Fortifying network armor

Product review: Symantec's Client Security offers antivirus, firewall and intrusion-detection combo

For the first line of defense against viruses and break-in attempts, every agency counts on antivirus software, firewalls and, if it's lucky, an intrusion-detection engine. Unfortunately for the information technology professional, this means managing and monitoring disparate pieces of equipment, applications and logs.

For starters, antivirus software must be constantly updated with the latest virus definitions to ensure that malicious e-mail messages and files are kept at bay. Chinks in front-line armor can and will be exploited, so rules and filters for firewalls and intrusion-detection systems must be tweaked and their logs monitored.

What if this burden could be eased without compromising the agency's security? Symantec Corp. may have the answer with its Client Security product. Reasonably priced for stand-alone use or as an upgrade to existing Symantec antivirus deployments, Client Security integrates the company's solid antivirus engine with a host-based firewall and intrusion-detection engine. To complete the combination, Client Security offers a single management console for deploying, managing and monitoring hosts running Client Security.

Symantec has been known for its solid Norton AntiVirus software for years. The tool's LiveUpdate feature keeps users up-to-date with the latest virus signatures by connecting to an antivirus server within the organization or connecting directly to Symantec's Web site. Client Security takes that solid base for antivirus management a step further by creating a set of servers that manage and monitor Client Security software on each host.

We found it easy to install the client portion of Client Security. During the installation, we had the option of installing it as managed or unmanaged. We wanted to test it as a stand-alone program, so we chose unmanaged. If we had used the included Packager administration tool, we could have customized the client installation on the host computer as visible to the user in the system tray or as an invisible addition to that host computer.

The installation was straightforward, although we were a little disappointed to find that the LiveUpdate operation must be performed separately for the antivirus and firewall modules. It would be helpful to be able to update all modules at once from either the antivirus or firewall/intrusion-detection components.

That said, Symantec's antivirus component doesn't seem to have changed much from previous versions. The firewall/intrusion-detection component offers a solid user interface with an added AlertTracker applet that sits off to the side on the desktop and notifies the user of small events that occur, such as the completion of a LiveUpdate session. When more serious events occur, such as a hacker's scan of the host machine's ports, a screen pops up to notify the user of the event and its severity level.

The client front end consists of three components: Internet Status, Client Firewall and Privacy Control. Internet Status displays current information on attack or penetration attempts pertinent to the user, such as port scans.

The Client Firewall component shows data on recent attack and intrusion attempts, while the Privacy Control portion of the client lists information on Web sites that request or generate cookies on the user's computer.

One component of the client front end that we found interesting and useful is the statistics window, which came up whenever we requested more information on a specific portion of the client. That window, split into seven panes, contains information on the network (including TCP and User Diagram Protocol connections and bytes sent and received), firewall TCP connections, firewall rules (with a list of matched, unmatched and blocked rules), a graph of HTTP bytes and connections in the past 60 seconds, Web graphics and cookies blocked, and inbound and outbound network connections. We found the detailed information on overall intrusion-detection performance a nice touch.

Client Security was easy to modify when it came to default firewall rules and intrusion-detection signatures to watch for. We also liked the fact that the intrusion- detection engine includes AutoBlock. The main focus of such a system is to compare possible attacks against an attack signature database to see if there's a match and then take appropriate action. AutoBlock goes a step further. If it detects an attack from a source previously considered "trusted," it will automatically discard all incoming information from that attacking computer for a set period of time.

We also found it easy to ignore traffic that seemed to be an attack but wasn't, or to exclude computers or networks from monitoring by the intrusion-detection system.

The system also includes a suite of administrative modules, each of which we found to be well-documented and easy to use. The System Center manages groups and policies and locks client settings so users can't change them.

The Packager customizes installation deployments. It has three preconfigured installations: fully managed, lightly managed and not managed. Lightly managed does not include the pieces needed for central management, which you would get with the fully managed installation, but you can deploy policies and update other information needed at the client level.

We liked that we were able to customize the Packager, which allowed us to deploy a client configuration based on our particular needs.

Other tools are the Client Firewall Administrator, the Central Quarantine Server and Console (for the antivirus component of Client Security) and the LiveUpdate administrator.

Unfortunately, we'll have to wait until later in the year for Symantec to add a central information management server, which will consolidate alerts, logs and reports on a single console. Based on what we have seen of that server, we are impressed with its potential capabilities.

Overall, the software worked to our satisfaction, but our testing wasn't without glitches. We had some problems using Client Security on a test machine that was running Microsoft Corp.'s Windows 98. Client Security seemed to cause a stack fault error intermittently when we looked at the intrusion-detection portion of the client.

The problem turned out to be an incompatibility between Client Security and another third-party application installed on the computer.

The Laptop Connection

One of the major problems for security administrators is deploying and managing antivirus, virtual private network and firewall software on laptop computers. Laptops that connect remotely to an enterprise must have a secure VPN connection, as well as reliable antivirus software and a decent firewall for Internet connectivity. Client Security fills the bill for all three of those previously disparate software packages.

Client Security has a number of ways to keep a laptop's antivirus, firewall and intrusion-detection signature files and rules up-to-date. It performs these functions by pulling the latest software from a centrally managed server every time the laptop is connected to the network, or it can pull updates from the server after a specified number of days have elapsed.

Although there are other strong offerings for portable firewall software — Zone Labs Inc.'s ZoneAlarm comes to mind — some of the primary headaches for IT staff members are deploying and managing multiple pieces of software throughout the enterprise, on fixed and mobile devices. Client Security offers a way to diminish the laptop security nightmare so IT staff can focus on other important issues.

The Bottom Line

Overall, Client Security is a solid product. The LiveUpdate model that works well for antivirus software also performs in a broader security product. Our only disappointment was the fact that Symantec hasn't released its central information management server yet.

It would make a great finishing touch to a solid security bundle.

Garza is a freelance author and network security consultant in the Silicon Valley area of California.

***

What's in store

Last week, Symantec Corp. announced plans to enhance its Client Security product by integrating it with its ManHunt intrusion-detection system, recently acquired from Recourse Technologies.

ManHunt is a network-based intrusion-detection solution that flags suspicious events on the network. Specifically, it provides protocol anomaly detection for known and unknown attacks, signature detection with custom signature support, and behavioral anomaly analysis or statistical flow analysis intrusion detection for denial of service attacks, at speeds of up to 2 gigabits/second.

The company also plans to integrate ManHunt and Symantec Host IDS to provide better recognition and response to attacks by correlating intrusion-detection system data from the host and the network. Host IDS 4.0, scheduled for release next month, provides real-time monitoring and detection of and response to security breaches.

Also slated for integration with ManHunt is Gateway Security, which secures the gateway between the Internet and corporate networks or between network segments. It combines firewall, antivirus, Internet content filtering, intrusion detection and virtual private networking technologies in one appliance.

REPORT CARD

Symantec Client Security

Score: A

Symantec Corp.

(800) 721-3934

www.symantec.com

The list price is $102 per client for 10 licenses and $46 per client for 2,000 or more. Government pricing is available.

The combination of Symantec Corp.'s solid antivirus engine with a host-based firewall and intrusion-detection engine makes this a solid product that should be deployed to vulnerable client systems as soon as possible. Unfortunately, we'll have to wait until later this year for a centralized alerting, logging and reporting server.

Client Security runs on Microsoft Corp. Windows 95, 98, NT, 2000 and XP. We tested the product on a NEC Direction SP-E333 server with a single Intel Corp. Pentium III 333 MHz processor with 256M of memory.

Client machines were a Dell Computer Corp. Dimension L667R with a 600 MHz Pentium III processor and 128M of memory, a Dell Dimension L466C with a 466 MHz Pentium III processor and 128M of memory, and a Sony Electronics Inc. Vaio PCV-R545DS with a 500 MHz Pentium III processor and 128M of memory.

NEXT STORY: Letter to the editor

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.