n.nvt configuration

[Nico@FMA]

My work/private pc's (laptops + desktops) are configured exactly the same.
And if for whatever reason one of the pc's crashes beyond recovery then with a simple cable to my nifty backup server it will be up and running within 10 minutes. Also the malware or Error that might did cause the crash is would be 100% gone as everything is session based.
Obviously the server has a tight security and is being used to "supervise" the "client" computers.

It took some time to set it up specially the group policy settings and custom rule settings where a pain to set up as it is a lot of work.
But after putting it all together and updating/backup it the whole network can be replaced by a fresh install within minutes without loss of data.

Anyway because i use my pc's both professionally and for home uses i do not have the luxury to run a flawed system/network and security.

Cheers

*To be updated

 

[McLovin]

I like the setup. With Symantec Endpoint, you can't change anything with it or is it all done by server admin?

Since it's business don't know if there's much that you can add to browsers. Only thing I could say is add a password manager.

 

[Nico@FMA]

I like the setup. With Symantec Endpoint, you can't change anything with it or is it all done by server admin?

Since it's business don't know if there's much that you can add to browsers. Only thing I could say is add a password manager.

SEP is being managed by a central server who has admin access. so the local clients cannot alter it in any way shape or form.
The policies are to strict for that.
However on the local client pc the user can install anything but when the pc is going to shut down the admin server can roll back any change if needed with one push on a button.

I personally use Opera browser for its security and its ability to be as secure as it gets, so there is no need for additional plugins.
However thanks to my own browser habits the odds that i will end up on a malware infested web page is going to be nil anyway

As for the password manager, i do not have a need for those things as accessing the pc's is being done by a usb key, without that usb stick you are not going to be able to access the network.
And as for email accounts and other password needing programs the server is having a Symantec Endpoint Encryption.

So its going to be virtually impossible to hijack passwords.
Besides that if they want to hack or corrupt my online email account then i hope they have fun as for forums and such i use junk email accounts.
As for my own private accounts they are locked up real tight nicely behind a encrypted connection and a sweet filter + firewall. who only accepts connections from this side if the connection. And if i want to access my email from the outside then i have remote access using my phone which is white-listed.

But yes i agree generally a pass manager is nice to have.

 

[McLovin]

As I thought. They do the same at TAFE, your a local admin but will roll back on every reboot. Quite handy that way.

 

[Nico@FMA]

As I thought. They do the same at TAFE, your a local admin but will roll back on every reboot. Quite handy that way.

Well yes it is, as it does allow the user at home (Me/wife/kids) to do whatever they would like to do, without the risk of screwing things up.

And as for the employees who can access the network from the outside using encrypted connections with session support (vpn) and only if they use the usb and from a white listed pc/network there is not much risk either as most of them only call up applications and some files from the network, so they basically only store files locally and those pc's are also managed by a main server.

That said the system is seriously nice and it offers a very well rounded security.
However the only weak link imo is the UPC router as it can be exploited which is a major concern given the fact that the firmware got destroyed a few weeks ago during a serious network attack.
So currently we are planning to replace it by a Dell SonicWALL router which is by far superior.

Ps whats TAFE? Keep in mind i am dutch so i am not aware of all the international terms and companies.

 

[McLovin]

Ps whats TAFE? Keep in mind i am dutch so i am not aware of all the international terms and companies.

Technical and further education. Something I did last year.

 

[Nico@FMA]

Ps whats TAFE? Keep in mind i am dutch so i am not aware of all the international terms and companies.

Technical and further education. Something I did last year.

Ahh thanks.

 

[jamescv7]

Oh well seems in the Work area then its from the Administration has the right to change from security layer.

 

[GA4E1]

Cisco EPC3925 EuroDocsis 3.0 <-- Now this is something interesting.

How much IO/RAM/CPU does your AV solution use while on Idle and Scan?

I have previously used some Endpoint solutions but not Norton.

Do you use a VPN to connect to your work environment?

 

[Nico@FMA]

Cisco EPC3925 EuroDocsis 3.0 <-- Now this is something interesting.

How much IO/RAM/CPU does your AV solution use while on Idle and Scan?

I have previously used some Endpoint solutions but not Norton.

Do you use a VPN to connect to your work environment?

Cisco EPC3925 EuroDocsis 3.0 << interesting? could you explain why? As to me this little piece of hardware is nice but no way near the point that i would recommend it. Truth to be said, compared to the other ISP given router models this one seems to be rather good.

My Symantec Endpoint Protection uses virtually no memory and not much cpu during idle scans.
* ccSvcHst.exe (Symantec service framework) uses 7,920k Memory
* ccSvcHst.exe (Symantec service framework) uses 1,908k Memory
* Smc.exe (Symantec CMC Smc) uses 4,884k Memory

So thats all together less then 15mb, and in terms of CPU it uses virtually non it rarely uses 10% CPU during heavy scan and configuration tasks.
However there is a little thing you should know, when you install SEP it intents to scan the whole system and checking every little hiding spot your pc might have, and doing so will soak up a good amount of memory and CPU.
However due is reputation based Symantec Insight SEP slows down in memory/cpu/disk usage over time and uses way less then any other package. This is after your System/ network has been configured in a proper way using SEP clients + Sep Admin then it still checks the systems but in a way less intrusive way, while still providing you with the best industrial endpoint protection money can buy.

This might not say much, but Sophos end point will use up to 50mb's during idle state, and during scans it uses easy up to 250/500mb.
And it utilizes a whopping 75% of CPU (And 30% Kernel)

However we have SEP running on 7 different networks who are part of one master network (over 100 computers and 35 laptops and 10 servers)
And per client it does not use more then 35mb memory during heavy tasks. The only thing that seems to give a memory usage rush seems the autoupdate feature which can spike the memory to 100mb for like 2 seconds.

Anyway longstory short SEP does everything it promises to do and does it incredible well. But it all comes down to ONE vital rule: Make sure that you configure your network and your end point protection suit properly.
If you do that then it really does not matter which brand you take as most of them are rather good programs.
But in my years of exp i do have to say that SEP does have a little edge in terms of everything, and if usage of resources on the client/server is a concern for you then you will find SEP to be a great suit as it uses virtually NIL.

I for one would never use a other suit even if they offered it for free.
But obviously what works for me might not work for you.
That said we all know the stories about Norton being a resource hogger, and we all know that Symantec sort of shares the same things as Norton (Aldo they are the same company their products are VERY different)
But Symantec does have a few jewels in their product line and SEP is by far the biggest jewel and in all kinds of tests out there it proves to be a really serious program which does not settle for second place.

Ps if you read up you will see that we do use VPN
Cheers

 

[normalizerx]

Cisco EPC3925 EuroDocsis 3.0 <-- Now this is something interesting.

How much IO/RAM/CPU does your AV solution use while on Idle and Scan?

I have previously used some Endpoint solutions but not Norton.

Do you use a VPN to connect to your work environment?

Cisco EPC3925 EuroDocsis 3.0 << interesting? could you explain why? As to me this little piece of hardware is nice but no way near the point that i would recommend it. Truth to be said, compared to the other ISP given router models this one seems to be rather good.

My Symantec Endpoint Protection uses virtually no memory and not much cpu during idle scans.
* ccSvcHst.exe (Symantec service framework) uses 7,920k Memory
* ccSvcHst.exe (Symantec service framework) uses 1,908k Memory
* Smc.exe (Symantec CMC Smc) uses 4,884k Memory

So thats all together less then 15mb, and in terms of CPU it uses virtually non it rarely uses 10% CPU during heavy scan and configuration tasks.
However there is a little thing you should know, when you install SEP it intents to scan the whole system and checking every little hiding spot your pc might have, and doing so will soak up a good amount of memory and CPU.
However due is reputation based Symantec Insight SEP slows down in memory/cpu/disk usage over time and uses way less then any other package. This is after your System/ network has been configured in a proper way using SEP clients + Sep Admin then it still checks the systems but in a way less intrusive way, while still providing you with the best industrial endpoint protection money can buy.

This might not say much, but Sophos end point will use up to 50mb's during idle state, and during scans it uses easy up to 250/500mb.
And it utilizes a whopping 75% of CPU (And 30% Kernel)

However we have SEP running on 7 different networks who are part of one master network (over 100 computers and 35 laptops and 10 servers)
And per client it does not use more then 35mb memory during heavy tasks. The only thing that seems to give a memory usage rush seems the autoupdate feature which can spike the memory to 100mb for like 2 seconds.

Anyway longstory short SEP does everything it promises to do and does it incredible well. But it all comes down to ONE vital rule: Make sure that you configure your network and your end point protection suit properly.
If you do that then it really does not matter which brand you take as most of them are rather good programs.
But in my years of exp i do have to say that SEP does have a little edge in terms of everything, and if usage of resources on the client/server is a concern for you then you will find SEP to be a great suit as it uses virtually NIL.

I for one would never use a other suit even if they offered it for free.
But obviously what works for me might not work for you.
That said we all know the stories about Norton being a resource hogger, and we all know that Symantec sort of shares the same things as Norton (Aldo they are the same company their products are VERY different)
But Symantec does have a few jewels in their product line and SEP is by far the biggest jewel and in all kinds of tests out there it proves to be a really serious program which does not settle for second place.

Ps if you read up you will see that we do use VPN
Cheers

Wow, I really appreciate your extensive reply and explanation! It is very useful for me as I'm also interested in SEP.

 

[Chigwells]

You've got a solid sounding config but most of it is over my head. opcorm1:

Like you I mainly use Opera. I've had IE disabled for the past year. Just today I enable it, IE10, so I can have it in the background for occasional MS use etc.

What's 'Internet explorer 10 (Very rarely used and severely limited by policy rule set)' all about? Care to elaborate. I only have Home Premium so not sure if I'll be able to copy you but am interested to learn.

Chig.

 

[Nico@FMA]

Hi n.nvt.

You've got a solid sounding config but most of it is over my head. opcorm1:

Like you I mainly use Opera. I've had IE disabled for the past year. Just today I enable it, IE10, so I can have it in the background for occasional MS use etc.

What's 'Internet explorer 10 (Very rarely used and severely limited by policy rule set)' all about? Care to elaborate. I only have Home Premium so not sure if I'll be able to copy you but am interested to learn.

Chig.

I did limit the rights and abilities that IE has, using the central server which assigns and executes rule based policies and assigns them to local client user accounts.
So the local client pc's are severely restricted and regulated by pre- defined rules which are being monitored and maintained by the central server.
To put it simple i did lock up IE and did trow away the key.