Server enables mid-sized organizations
to support their internal and external clients by discovering and connecting to multiple
pcAnywhere hosts through a centralized, secure host access point from anywhere, regardless
of location or network configuration.
Application security and availability:
• Symantec Mail Security
• Symantec Enterprise Vault™
• Symantec IM Manager
• Symantec Backup Exec 10d with the Exchange agent
Category Leading Windows
Application Security and
Availability Products
Clients
Servers
SMS
EV
SMS
Symantec Mail Security
EV
Veritas Enterprise Vault
BE
Symantec Backup Exec
IM
Symantec IM Manager
Archive
Exchange
Internet
SMS
File
IM
SQL
Wireless
Remote Office/User
Backup Servers
Figure 3. Application security and availability
19
Top-selling antivirus software product from December 2000 through June 2005, based on The NPD Group’s retail Top Selling Business Software list.
20
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
Symantec Mail Security for the gateway and for groupware leverages best-of-breed
antispam, antivirus, and content-filtering technologies to help organizations reduce spam volume,
eliminate threats, and simplify email security infrastructure management. It features Symantec
Premium AntiSpam™, utilizing Symantec Brightmail AntiSpam technology, which stops more than
97 percent of spam while producing less than one false positive for every million emails analyzed.
Symantec Mail Security for the gateway protection is offered in an array of deployment options—
software, appliance, and hosted service:
• Symantec Mail Security for SMTP provides email security software with integrated, best-ofbreed antispam, antivirus, and content-filtering technologies to stop spam, viruses, and other
email-borne threats at the SMTP gateway.
• Symantec Mail Security 8200 Series appliances provide best-in-class email threat protection.
Innovative email firewall and traffic-shaping technologies reduce email infrastructure costs by
preventing high-volume mail attacks. The appliance form factor enables low-cost deployment
and management.
• Symantec Hosted Mail Security offers industry-leading email security for the SMTP gateway
that requires no hardware, software, or ongoing administration and maintenance.
Symantec Mail Security for Microsoft Exchange provides high-performance, integrated
mail protection against virus threats, spam, and security risks and enforces company policies on
Microsoft Exchange 2000 and 2003 servers.
Symantec IM Manager is the industry's most widely deployed and trusted solution for
secure IM management—enabling organizations to control the use of public and enterprise IM
for real-time communication while helping to ensure compliance with legal and corporate
governance policies.
Symantec Backup Exec 10d with the Exchange agent provides full or incremental, or
differential backup and restore of Exchange embedded objects, attributes, and all Outlook
components. Restore can automatically mount the Exchange database upon completion of a
restore job, which helps ensure a valid database is brought back online quickly. Use of the Single
Instance Storage feature eliminates backup of duplicate information by storing only the first
instance of attachments distributed to multiple mailboxes.
Symantec Enterprise Vault software provides a flexible archiving framework to enable the
discovery of content held within email, file system, and collaborative environments—while helping
21
Protecting the Windows Environment: A Blueprint for Small and Mid-sized Organizations
to reduce storage costs and simplifying management. Powerful search and discovery capabilities
are complemented by specialized client applications for corporate governance, risk management,
and legal protection.
Conclusion and recommendations
Today’s mid-sized organizations are under acute pressure to provide greater access to valuable
information assets across an expanding network of suppliers, partners, employees, and customers
to achieve a sustainable advantage. As a result, given limited resources, they may find themselves
struggling to balance information access with the escalating risks of exposure.
As the Enterprise Strategy Group stated recently, “The need to protect information and
systems remains a critical business priority for small and mid-sized businesses running Windows
environments today. Those businesses typically do not enjoy the level of IT resources of large
enterprise operations, and increasingly need easy-to-deploy solutions that deliver enterprisequality protection.” 20
Mid-sized organizations seeking comprehensive protection for Windows environments are
encouraged to evaluate today’s best-in-class solutions for keeping their data, systems, and
applications secure and highly available.
Symantec offers a full suite of proven security and availability solutions that can help today’s
Windows centric organizations effectively and affordably meet these objectives. Easy to acquire,
deploy, and manage, Symantec’s best-in-class solutions help ensure that information and the
desktops, laptops, and servers that make it accessible are always secure and available:
• Symantec data solutions provide continuous data protection, secure data access, and rapid
data recovery.
• Symantec system solutions deliver simplified system administration and protection, providing
everything a Windows based company needs to stay up and running.
• Symantec application solutions include today’s leading security, archiving, storage, and backup
products to help ensure the protection and accessibility of email, instant messaging, and other
network applications.
• Symantec policy solutions streamline and automate the creation and enforcement of IT policies
and compliance procedures that address government regulations and meet industry standards.
Symantec’s unmatched combination of leading technologies and services can help ensure the
highest level of protection across Windows environments—without the cost or complexity usually
associated with high-performance solutions.
20
Brian Babineau, Enterprise Strategy Group.
22
About Symantec
Symantec is the world leader
in providing solutions to help
individuals and enterprises
assure the security, availability,
and integrity of their information.
Headquartered in Cupertino,
Calif., Symantec has operations
in more than 40 countries.
More information is available at
www.symantec.com.
For specific country offices and
Symantec Corporation
contact numbers, please visit
World Headquarters
our Web site. For product
20330 Stevens Creek Boulevard
information in the U.S., call
Cupertino, CA 95014 USA
toll-free 1 (800) 745 6054.
+1 (408) 517 8000
1 (800) 721 3934
www.symantec.com
Copyright © 2006 Symantec Corporation. All rights
reserved. Symantec and the Symantec logo are U.S.
registered trademarks of Symantec Corporation.
Symantec ÅntiSpam, AntiVirus, Backup Exec, Brightmail
AntiSpam, Enterprise Vault, Ghost, LiveState, and
pcAnywhere are trademarks of Symantec Corporation.
Microsoft and Windows are registered trademarks of
Microsoft Corporation in the United States and other
countries. All other brand and product names are trademarks of their respective holder(s). Any technical information that is made available by Symantec Corporation
is the copyrighted work of Symantec Corporation and is
owned by Symantec Corporation. NO WARRANTY. The
technical information is being delivered to you as-is
and Symantec Corporation makes no warranty as to its
accuracy or use. Printed in the USA. 09/06 10753676
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising