Houston Security User Group

 View Only
  • 1.  Network Threat Protection on Servers

    Posted Jul 23, 2012 01:45 PM

    Okay,

    I am having a disagrement with my Infratstructure team on having NTP turned on a standard Server.

     

    I have the following configuration.

     

    1. Workstations & Laptops have AV/PTP/NTP turned.

    2. Servers both Citrix/Terminal Servers and DMZ based with both AV & NTP

    3. I will say 80% of our other Servers also have AV and NTP turned on, no FW policy.

     

    I believe that if any server has access to the internet be it, IE, FF or any other Browser that NTP should be installed and turned on. I am asking for an opinion?

     

    Thanks,

     



  • 2.  RE: Network Threat Protection on Servers

    Broadcom Employee
    Posted Jul 23, 2012 01:49 PM

    yes, NTP should be installed on the servers . However note the firewall rules should not block legit traffic.

    check this link

    Best Practices for Installing SEP on Windows Servers

    http://www.symantec.com/business/support/index?page=content&id=TECH92440



  • 3.  RE: Network Threat Protection on Servers

    Posted Jul 23, 2012 02:16 PM

    Thanks, on Servers I have withdrawn the FW Policy since we are behind the FW here. I believe NTP is sufficient for us. Now if I could only get our Infrastruce team would agree.

     

     



  • 4.  RE: Network Threat Protection on Servers

    Posted Jul 23, 2012 05:08 PM

    Thank fully, I've finally managed to convince our team to get NTP installed after long discussions. Now, whenever there is a problem with the server, it's the first component to be uninstalled "for troubleshooting purposes".

    I have seen no additional overhead for having it installed. NTP with network teaming can be a pain though. We've also had Exchange servers block Outlook clients because of excessive downloading of the address book.

    Your team needs to understand that NTP is beneficial. Because it is heuristics based, it detects malicious intent of the network traffic instead of AV relying on signatures. That means you have better protection against zero day exploits. Is that not enough reason to implement it?



  • 5.  RE: Network Threat Protection on Servers

    Posted Jul 24, 2012 02:27 PM

    Ian,

     

    From your mouth to Gods ears. I appreciate your input on this. I keep banging heads, someday they will get it.

    Thanks again.



  • 6.  RE: Network Threat Protection on Servers

    Posted Jul 29, 2012 10:02 AM

    So for the SEP v12.1 is this behaviour has been corrected or not yet ?

    because I'm about to deploy it company wide in my test server first and then to my production servers.



  • 7.  RE: Network Threat Protection on Servers

    Posted Jul 30, 2012 06:23 PM

    Dushan,

    All I can tell you on this, is that SEP 12.1 is much more powerful than 11. I also much stabler. I have a POC(Proof of Concept) right now, and have aboug 25 Clients on the system

    It is working well, I would suggest to try only a few clients first and see how that goes.

     

    My 2 Cents Right or Wrong.

     

     



  • 8.  RE: Network Threat Protection on Servers

    Posted Jul 30, 2012 11:55 PM

    Thanks for the advice usacc23, I'm in the middle of upgrade process to SEP 12.1 now :-)