Encryption. Administrator Guide

Size: px
Start display at page:

Download "Email Encryption. Administrator Guide"

Transcription

1 Encryption Administrator Guide

2 Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section "Commercial Computer Software - Restricted Rights" and DFARS , et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

3 Symantec Corporation 350 Ellis Street Mountain View, CA

4 Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our website at the following URL: All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information

5 Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: Customer service information is available at the following URL: Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

6 Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America

7 Contents Technical Support... 4 Chapter 1 Introduction to Encryption... 8 About Encryption Encryption video tutorials... 9 Cipher suites supported by Security TLS Services... 9 Chapter 2 TLS Enforcements Introduction to Encryption services TLS Enforcements and Enforcements Summary page Configuring default TLS settings Configuring custom TLS settings TLS enforcements with business partners Testing mail servers Adding a new enforcement Advanced TLS settings over VPN Configuring TLS enforcements between you and the security infrastructure Configuring Advanced TLS settings Encryption policy for future domains Chapter 3 TLS Business Partners Introduction to TLS business partners TLS Business Partners summary page Adding a new business partner Editing a TLS business partner Adding a new, or editing an existing business partner domain Moving business partner domains Editing a TLS business partner domain Chapter 4 Policy Based Encryption Introduction to Policy Based Encryption About Policy Based Encryption... 39

8 Chapter 1 Introduction to Encryption This chapter includes the following topics: About Encryption Encryption video tutorials Cipher suites supported by Security TLS Services About Encryption is an inherently insecure means of communication, in that most messages are sent in plain text over the public Internet. To safely exchange information between two organizations, some form of encryption technology should be used. Security Services (ESS) supports two types of encryption: Transport Layer Security (TLS) Policy Based Encryption (PBE) TLS is the successor to the Secure Socket Layer (SSL) protocol, as defined in the Internet Engineering Task Force (IETF) RFC TLS is a protocol that ensures private communication between applications and the users of applications on the Internet. Once a TLS session is established between the client sending the message and the server receiving the message, a secure SMTP dialog can be performed. The secure SMTP dialog ensures that a message is not modified during transmission. TLS encryption uses Public Key Infrastructure (PKI) certificates as the means of authenticating the recipient mail server. PBE is an optional add-on service that uses Data Protection policies to determine if an outbound message that ESS receives should be encrypted. Unlike TLS, PBE

9 Introduction to Encryption Encryption video tutorials 9 does not require TLS, and therefore lets you send encrypted to the third-party mail servers that do not support TLS. TLS is commonly used with PBE to ensure messages with sensitive data, that trigger a PBE Data Protection policy, are transmitted securely to ESS. See the Boundary Encryption MTA Setup Guide for information about how to set up your mail servers to support TLS. Encryption video tutorials Click on these links to open video tutorials to assist you with your Encryption configuration. Encryption video tutorials Configuring TLS enforcements against your domains Enforcing TLS encryption between you and the Security Service Getting visibility into your enforcements Setting up a new business partner Moving domains from one business partner to another Cipher suites supported by Security TLS Services Opportunistic cipher set ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-DSS-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA

10 Introduction to Encryption Cipher suites supported by Security TLS Services 10 DHE-RSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DHE-DSS-AES256-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-DSS-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-SEED-SHA DHE-DSS-SEED-SHA SEED-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 AES128-GCM-SHA256 AES128-SHA256 AES128-SHA DHE-DSS-AES128-SHA DHE-RSA-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA CAMELLIA128-SHA DES-CBC3-SHA RC4-SHA

11 Introduction to Encryption Cipher suites supported by Security TLS Services 11 Enforced cipher set ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDH-RSA-AES128-GCM-SHA256 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES128-SHA ECDH-RSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA384 ECDH-RSA-AES256-SHA ECDH-ECDSA-AES128-GCM-SHA256 ECDH-ECDSA-AES128-SHA256 ECDH-ECDSA-AES128-SHA ECDH-ECDSA-AES256-GCM-SHA384 ECDH-ECDSA-AES256-SHA384 ECDH-ECDSA-AES256-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA

12 Introduction to Encryption Cipher suites supported by Security TLS Services 12 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-DSS-AES128-GCM-SHA256 DHE-DSS-AES128-SHA256 DHE-DSS-AES128-SHA DHE-DSS-AES256-GCM-SHA384 DHE-DSS-AES256-SHA256 DHE-DSS-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA256-SHA DHE-DSS-CAMELLIA128-SHA DHE-DSS-CAMELLIA256-SHA CAMELLIA128-SHA CAMELLIA256-SHA RC4-SHA Enforced / Export cipher set EXP-KRB5-RC4-SHA EXP-KRB5-RC2-CBC-SHA EXP-KRB5-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA

13 Introduction to Encryption Cipher suites supported by Security TLS Services 13 EXP-DES-CBC-SHA Opportunistic / CESG 2.0 cipher set DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA Enforced / CESG 2.0 cipher set DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA

14 Chapter 2 TLS Enforcements This chapter includes the following topics: Introduction to Encryption services TLS Enforcements and Enforcements Summary page Configuring default TLS settings Configuring custom TLS settings TLS enforcements with business partners Testing mail servers Adding a new enforcement Advanced TLS settings over VPN Configuring TLS enforcements between you and the security infrastructure Configuring Advanced TLS settings Encryption policy for future domains Introduction to Encryption services The encryption settings consist of three areas: TLS Enforcements, TLS Business Partners, and Policy Based Encryption. TLS Enforcements settings apply enforcements to individual domains. You can configure policies to enforce encryption between your mail servers and the Security Service infrastructure. You can also configure policies to enforce TLS encryption between your domains and the domains of third-party business partner organizations.

15 TLS Enforcements TLS Enforcements and Enforcements Summary page 15 TLS Business Partners let you create groups of third-party domains (also called business partners). Creating a business partner does not mean that a TLS Enforcement is implemented. Create the business partner from this page, and then use the TLS Enforcements tab to configure the enforcements between your domain and the business partner. The Enforcements Summary page lets you download lists of your business partners and displays a summary of the TLS enforcements that are applied to them. See TLS Business Partners summary page on page 30.. See Configuring default TLS settings on page 17. See Configuring custom TLS settings on page 18. Policy Based Encryption is an optional add-on available at additional cost. Policy Based Encryption is a cloud-based encryption service integrated with the data protection service that enables you to encrypt specific s based on a policy. Policy Based Encryption services provide alternative methods for recipients to read and reply securely to encrypted . It also enables you to send encrypted to the third parties that do not support TLS. Policy rules can apply to various parts of an . The areas include the subject line, the body, file attachments, Microsoft Office documents, and PDF documents. If an triggers a policy rule, then you can specify that it be delivered with encryption. You define your encryption policies in Services > Data Protection > Policies. TLS Enforcements and Enforcements Summary page Links within the table on the TLS Enforcements page open configuration pages for the Default Settings and Custom enforcement settings. Click the Default Settings link to configure a set of default TLS policies to apply to some or all of your domains. Click a domain name in the Domain column to configure the Custom Settings or to specify that the domain use the Default TLS Settings. Click any column heading to sort the column Table 2-1 shows an overview of the currently implemented TLS enforcement policies on your domains.

16 TLS Enforcements TLS Enforcements and Enforcements Summary page 16 Table 2-1 Column Title Domain Enforcements page descriptions Description This column contains the Default Settings link and a list of your provisioned domains. Click the name of a domain to customize the TLS enforcements that are associated with that domain. TLS Enforcement with Business Partners Outbound TLS (from you to the Security Services infrastructure) Inbound TLS (from the Security Services infrastructure to you) Status Shows the number of TLS enforcements that are associated with your domains. Shows the outbound enforcement policy between your domains and the Security Services infrastructure. Outbound TLS means that the Security Services infrastructure only accepts from your outbound Simple Mail Transport Protocol (SMTP) servers when sent over TLS. Shows the inbound enforcement policy between the Security Services infrastructure and your domains. Inbound TLS Enforcement means that the Security Services infrastructure always uses TLS to deliver to your domain s inbound mail servers. Shows whether your domains use Custom Settings or if they inherit the TLS enforcements from the Default Settings. Enforcements Summary page Click a link in the TLS Enforcement with Business Partners column to open the Enforcements Summary page. Table 2-2 shows a summary of the TLS enforcements between your domain and your TLS business partners. Table 2-2 Column Title Enforcements Summary page descriptions Description Business Partner Name Shows the name of the business partner.

17 TLS Enforcements Configuring default TLS settings 17 Table 2-2 Column Title Enforcements Summary page descriptions (continued) Description Business Partner Domain Enforcement Direction Enabled Shows all the configured domain names that are associated with the Business Partner domain. Shows the type of enforcement policy. Shows the enforcement direction: Inbound, Outbound, or Inbound and Outbound. Shows if the Business Partner domain is enabled or disabled. You can also download the summary in a CSV file using the Download the full list as a CSV file link. See Configuring default TLS settings on page 17. See Configuring custom TLS settings on page 18. See Adding a new enforcement on page 20. Configuring default TLS settings To access TLS Default Settings click Encryption > TLS Enforcements, then click the Default Settings link from within the table. The default settings let you apply the same enforcement policy to multiple domains. You can add a new enforcement policy with Add New Enforcement. Note: When a new enforcement is added to the Default Settings, the new enforcement applies to all domains configured to use the Default Settings. Configuring the default settings consists of making selections under the following headings: TLS Enforcements with Business Partners TLS Enforcements between you and the Security Services infrastructure Encryption policy for domains provisioned in the future See TLS enforcements with business partners on page 18.

18 TLS Enforcements Configuring custom TLS settings 18 See Configuring TLS enforcements between you and the security infrastructure on page 23. See Adding a new enforcement on page 20. See Encryption policy for future domains on page 27. Configuring custom TLS settings To access TLS Custom Settings click Encryption > TLS Enforcements, then in the Domain column, click a domain name. The custom settings let you apply a specific set of policies to a domain and add advanced TLS settings. If necessary, you can also add a new enforcement policy. See Adding a new enforcement on page 20. The Use Default Settings radio button applies the Default Settings to this domain and prevents any changes other than in the Advanced TLS Settings. See Configuring default TLS settings on page 17. To configure the custom settings, you make selections in the following areas: TLS inbound mail server test TLS Enforcements with Business Partners TLS Enforcements between you and the Security Services infrastructure Advanced TLS Settings See TLS enforcements with business partners on page 18. See Configuring default TLS settings on page 17. See Configuring Advanced TLS settings on page 26. See Configuring TLS enforcements between you and the security infrastructure on page 23. TLS enforcements with business partners To access this function click Encryption > TLS Enforcements, then click a domain name or Default Settings in the Domain column. This section contains the Add New Enforcement function that lets you add a new enforcement policy to an individual domain. You can also sort the list, and delete TLS Enforcements to an existing Business Partner. See Adding a new enforcement on page 20.

19 TLS Enforcements Testing mail servers 19 Testing mail servers You can test both your inbound mail servers and your business partner mail servers. The Test function checks TLS connectivity between the mail servers. The Test function starts a sequence of connectivity tests that may take a few moments to complete. After the test completes, a pop-up window appears that displays the test results. If the test fails, details explaining why the failure has occurred and how to resolve the problem appear. The window may have scroll bars and expanding text with additional information. Note: When a domain name presents multiple MX records, then each MX record is tested. If an MX record presents multiple IP addresses as A records in the DNS, then a randomly selected IP address is tested. Testing your own inbound mail servers 1 Navigate to Encryption > TLS Enforcements. 2 Click a domain name in the Domain column. 3 Click Test under the heading TLS inbound mail server test to check the connectivity of your own inbound mail servers. Testing existing Business Partner's mail servers 1 Navigate to Encryption > TLS Business Partners. 2 Click the name of a Business Partner. 3 Click a domain name in the Business Partner column. 4 Test checks connectivity to your business partner domain's inbound mail servers. Testing new Business Partner's mail servers 1 Navigate to Encryption > TLS Business Partners. 2 Click the name of a Business Partner to edit. 3 Click Add New Business Partner Domain. 4 Enter your configuration settings in the Add New TLS Business Partner Domain window. 5 Click TLS Test to test the inbound mail servers for the new domain. 6 When the connectivity tests pass, click Save. See Configuring custom TLS settings on page 18.

20 TLS Enforcements Adding a new enforcement 20 See Editing a TLS business partner on page 30. Adding a new enforcement To access Add New Enforcement click Encryption > TLS Enforcements, then from within the table, click Default Settings or a domain name. Add New Enforcement lets you add a new enforcement policy to the Default Settings or to an individual domain. Note: When a new enforcement is added to the Default Settings, the new enforcement applies to any domains configured to use the Default Settings. Add New Enforcement opens a dialog with the following drop-down lists: Business Partner Encryption Policy Direction Inbound (from the business partner's domains to you through the Security Services (ESS) infrastructure) Outbound (from you to the business partner's domain through the Security Services infrastructure) Inbound and Outbound If your domain has no TLS enforcements configured, you can still send and receive by Opportunistic TLS. If the Security Services (ESS) infrastructure receives an from you or a third party over Opportunistic TLS, then ESS attempts to deliver the to the recipient by using Opportunistic TLS. Additionally, when Opportunistic TLS is used ESS falls back to clear text delivery if the recipient mail server does not support TLS. If ESS receives an in clear text, and no TLS enforcements are configured, then ESS delivers the to the recipient in clear text. Adding a new TLS encryption policy (Add New Enforcement) 1 From the TLS Enforcements click either Default Settings or a domain name link. 2 Click Add New Enforcement. 3 Make a selection from the Business Partner drop-down list. 4 Make a selection from the Encryption Policy drop-down list. 5 Make a selection from the Direction drop-down list.

21 TLS Enforcements Adding a new enforcement 21 6 Click Add. 7 Ensure that you click Save at the bottom of the final page. Securing SMTP connections to a business partner with TLS enforcement 1 To send to a business partner that has outbound TLS enforcement enabled, your outbound mail server must issue a STARTTLS command to the ESS server. Note: If your outbound mail server fails to negotiate TLS with the ESS, then ESS rejects the SMTP connection. 2 After ESS receives the using TLS, then ESS processes the and applies your outbound scanning policy. 3 After the is processed, ESS attempts to establish a secure SMTP connection to the business partner recipient over Enforced TLS. Figure 2-1 TLS-enforced mail flow during outbound enforcement with a business partner Outbound Inbound TLS-enabled traffic Outbound Inbound Your mail server Security Services (ESS) Third-party mail server Note: is not delivered when a Business Partner's mail server does not support TLS, or if ESS fails to authenticate the certificate that the third-party recipient mail server presents when the domain uses Strong Validation. Undelivered mail is placed in a retry queue. If the delivery fails after the standard retry period has ended, the is bounced back to you.

22 TLS Enforcements Advanced TLS settings over VPN 22 Securing SMTP connections from a business partner with TLS enforcement 1 To receive an from a business partner that has Inbound TLS enforcement enabled, the business partner s outbound mail server must issue a STARTTLS command to the ESS server. Note: If the Business Partner s outbound mail server fails to negotiate TLS with the ESS, then ESS rejects the SMTP connection. 2 After ESS receives the using TLS, then ESS processes the and applies your inbound scanning policy. 3 After the is processed, ESS attempts to establish a secure SMTP connection to your mail server over Enforced TLS. Figure 2-2 TLS-enforced mail flow during inbound enforcement with a business partner Outbound Inbound Outbound Inbound Your mail server Security Services (ESS) TLS-enabled traffic Business partner mail server Note: is not delivered if your inbound mail server does not support TLS, or ESS fails to authenticate the certificate that your recipient mail server presents when the domain uses Strong Validation. Undelivered mail is placed in a retry queue. If the delivery fails after the standard retry period has ended, the is bounced back to the business partner. See Introduction to Encryption services on page 14. Advanced TLS settings over VPN Advanced TLS settings over VPN are not typically available to Security Services infrastructure customers. They are only visible if you have an infrastructure that is connected to the Security Services infrastructure over a dedicated VPN. To access Advanced TLS settings over a VPN click Encryption > TLS Enforcements, then select either Default Settings or a domain name under the

23 TLS Enforcements Configuring TLS enforcements between you and the security infrastructure 23 heading Advanced TLS settings if you are connecting to the Security Services infrastructure over a VPN. Select the Never enforce TLS outbound from my domain to the Security Services infrastructure or Never enforce TLS inbound from the Security Services infrastructure to my domain check boxes. Never enforce TLS outbound from my domain to the Security Services infrastructure lets you send in clear text from your domain to the Security Services infrastructure, regardless of other TLS enforcements. Never enforce TLS inbound from the Security Services infrastructure to my domain lets you receive in clear text from the Security Services infrastructure to your domain, regardless of other TLS enforcements. See Configuring default TLS settings on page 17. See Configuring custom TLS settings on page 18. Configuring TLS enforcements between you and the security infrastructure To access this function, click Encryption > TLS Enforcements, then select Default Settings or a domain name from within the Domain column. You can select TLS Outbound, Inbound, or both Outbound and Inbound enforcements to always be enforced with the associated check boxes. Outbound TLS enforcement means that the Security Services infrastructure only accepts SMTP connections from your outbound servers when sent over TLS. Inbound TLS enforcement means that the Security Services infrastructure always uses TLS to secure SMTP connections to your domain's inbound mail servers. Figure 2-3 shows the portion of the process that is encrypted during outbound encryption from your domain to the Security Services (ESS) infrastructure.

24 TLS Enforcements Configuring TLS enforcements between you and the security infrastructure 24 Figure 2-3 Always enforce TLS encryption outbound from my domains to the ESS encrypted area Outbound Outbound My domain Inbound Security Services (ESS) Inbound Third-party mail server Note: Ensure that your outbound mail servers are TLS-enabled and configured to deliver outbound over TLS.

25 TLS Enforcements Configuring TLS enforcements between you and the security infrastructure 25 Sending an with TLS always enforced outbound from your domain to the Security Services 1 To send an outbound to a third party with Always enforce TLS outbound from your domain to the Security Services enabled, your outbound mail server must issue a STARTTLS command to the ESS server. When using this feature, you must always send over TLS regardless of whether the recipient is a business partner or not. Note: If your outbound mail server fails to negotiate TLS with ESS, then ESS rejects the SMTP connection. 2 After ESS receives the using TLS, ESS processes the and applies your outbound scanning policy. 3 After the is processed, ESS attempts to secure an SMTP connection to the third-party recipient with the following condition: If the recipient is part of an outbound TLS enforcement with a business partner, then TLS is enforced for onward delivery. See TLS enforcements with business partners on page 18. Note: If the recipient is not part of an outbound business partner TLS enforcement, then ESS delivers the to the third party by Opportunistic TLS. If the third-party mail server supports TLS, then the is delivered by TLS. If TLS is not supported, then the is delivered in clear text. When is delivered by Opportunistic TLS, the recipient mail server is not authenticated and ESS does not validate the SSL certificate that the third-party mail server presents. Figure 2-4 shows the portion of the process encrypted during inbound encryption to your domain from the ESS. Figure 2-4 Receiving an with TLS always enforced inbound from Security Services to your domain Outbound Inbound Security Services (ESS) Outbound Inbound My domain TLS-enabled traffic Third-party mail server

26 TLS Enforcements Configuring Advanced TLS settings 26 Note: Ensure that your inbound mail server is correctly TLS-enabled. Receiving an with TLS always enforced inbound from the Security Services to your domain 1 When ESS receives an inbound from a third party, and the third party is not subject to inbound TLS enforcement as a business partner, then the third party can send to the ESS over TLS or in clear text. To guarantee end-to-end TLS enforcement from a specific third party, create the third party as a business partner and apply an inbound enforcement against the Business Partner. See TLS enforcements with business partners on page After ESS receives the , ESS processes the and applies your inbound scanning policy. 3 After the is processed, ESS attempts to secure the SMTP connection to your inbound mail server over enforced TLS. Always enforce TLS inbound from Security Services to your domain sets TLS enforcement from ESS to your mail server even if ESS received the in clear text from the third party. Note: is not delivered when your inbound mail server does not support TLS, or ESS fails to authenticate the certificate that your recipient mail server presents when the domain uses Strong Validation. Undelivered mail is placed in a retry queue. If the delivery fails after the standard retry period has ended, the is bounced back to the third party. See Configuring default TLS settings on page 17. See Adding a new enforcement on page 20. Configuring Advanced TLS settings To access Advanced TLS settings, click Encryption > TLS Enforcements, then in the Domain column click a domain name. The settings are under the heading Advanced TLS Settings. The Advanced TLS settings include the following: Excluded sub-domains (an optional setting). Exclude individual sub-domains from TLS Enforcement by entering them in the text box one sub-domain per line, for example subdomain.parentdomain.com. Sub-domains inherit TLS enforcement policy and settings by default.

27 TLS Enforcements Encryption policy for future domains 27 Trusted Certificate Common Names (an optional setting). This setting is only applicable with Strong certificate validation. In this field, supply a list of trusted certificate common names (CN). The names are compared to the CN value of the receiving mail server's SSL certificate when the receiving mail server is authenticated. This feature is useful to deliver mail in the following situations: When you route mail to your inbound mail servers by IP address rather than by a host name. In this situation there is no host name to validate the certificate against. However, in these situations a better resolution might be to modify your Inbound Routes to be host names, rather than IP addresses. See Managing your inbound routes and Viewing your inbound routes. When you deliver your mail to a trusted Mailhost and the CN or the SAN on the certificate does not match the host name of the mail server. This method may let you work around an authentication issue with your inbound mail servers. A best practice is to install certificates on your mail servers with CN or SAN DNS entries that match the host names of your mail servers. Mail Delivery can be set to Inbound route or Static route delivery. that is sent to this domain by TLS is delivered to the receiving mail server by your domain's inbound routes or Static Route. A static route delivers the to a specific server. Your inbound mail servers are typically configured in the inbound routes screen. Only use the TLS static routes if you need to enforce TLS delivery to your mail server. The TLS Static Route refers to a specific inbound mail server. This static route can be Host name, IP address, Host name: Port, or IP: Port. Certificate Validation Strong means that the inbound mail server certificate must be within date, have a full trust chain and be signed by a trusted root Certification Authority. The CN or the SAN value on the certificate must also match the host name of the mail server, or the list of Trusted Certificate Common Names. Relaxed validation means that the certificate checks are not applied. Warning: Relaxed validation makes it easier for an attacker to masquerade as your domain, either through a DNS poisoning or man-in-the-middle attack. See Adding a new enforcement on page 20. Encryption policy for future domains To access this function, click Encryption, then TLS Enforcements under the heading Encryption policy for domains provisioned in the future.

28 TLS Enforcements Encryption policy for future domains 28 This section contains the Automatically apply this encryption policy to new domains check box. When Automatically apply this encryption policy to new domains is checked, it means that when you provision a new domain for Security Services the new domain has the Default TLS Enforcements automatically applied. If Default TLS Enforcements is not checked, then newly provisioned domains are created without TLS enforcements. Leaving Automatically apply this encryption policy to new domains unchecked lets you run TLS tests against the domains before subjecting them to the TLS enforcement policies. Note: When you apply encryption policies to new domains automatically, ensure that any new domains are TLS-enabled before provisioning them with Security Services (ESS) infrastructure. See TLS Business Partners summary page on page 30. See Adding a new business partner on page 30.

29 Chapter 3 TLS Business Partners This chapter includes the following topics: Introduction to TLS business partners TLS Business Partners summary page Adding a new business partner Editing a TLS business partner Adding a new, or editing an existing business partner domain Moving business partner domains Editing a TLS business partner domain Introduction to TLS business partners To access the TLS Business Partners page, click Services > Services Encryption > TLS Business Partners. On this page you can configure groups of third-party domains, also called Business Partners. Before adding a Business Partner you should contact the business partner's system administrator to discuss the implementation and to check that their mail servers are correctly TLS-enabled. The table on the page shows the Business Partner organizations you have configured, and a summary of the TLS Enforcement policies that are implemented between those business partners and your domains. Click on the name of a business partner to view the business partner's domains and configure the TLS settings of the business partner domains. See TLS enforcements with business partners on page 18.

30 TLS Business Partners TLS Business Partners summary page 30 TLS Business Partners summary page to access this page, click Enforcements > TLS Business Partners. The table shows the business partner organizations that are configured on your account. From here you can begin the following tasks: Add a new business partner with Add New Business Partner. Use the Search tool to locate business partners or business partner domains. Download a summary of all Business Partners and their domain information in a CSV file with Download All. Click the name of a business partner from within the table to view the business partner's domains and configure their TLS settings. Click a link in the Enforcements column to view a summary of the TLS Enforcements that are associated with the business partner. Click a link in the Business Partner Domain column to view the business partner's domains. Click any column heading to sort the column. Click on the name of a business partner within the table to view the business partner's domains. See TLS enforcements with business partners on page 18. See Adding a new business partner on page 30. Adding a new business partner To add a new business partner 1 Click Add New Business Partner on the TLS Business Partners page. 2 Enter the business partner name and click Continue. See Adding a new, or editing an existing business partner domain on page 32. Editing a TLS business partner To access this page, click Services > Encryption > TLS Business Partners, then click a name in the Business Partner column. The table lists the third-party domains that are associated with this business partner. From here you can begin the following tasks: Edit the business partner name.

31 TLS Business Partners Editing a TLS business partner 31 Use Add New Business Partner Domain to add a new business partner domain. Use Search to locate business partner domains. Use Download to download a summary of the business partners domains in a CSV file. Click a link in the Business Partner Domain column to begin editing that domain. Use Test to start a TLS connectivity test against a business partner domain. Table 3-1 Column heading Editing TLS business partner page descriptions Description Business Partner Domain Mail Delivery Route Validation This field shows the name of the Business Partner Domain. Click the domain name to edit the TLS settings for that domain. This field shows the type of mail delivery route (either MX or Static) applied to the domain name. This field shows the level of SSL certificate validation that is applied when Security Services infrastructure authenticates the Business Partner domain's inbound mail servers. Strong validation means that the certificate must be signed by a trusted root Certification Authority, be within date, and have a full trust chain. The CN or the SAN value of the certificate must also match the host name of the mail server, or match a trusted certificate common name that is supplied by you. Relaxed validation means that the certificate checks are not applied. Enabled Comments This column indicates whether the Business Partner Domain is included or excluded from the TLS policies that are associated with the Business Partner. This field shows the custom comments that are configured against a Business Partner Domain.

32 TLS Business Partners Adding a new, or editing an existing business partner domain 32 See TLS Business Partners summary page on page 30. See Adding a new, or editing an existing business partner domain on page 32. Adding a new, or editing an existing business partner domain Adding a new business partner domain and editing an existing business partner domain both use the same process. The main difference is how you navigate to the processes. Adding a new business partner domain 1 Access the Add New Business Partner Domain function from Services > Encryption > TLS Business Partners. 2 Click a Business Partner name from within the table. 3 Click Add New Business Partner Domain and configure the necessary parameters. Editing a TLS business partner domain 1 Access the Edit TLS Business Partner function from Services > Encryption > TLS Business Partners. 2 Click a business partner name (that has at least one associated domain) from within the table. 3 Click the domain name that you want to edit and configure the necessary parameters. Table 3-2 Parameter Business partner domain configuration parameters Description Business Partner Domain This field lets you specify the name of a business partner domain. This field can only be edited when the domain is initially added. Sub-domains inherit the policy unless specifically mentioned in the Excluded sub-domains field.

33 TLS Business Partners Adding a new, or editing an existing business partner domain 33 Table 3-2 Parameter Business partner domain configuration parameters (continued) Description Excluded sub-domains Mail Delivery Static Route Certificate validation Use this field to exclude specific sub-domains from the TLS enforcement policy. Add each excluded sub-domain on a separate line, for example subdomain.parentdomain.com. This is an optional field. Sub-domains inherit the TLS enforcement policy and settings by default. that is sent to this domain by TLS is delivered to the receiving mail server by an MX or Static Route. Static Routes deliver the to a specific server. This field lets you enter a specific inbound mail server for the business partner domain. The Security Services infrastructure then uses the static route to deliver TLS-enforced to the domain. The field can contain a Host name, IP address, Host name: Port, or IP: Port. This field lets you specify the level of SSL certificate validation. The validation is applied when the Security Services infrastructure authenticates the business partner's inbound mail server. Strong validation means that the certificate must be signed by a trusted root Certification Authority. It must also be within date, and have a full trust chain. The CN or the SAN value on the certificate must also match the host name of the mail server, or match a Trusted Certificate Common Name. Relaxed validation means that the certificate checks are not applied.

34 TLS Business Partners Adding a new, or editing an existing business partner domain 34 Table 3-2 Parameter Business partner domain configuration parameters (continued) Description Trusted Certificate Common Names This setting only applies with Strong certificate validation. The field is optional and lets you enter a list of trusted certificate common names. The names are compared to the CN value of the receiving mail server's SSL certificate when the receiving mail server is authenticated. This feature is useful for: Delivery by static route to an IP address Cases in which the CN or SAN on the certificate does not match the host name of the mail server Comments Enabled Test This field lets you enter custom comments about this business partner domain for future reference. This check box lets you enable or disable the business partner domain from TLS enforcement policies. Test checks the TLS connectivity from the Security Services infrastructure to the inbound mail servers that are associated with the business partner domain. The test reports whether the test succeeds or fails. If the test fails, details of what happened and how to resolve the problem are shown. Adding a new or editing an existing business partner domain 1 To Edit a business partner domain, click a name from within the table, then click the domain name. To Add a new business partner domain, Click a Business Partner name from within the table, then click Add New Business Partner Domain. 2 Enter a name in the Business Partner Domain field. 3 Enter any sub-domains to be excluded from TLS policy (if desired), one per line in the Excluded sub-domains field. For example: subdomain.parentdomain.com. 4 Select MX or Static Route from the drop-down list in the Mail Delivery field.

35 TLS Business Partners Moving business partner domains 35 5 If a static route is required, add it in the Static Route field. 6 Select Strong or Relaxed from the drop-down list in the Certificate validation field. Warning: Relaxed validation makes it easier for an attacker to masquerade as the TLS business partner domain, either through DNS poisoning or a man-in-the-middle attack. 7 Enter any CNs (if desired) one per line in the Trusted Certificate Common Names (CN) field. 8 Add any comments in the Comments field. 9 Use the Enabled check box to include or exclude this domain from TLS policies. 10 Test. The test feature enables you to check the TLS capabilities of the business partner domain's inbound mail servers. When making a change to this screen you should check that the TLS test passes. If the test fails, you can save the domain in a Disabled state to exclude it from TLS policy. 11 Click Save after the tests pass. See TLS Business Partners summary page on page 30. See Adding a new business partner on page 30. See TLS enforcements with business partners on page 18. Moving business partner domains A business partner can have multiple domains associated with it. You can move domains to other existing business partners, or create a new business partner at the same time as when you perform the move. To access the Move function, click Services > Encryption > TLS Business Partners, then click a business partner name from within the table. To move a business partner domain 1 Access the Move function from Services > Encryption > TLS Business Partners, then click a business partner name (with a domain assigned) from within the table. 2 Check Business Partner Domain to select all the domains, or click the text box next to each domain, to select individual ones.

36 TLS Business Partners Editing a TLS business partner domain 36 3 Click Move and the Move Business Partner Domains window appears. The Move Domains dialog box confirms the domains you previously selected. 4 Select the Existing business partner radio button and then a business partner name from the drop-down list, or the New business partner radio button and enter a new business partner name. Choose to copy or not copy the TLS enforcements with your selected domains by using the Copy TLS enforcements check box. The check box only appears when you select a new business partner name. 5 Click Save. See Editing a TLS business partner domain on page 36. Editing a TLS business partner domain Access the Edit TLS Business Partner function from Services > Encryption > TLS Business Partners. Click a business partner name (that has at least one associated domain) from within the table, then click the domain name to edit. After you click the domain, edit a business partner domain by configuring the following parameters in the pop-up window. Table 3-3 Parameter Editing TLS business partner domain configuration parameters Description Business Partner Domain Excluded sub-domains Mail Delivery Static Route This field lets you assign a domain name when the domain is initially added. Sub-domains inherit the policy unless specifically mentioned in the Excluded sub-domains field. Exclude sub-domains in the field. Sub-domains inherit TLS enforcement policy and settings by default. that is sent to this domain by TLS is delivered to the receiving mail server by an MX or Static Route. Static Routes deliver the to a specific server. This field lets you enter a specific inbound mail server. This field can be a Host name, IP address, Host name: Port, or IP: Port.

37 TLS Business Partners Editing a TLS business partner domain 37 Table 3-3 Parameter Editing TLS business partner domain configuration parameters (continued) Description Certificate validation This field lets you specify the level of SSL certificate validation that is applied when the receiving mail server authenticates the mail. Strong validation means that the certificate must be signed by a trusted root Certification Authority, be within date, and have a full trust chain. Relaxed validation means that the certificate checks are not applied. Trusted Certificate Common Names This setting only applies with Strong certificate validation. The field is optional and lets you input a list of trusted certificate common names. The names are compared to the receiving mail server SSL certificate during the receiving mail server authentication process. This feature is useful for Delivery by static route to an IP address Where the CN or SAN on the certificate does not match the host name of the mail server Comments Enabled Test This field lets you enter custom comments into the field. This check box lets you enable or disable TLS enforcements. Test tests the TLS connectivity and reports the success or failure. If the test fails, details of what happened and how to resolve the problem display in a pop-up window. To edit a new business partner domain 1 Click a domain name and in the Edit TLS Business Partner Domain window begin editing. 2 Enter a name in the Business Partner Domain field (only when the domain is initially added).

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4 Symantec Enterprise Security Manager Oracle Database Modules Release Notes Version: 5.4 Symantec Enterprise Security Manager Oracle Database Modules Release Notes The software described in this book is

More information

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1 Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1 November 2011 Veritas Operations Manager Package Anomaly Add-on User's Guide The software described in this book is furnished under a

More information

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Symantec Security Information Manager - Best Practices for Selective Backup and Restore Symantec Security Information Manager - Best Practices for Selective Backup and Restore Symantec Security Information Manager - Best practices for selective backup and restore The software described in

More information

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1 Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1 November 2011 Veritas Operations Manager LDom Capacity Management Add-on User's Guide The software described in this book is

More information

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Symantec Data Center Security: Server Advanced v6.0. Agent Guide Symantec Data Center Security: Server Advanced v6.0 Agent Guide Symantec Data Center Security: Server Advanced Agent Guide The software described in this book is furnished under a license agreement and

More information

Symantec Mobile Management for Configuration Manager

Symantec Mobile Management for Configuration Manager Symantec Mobile Management for Configuration Manager Replication Services Installation Guide 7.5 Symantec Mobile Management for Configuration Manager: Replication Services Installation Guide The software

More information

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide The software described in this book is furnished

More information

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0 Backup Exec Cloud Storage for Nirvanix Installation Guide Release 2.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the

More information

Policy Based Encryption Essentials. Administrator Guide

Policy Based Encryption Essentials. Administrator Guide Policy Based Encryption Essentials Administrator Guide Policy Based Encryption Essentials Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved.

More information

Symantec Mobile Management 7.2 MR1Quick-start Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide Symantec Mobile Management 7.2 MR1Quick-start Guide Symantec Mobile Management 7.2 MR1 Quick-start Guide The software described in this book is furnished under a license agreement and may be used only

More information

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec Protection Engine for Cloud Services 7.0 Release Notes Symantec Protection Engine for Cloud Services 7.0 Release Notes Symantec Protection Engine for Cloud Services Release Notes The software described in this book is furnished under a license agreement and

More information

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0 Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0 Release 3.1.0 for Symantec ESM 6.5.x and 9.0.1 Symantec Enterprise Security Manager Modules for Sybase

More information

Symantec Endpoint Protection Shared Insight Cache User Guide

Symantec Endpoint Protection Shared Insight Cache User Guide Symantec Endpoint Protection Shared Insight Cache User Guide Symantec Endpoint Protection Shared Insight Cache User Guide The software described in this book is furnished under a license agreement and

More information

Symantec NetBackup OpenStorage Solutions Guide for Disk

Symantec NetBackup OpenStorage Solutions Guide for Disk Symantec NetBackup OpenStorage Solutions Guide for Disk UNIX, Windows, Linux Release 7.6 Symantec NetBackup OpenStorage Solutions Guide for Disk The software described in this book is furnished under a

More information

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc The software described

More information

Symantec Enterprise Vault Technical Note

Symantec Enterprise Vault Technical Note Symantec Enterprise Vault Technical Note Configuring Internal and External WebApp URLs for OWA 2007 SP4 and later Symantec Enterprise Vault: Configuring Internal and External WebApp URLs for OWA The software

More information

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note Recovering Encrypted Disks Using Windows Preinstallation Environment Technical Note Preface Documentation version Documentation version: 11.0, Release Date: Legal Notice Copyright Symantec Corporation.

More information

Symantec Critical System Protection 5.2.9 Agent Guide

Symantec Critical System Protection 5.2.9 Agent Guide Symantec Critical System Protection 5.2.9 Agent Guide Symantec Critical System Protection Agent Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide for Windows Release 7.5 Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide The software described in this

More information

Veritas Cluster Server Getting Started Guide

Veritas Cluster Server Getting Started Guide Veritas Cluster Server Getting Started Guide Windows Server 2003, Windows Server 2008 5.1 Service Pack 2 21101490 Veritas Cluster Server Getting Started Guide The software described in this book is furnished

More information

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide Symantec Backup Exec System Recovery Granular Restore Option User's Guide Symantec Backup Exec System Recovery Granular Restore Option User's Guide The software described in this book is furnished under

More information

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide for Windows Release 7.6 Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide The software described in this

More information

Symantec Client Firewall Policy Migration Guide

Symantec Client Firewall Policy Migration Guide Symantec Client Firewall Policy Migration Guide Symantec Client Firewall Policy Migration Guide The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Symantec Security Information Manager 4.8 Release Notes

Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5 Symantec NetBackup Backup, Archive, and Restore Getting Started Guide Release 7.5 Symantec NetBackup Backup, Archive, and Restore Getting Started Guide The software described in this book is furnished

More information

Symantec NetBackup Vault Operator's Guide

Symantec NetBackup Vault Operator's Guide Symantec NetBackup Vault Operator's Guide UNIX, Windows, and Linux Release 7.5 Symantec NetBackup Vault Operator's Guide The software described in this book is furnished under a license agreement and may

More information

Symantec Secure Email Proxy Administration Guide

Symantec Secure Email Proxy Administration Guide Symantec Secure Email Proxy Administration Guide Documentation version: 4.4 (2) Legal Notice Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo

More information

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec Protection Center Enterprise 3.0. Release Notes Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and

More information

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes The software described in this book

More information

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide The software

More information

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector for Microsoft Windows Quick Reference The software described in this book is furnished under a license agreement

More information

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1 Veritas Operations Manager Release Notes 3.0 Rolling Patch 1 Veritas Operations Manager Release Notes The software described in this book is furnished under a license agreement and may be used only in

More information

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7 TM Symantec NetBackup Desktop and Laptop Option README Release 6.1 MP7 2 The software described in this document is furnished under a license agreement and may be used only in accordance with the terms

More information

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government

More information

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec ApplicationHA agent for Internet Information Services Configuration Guide Symantec ApplicationHA agent for Internet Information Services Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for Internet Information Services Configuration Guide

More information

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide The software

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Setting up SMTP Archiving 10.0 Symantec Enterprise Vault: Setting up SMTP Archiving The software described in this book is furnished under a license agreement and may be used

More information

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec User Guide The software described in this book is

More information

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide The software described in this book is furnished under a license agreement and

More information

PGP CAPS Activation Package

PGP CAPS Activation Package PGP CAPS Activation Package Administrator's Guide 9.12/10.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

More information

PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes

PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of PGP

More information

Boundary Encryption.cloud Deployment Process Overview

Boundary Encryption.cloud Deployment Process Overview Boundary Encryption.cloud Deployment Process Overview Boundary Encryption.cloud Deployment Process Overview Documentation version: 1.0 Legal Notice Legal Notice Copyright 2011 Symantec Corporation. All

More information

Configuring Symantec AntiVirus for NetApp Storage system

Configuring Symantec AntiVirus for NetApp Storage system Configuring Symantec AntiVirus for NetApp Storage system Configuring Symantec AntiVirus for NetApp Storage system The software described in this book is furnished under a license agreement and may be used

More information

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide The software described in this book is furnished

More information

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server Windows Server 2003, Windows Server 2008 5.1 Service Pack 1 Veritas Cluster Server Application Note: High Availability

More information

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide The software described in this book is furnished under

More information

Symantec Enterprise Security Manager Modules. Release Notes

Symantec Enterprise Security Manager Modules. Release Notes Symantec Enterprise Security Manager Modules for MS SQL Server Databases Release Notes Release 4.1 for Symantec ESM 9.0.x and 10.0 For Windows 2000/2008 and Windows Server 2003 Symantec Enterprise Security

More information

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec LiveUpdate Administrator. Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide Windows Server 2003, Windows Server 2008 and 2008 R2 6.0 September 2011 Symantec ApplicationHA Agent for

More information

Symantec NetBackup for Lotus Notes Administrator's Guide

Symantec NetBackup for Lotus Notes Administrator's Guide Symantec NetBackup for Lotus Notes Administrator's Guide for UNIX, Windows, and Linux Release 7.5 Symantec NetBackup for Lotus Notes Administrator's Guide The software described in this book is furnished

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Setting up SMTP Archiving 11.0 Symantec Enterprise Vault: Setting up SMTP Archiving The software described in this book is furnished under a license agreement and may be used

More information

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide for Microsoft SharePoint 2003/2007 Symantec Protection for SharePoint Servers Implementation Guide The software described in this book

More information

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference Symantec Event Collector for Kiwi Syslog Daemon Quick Reference The software described in this book is furnished under a license

More information

Symantec Virtual Machine Management 7.1 User Guide

Symantec Virtual Machine Management 7.1 User Guide Symantec Virtual Machine Management 7.1 User Guide Symantec Virtual Machine Management 7.1 User Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5 Symantec NetBackup AdvancedDisk Storage Solutions Guide Release 7.5 21220064 Symantec NetBackup AdvancedDisk Storage Solutions Guide The software described in this book is furnished under a license agreement

More information

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Symantec Endpoint Protection Integration Component 7.5 Release Notes Symantec Endpoint Protection Integration Component 7.5 Release Notes Symantec Endpoint Protection Integration Component 7.5 Release Notes Legal Notice Copyright 2013 Symantec Corporation. All rights reserved.

More information

Symantec Encryption Desktop Version 10.3 for Windows Maintenance Pack Release Notes

Symantec Encryption Desktop Version 10.3 for Windows Maintenance Pack Release Notes Symantec Encryption Desktop Version 10.3 for Windows Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this

More information

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide The software described in this book is furnished under a license agreement

More information

Altiris Asset Management Suite 7.1 from Symantec User Guide

Altiris Asset Management Suite 7.1 from Symantec User Guide Altiris Asset Management Suite 7.1 from Symantec User Guide Altiris Asset Management Suite 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and may

More information

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of PGP

More information

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server Windows 6.1 February 2014 Symantec Storage Foundation and High Availability Solutions

More information

Symantec Response Assessment module Installation Guide. Version 9.0

Symantec Response Assessment module Installation Guide. Version 9.0 Symantec Response Assessment module Installation Guide Version 9.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

More information

Symantec Enterprise Vault. Upgrading to Enterprise Vault 11.0.1

Symantec Enterprise Vault. Upgrading to Enterprise Vault 11.0.1 Symantec Enterprise Vault Upgrading to Enterprise Vault 11.0.1 Symantec Enterprise Vault: Upgrading to Enterprise Vault 11.0.1 The software described in this book is furnished under a license agreement

More information

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference Symantec Event Collector for Cisco NetFlow Quick Reference The software described in this book is furnished under a license agreement

More information

Symantec System Recovery 2013 Management Solution Administrator's Guide

Symantec System Recovery 2013 Management Solution Administrator's Guide Symantec System Recovery 2013 Management Solution Administrator's Guide Symantec System Recovery 2013 Management Solution Administrator's Guide The software described in this book is furnished under a

More information

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide The software described in this book is furnished

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Reporting 10.0 Symantec Enterprise Vault: Reporting The software described in this book is furnished under a license agreement and may be used only in accordance with the terms

More information

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide Symantec NetBackup for Enterprise Vault Agent Administrator's Guide for Windows Release 7.6 The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Email Track and Trace. Administration Guide

Email Track and Trace. Administration Guide Administration Guide Track and Trace Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the

More information

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault Windows Server 2003 Windows Server 2008 5.1 Service Pack 2 Veritas Storage Foundation

More information

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide Altiris Monitor Solution for Servers 7.5 from Symantec User Guide Altiris Monitor Solution for Servers 7.5 from Symantec User Guide The software described in this book is furnished under a license agreement

More information

Symantec NetBackup Clustered Master Server Administrator's Guide

Symantec NetBackup Clustered Master Server Administrator's Guide Symantec NetBackup Clustered Master Server Administrator's Guide for Windows, UNIX, and Linux Release 7.5 Symantec NetBackup Clustered Master Server Administrator's Guide The software described in this

More information

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes November 2012 Veritas Operations Manager Advanced Release Notes The software described in this book is furnished under a license agreement

More information

Symantec Messaging Gateway 10.0 Installation Guide. powered by Brightmail

Symantec Messaging Gateway 10.0 Installation Guide. powered by Brightmail Symantec Messaging Gateway 10.0 Installation Guide powered by Brightmail The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of

More information

Symantec Endpoint Protection Small Business Edition Client Guide

Symantec Endpoint Protection Small Business Edition Client Guide Symantec Endpoint Protection Small Business Edition Client Guide Symantec Endpoint Protection Small Business Edition Client Guide The software described in this book is furnished under a license agreement

More information

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Enterprise Security Manager Patch Policy Release Notes Symantec Enterprise Security Manager Patch Policy Release Notes Symantec Enterprise Security Manager Patch Policy Release Notes The software described in this book is furnished under a license agreement

More information

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide Veritas Storage Foundation and High Availability Solutions Getting Started Guide Linux 5.1 Service Pack 1 Platform Release 2 Veritas Storage Foundation and High Availability Solutions Getting Started Guide

More information

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition Installation and Administration Guide The software described

More information

Symantec NetBackup PureDisk Deduplication Option Guide

Symantec NetBackup PureDisk Deduplication Option Guide Symantec NetBackup PureDisk Deduplication Option Guide Windows, Linux, and UNIX Release 6.6.5 Revision 1 The software described in this book is furnished under a license agreement and may be used only

More information

Symantec NetBackup for DB2 Administrator's Guide

Symantec NetBackup for DB2 Administrator's Guide Symantec NetBackup for DB2 Administrator's Guide UNIX, Windows, and Linux Release 7.5 Symantec NetBackup for DB2 Administrator's Guide The software described in this book is furnished under a license agreement

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows Server 2003, Windows Server 2008 5.1 Service Pack 1 Veritas Cluster Server Database Agent for Microsoft SQL Configuration

More information

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide Policy Based Encryption E Administrator Guide Policy Based Encryption E Administrator Guide Documentation version: 1.2 Legal Notice Legal Notice Copyright 2012 Symantec Corporation. All rights reserved.

More information

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide Policy Based Encryption E Administrator Guide Policy Based Encryption E Administrator Guide Documentation version: 1.2 Legal Notice Legal Notice Copyright 2012 Symantec Corporation. All rights reserved.

More information

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide The software described in this book is furnished

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Setting up IMAP 11.0 Symantec Enterprise Vault: Setting up IMAP The software described in this book is furnished under a license agreement and may be used only in accordance with

More information

Veritas Dynamic Multi-Pathing for Windows Release Notes

Veritas Dynamic Multi-Pathing for Windows Release Notes Veritas Dynamic Multi-Pathing for Windows Release Notes Windows Server 2008 (x64), Windows Server 2008 R2 (x64) 6.0.1 October 2012 Veritas Dynamic Multi-Pathing for Windows Release Notes The software described

More information

Symantec NetBackup Deduplication Guide

Symantec NetBackup Deduplication Guide Symantec NetBackup Deduplication Guide UNIX, Windows, Linux Release 7.1 21159706 Symantec NetBackup Deduplication Guide The software described in this book is furnished under a license agreement and may

More information

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide The software described in this book is furnished under a license

More information

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide The software described in this book is furnished

More information

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide The software described in this book is furnished

More information

Symantec High Availability Console Installation and Upgrade Guide

Symantec High Availability Console Installation and Upgrade Guide Symantec High Availability Console Installation and Upgrade Guide Windows Server 2008 (x64), Windows Server 2008 R2 (x64) 6.0.1 February 2013 Symantec High Availability Solution Installation and Configuration

More information

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished

More information

Email Services Deployment. Administrator Guide

Email Services Deployment. Administrator Guide Email Services Deployment Administrator Guide Email Services Deployment Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the

More information

Enabling Windows Management Instrumentation Guide

Enabling Windows Management Instrumentation Guide Enabling Windows Management Instrumentation Guide Enabling Windows Management Instrumentation Guide The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Symantec Mobile Security Manager Administration Guide

Symantec Mobile Security Manager Administration Guide Symantec Mobile Security Manager Administration Guide Symantec Mobile Security Manager The software described in this book is furnished under a license agreement and may be used only in accordance with

More information

Symantec System Recovery 2011 Management Solution Administrator's Guide

Symantec System Recovery 2011 Management Solution Administrator's Guide Symantec System Recovery 2011 Management Solution Administrator's Guide Symantec System Recovery 2011 Management Solution Administrator's Guide The software described in this book is furnished under a

More information

Symantec Security Information Manager 4.7.4 Release Notes

Symantec Security Information Manager 4.7.4 Release Notes Symantec Security Information Manager 4.7.4 Release Notes Symantec Security Information Manager 4.7.4 Release Notes The software described in this book is furnished under a license agreement and may be

More information

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP. The software

More information