- Shopping Bag ( 0 items )
Ships from: Chatham, NJ
Usually ships in 1-2 business days
Get SCTS Certification: Your Mark of Expertise in Small Business Security!
Millions of small businesses today are vulnerable to countless security risks and threats. Symantec's Certified Technical Specialist (SCTS), Small Business Security certification allows security professionals to validate their knowledge of today's most crucial information security techniques and Symantec's market-leading security products.
Direct from Symantec, this official study guide covers the exam objective in depth: everything you need to know to pass your exam the first time. You'll gain the knowledge you need to protect small businesses from viruses, worms, Trojan horses, spam, spyware, adware, and much more. You'll learn all you need to know about the SCTS exam and certification program, as you walk through Symantec's proven eight-step preparation process.
SCTS certification represents a powerful competitive advantage for Symantec partners, security consultants, sales and system engineers, administrators, and any IT professional who works with Symantec products in a small business setting. This book will get you ready fast—and maximize your chances of success!
© Copyright Pearson Education. All rights reserved.
|2||Security risks and threats||27|
|3||Symantec AntiVirus installation||63|
|4||Symantec AntiVirus management||113|
|5||Symantec AntiVirus policies||143|
|6||Symantec Client Security installation||165|
|7||Symantec Client Security management||207|
|8||Symantec Client Security policies||227|
|10||Norton AntiSpam installation||287|
|11||Norton AntiSpam management||323|
In today's digital age, businesses face unprecedented information security challenges that can be distilled into the four following statements:
In the early days of computing and the Internet, many small businesses simply didn't see the need to be online. However, those that did, saw the Internet as a valuable tool and not as a threat to their business.
Today two factors have combined to cause small businesses to focus on the importance of information security. First, those businesses have become dependent upon the Internet for their daily business activities. For many businesses, access is more than a convenience; it's a business necessity. Second, the number and magnitude of threats and security risks in the modern computing environment have multiplied. Spyware, adware, viruses, worms, Trojan horses, and other risks are prevalent on the Internet today. Insightful small business owners and managers understand these risks and are willing to make investments in information security now to prevent large business headaches down the road.
The risks facing businesses of all sizes are similar. Symantec™ has a four-dimensional model of business risk (illustrated in Figure 1-1) that outlines the following four types of risk:
Four dimensions of business risk.
In this chapter, we take a brief look at the security risks and threats facing small businesses and some of the products offered by Symantec to help deal with them. We also discuss the Symantec Certified Technical Specialist, Small Business Security program, including certification requirements and an overview of the examination process.
The remainder of this book is dedicated to providing you with the practical, hands-on knowledge that you'll need both to be successful on the SCTS, Small Business Security exam and to provide you with the knowledge to assist small businesses in need of information security.
We begin with a look at the risks on the Internet.
Often, when people think of information security, the phrase "malicious code" pops into their heads. They might not use that terminology, but the words virus, worm, Trojan horse, spyware, and adware are all specific examples of a more general menace. How prevalent are these items? The Symantec Internet Security Threat Report VIII, published in March 2005 as an update to the Internet community, estimated that every organization connected to the Internet experiences an average of 13.6 attacks directed against its network each day.
The risks facing modern organizations are serious and significant. In this book, you'll learn how you can counter them by developing robust security infrastructures for the organizations with which you work.
Before we can study malicious code prevention, we must have a general understanding of the threat. Simply put, malicious code is any computer program that carries out an unwanted activity without the consent of the system operator. The activities performed may range from annoying (such as displaying a message on the screen every few minutes or popping up ad content) to downright destructive (such as erasing all data stored on the system's hard drive).
Viruses, the most commonly known type of threats, are similar to biological viruses. Just as biological viruses spread in a number of ways—you might have direct contact with an infected person, drink out of a cup that person used, or merely be present in the same room and become infected—computer viruses spread from computer to computer carrying their malicious activity.
Worms are viruses' more insidious cousins. Like viruses, worms spread from system to system carrying a malicious payload. They range in severity from minor nuisances to catastrophically damaging.
What makes worms different from and more dangerous than viruses is that they spread without any user intervention. Worms exploit vulnerabilities in operating systems to infect weak systems. After they establish themselves on an infected host, their mission changes to one of rampant propagation. They attempt to spread as far and wide as they can, searching for other vulnerable systems on the local network or across the Internet.
Worms can take advantage of vulnerabilities in common operating systems and applications The SQL Slammer worm of early 2003 infected Windows® systems running the popular SQL Server 2000 database system and brought financial networks to their knees for a number of hours, leaving ATM users stranded without cash.
In ancient history, the Greeks laid siege against the city of Troy for almost 10 years during the Trojan war. Weary of battle, the Greeks resorted to trickery and built a giant wooden horse that they presented to the Trojans as a gift. The Trojans graciously accepted the gift and wheeled it within the walls of their city. When night fell, the horse opened up and Greek warriors rushed out, quickly conquering the city.
Malicious code also uses this type of trickery. Electronic Trojan horses present themselves as a beneficial "gift" to computer users. They might appear to be a computer game, utility, or screen saver downloaded by an unsuspecting user, when, in reality, they contain dangerous malicious code. To top it all off, the Trojan program usually works in the manner you'd expect it to but, while you're happily playing a downloaded game, it delivers its payload behind the scenes.
Spyware and adware are two of the newer security risks to face organizations. If you've been following the media, you've probably heard these two buzzwords tossed around quite a bit recently. They're part of a new class of code designed to sit quietly on computer systems and remain unnoticed while they perform their mission. Depending upon the purpose of the code, this mission might be simply to cause pop-up ads to appear on the infected computer, or it might be more mischievous.
Spyware programs have the capability to scan systems or monitor activity and relay information to other computers or locations in cyber-space. Among the information that may be actively or passively gathered and disseminated by spyware: passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.
Adware facilitates delivery of advertising content to the user through his own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.
Spam, or unsolicited commercial email (UCE), is an ever-increasing problem for business users, who are forced to wade through a myriad of advertisements for prescription drugs, get-rich-quick schemes, and free timeshare vacations in order to get to their real email. Email has become a mission critical application and spam has a negative impact on the productivity of employees. Spam also causes potentially more serious threats due to some spam emails carrying viruses and phishing attacks.
One form of spam you might be familiar with is the phishing attack. In this type of spam, the goal is to trick users into revealing private information that the spammer can use to his or her advantage.
One of the more common phishing attacks is to fake an email from eBay® or PayPal® telling the user that there's a security problem with his or her account. When unsuspecting users receive this official-looking email, they might be tempted to click the link, which then presents a page that looks very much like the eBay or PayPal home page. The page then asks them to enter their account information for security-verification purposes.
The problem is, the Web page the email links to isn't actually run by eBay or PayPal. It's a phishing site that dutifully records account information and tells users that the problem has been resolved. The users then happily go their way, thinking that the problem has been fixed. Unfortunately, the problem has just begun. The account information now goes off into the hands of unscrupulous individuals who attempt to clean out bank balances or use it for other dubious purposes.
The earliest threats were simple viruses and worms. The threats have increased as the propagation methods have become more sophisticated to include mass mailing worms and blended threats. In addition to the traditional threats of viruses, worms, and Trojan horses, new types of risks have emerged in the recent years. Organizations are now faced with protecting their infrastructure from a wider threat landscape.
There's no reason to avoid contact with the Internet at large. It's important to ensure that small businesses practice safe computing. Symantec provides solutions to help safeguard networks, including software, hardware, and services. In this section, we look at security offerings designed to protect small business networks from the modern threats and security risks found on the Internet.
We explore them briefly here, but the remainder of this book is dedicated to exploring them in further detail. Part 1, "Symantec AntiVirus," explains the proper use of Symantec AntiVirus to protect your organization from malicious code. Part 2, "Symantec Client Security," provides you with a detailed look at using Symantec Client Security, including the firewall and intrusion prevention capabilities. This book concludes with Part 3, "Norton AntiSpam," which explores the use of Norton AntiSpam to protect your organization from unsolicited email.
A component of Symantec's strategy to protect the small business is Symantec AntiVirus. Symantec AntiVirus (shown in Figure 1-2) provides small-business users with a desktop solution for real-time virus and spyware protection for workstations and network servers. The solution automatically detects and repairs the effects of spyware, adware, viruses, and other threats and security risks.
Symantec Antivirus provides centralized configuration, policy management, alerting, and logging, enabling administrators to determine which nodes are vulnerable to virus attacks. It uses LiveUpdate technology to keep definitions and program components up to date.
Another component of Symantec's strategy to protect the small business is Symantec Client Security (see Figure 1-3). This package provides all the functionality of Symantec AntiVirus, with the addition of intrusion-prevention and firewall capabilities designed to keep out unwanted traffic. It monitors the system's network connection to block unwanted incoming traffic and also watches for signs of viruses, worms, Trojan horses, spyware, and other programs that attempt to spread from your system to others via the network.
Symantec Client Security.
Symantec Client Security automatically removes detected malicious code and provides a comprehensive approach to protecting systems against threats that exploit multiple vulnerabilities.
The last component of Symantec's strategy to protect the small business is Norton AntiSpam, a desktop solution for spam prevention (see Figure 1-4). Norton AntiSpam uses automatically updated filters in combination with logic that determines what you consider spam and what you consider legitimate for filtering email. Norton AntiSpam provides the capability of blocking unwanted Web advertisements and pop-ups. In addition it provides easy integration with programs such as Microsoft® Outlook®, Outlook Express, and Eudora®, and is also capable of filtering Yahoo!® Mail accounts.
These three products covered in the SCTS, Small Business Security certification, will provide small businesses with a proactive security stance against the myriad of today's online threats and security risks. In addition, Symantec has many other offerings to provide a defense in depth for all sizes of organizations from small business to large enterprise.
Symantec offers a variety of products and solutions designed to work at different layers of the network, that are complementary to those spoken about in this book. These include Symantec™ Mail Security for Domino® , Symantec™ Mail Security for Microsoft® Exchange, and the Symantec™ Gateway Security Appliance family. This section discusses a partial list of the products.
The Symantec Gateway Security family of products provides protection at the gateway. The Symantec™ Gateway Security 300 Series (see Figure 1-5) is an easy-to-use firewall/VPN appliance with integrated security for the small business and remote office with simple network requirements. It combines high performance for the entry-level with firewall, VPN, IDS/IPS, antivirus policy enforcement, content filtering, and optional VPN secured wireless. These products sit on the network between the protected LAN and the Internet.
Symantec Gateway Security 300 Series.
The Symantec™ Gateway Security 5400 Series (see Figure 1-6) is a Firewall/VPN appliance that integrates full inspection firewall technology, IPsec-compliant virtual private networking, intrusion prevention, intrusion detection, antivirus protection, URL-based content filtering and antispam technology. There are a range of models that provide scalability from small enterprise and corporate branch offices, up to large enterprise, data centers, and service providers.
Symantec Gateway Security 5400 Series.
The Symantec™ Mail Security 8200 Series appliances (see Figure 1-7) offer a hardware-based approach to protecting the enterprise by combining antispam and antivirus protection in an appliance. The 8240 model provides protection from 100 up to 1,000 users. The 8260 provides protection for 1,000 plus. Software solutions exist specifically for Lotus Domino® and Microsoft® Exchange.
Symantec Mail Security 8200 Series.
More information on these enterprise products is available at http://enterprisesecurity.symantec.com.
Symantec created the Symantec Certified Technical Specialist, Small Business Security program to provide Symantec partners and customers with an opportunity to validate their knowledge of Symantec security solutions suitable for implementation in a small business environment. SCTS, Small Business Security is a desktop security solution, certifying that an information technology professional has the skills and knowledge necessary to build a solid defensive posture for workstations. It's designed for security consultants, sales engineers, system engineers, and system administrators who work with Symantec products in the small business market.
Earning the SCTS, Small Business Security credential requires candidates to pass a single computer-based test that covers the material presented in this book. You'll need to demonstrate your understanding of the planning, installation, configuration, and management of the following:
When you've successfully completed the exam and have accepted the Symantec Certification Agreement you earn the right to use the SCTS logo, shown in Figure 1-8, on your business cards.
Note - Your Symantec Certified Technical Specialist credential is valid for two years from the time you complete certification requirements (passing the exam and accepting the certification agreement).
After you pass the exam, you need to log in to the Symantec certification program tracking site, CertTracker, and accept the terms of the Symantec Certification Agreement. Symantec utilizes CertTracker, a secure database hosted by Integral 7, to track and manage candidates' certification activities. Through CertTracker you can access your exam records, track fulfillment status, and monitor your progress toward achieving a targeted level of Symantec certification.
This is found at http://www.symantec.com/certtracker. This interactive tool helps you confirm your contact information and track the shipment of your certification kit.
Tip - CertTracker is preloaded with the contact information you used to register for the exam, so be certain to provide accurate address information when you sign up. This will ensure that you receive your certification materials in a timely fashion.
The SCTS, Small Business Security exam is offered via Computer-Based Testing (CBT) at Prometric locations throughout the world. You have 90 minutes to complete 75 questions, with the exception of additional time for the list below.
An automatic 15 minutes is added for English language exams for the following countries:
An automatic 30 minutes is added for the English language exams for Japan.
Registering for the Exam - Prometric offers thousands of testing locations throughout the world. To register for the exam, visit http://www.2test.com and select the testing center near you. You'll need to provide payment details for the $100 fee at the time of registration.
The exam is divided into three content areas, corresponding to the three products covered in the SCTS, Small Business Security certification. The 75 exam questions are distributed among the three content areas according to the following proportions:
Tip - Take these proportions to heart: If you're new to all three solutions, you should spend approximately half of your time working with Symantec AntiVirus and the remainder of your time divided between Symantec Client Security and Norton AntiSpam.
Following is a list of the specific exam objectives that we cover in this book:
Use this list of objectives to help guide your studying efforts. When you're finished reading this book and working with the software, you should be able to review this list and clearly articulate the meaning of each step and the process used to complete it.
You'll find four types of questions on the SCTS, Small Business Security exam. Let's take a brief look at each type of question:
Tip - Always read the question text carefully; it will tell you the number of correct answers that you need to select. You'll never be forced to guess the correct number of answers on the SCTS, Small Business Security exam.
A recent survey revealed that taking an exam is one of the most stressful activities in the lives of adults. After all, school is behind us and many years might have elapsed since the last time we picked up a no. 2 pencil. Fortunately, it's possible to alleviate the majority of the fear created by a test with one tool: preparation.
We've created an eight-step process designed to provide you with a solid foundation to prepare for the exam. It revolves around the use of this book, the accompanying CD-ROM, and Symantec's security products. Here are the eight steps in our recommended preparation plan:
Note - To register for the exam, visit the Prometric Web site at http://www.2test.com.
Indicates an activity
Indicates a simulation
Insert the CD-ROM and work though the related simulations and activities.
Tip - Successful completion of the SCTS, Small Business Security exam depends upon hands-on experience with Symantec products. Don't attempt the exam without working with the software products, even if you need to do so in a lab environment.
Following this process strictly will ensure that you'll have the confidence you need when exam time rolls around. Confidence breeds success.
Symantec has laid out the following SCTS, Small Business Security program guidelines and policies for SCTS, Small Business Security candidates and credential holders:
Further information on the SCTS, Small Business Security certification, as well as other Symantec certification programs, can be found on the Web at http://www.symantec.com/education/certification. You can also contact Symantec's certification experts directly via e-mail at email@example.com.
Symantec provides small businesses with a robust set of tools designed to increase their security posture: Symantec AntiVirus, Symantec Client Security, and Norton AntiSpam. The SCTS, Small Business Security certification is designed to demonstrate a candidate's ability to plan, install, configure, and manage these three Symantec products in a small business setting. As you explore the rest of this book, you'll develop the knowledge base necessary to work with these products in a production environment.
Which two Symantec security solutions help protect desktop systems against spyware? Select the two correct answers.
Which three types of program are generally considered to be threats? Select three correct answers.
What type of malicious code spreads from system to system with some user intervention? Select the correct answer.
What type of malicious code spreads from system to system without user intervention? Select the correct answer.
What type of malicious code spreads by deceiving computer users into thinking it is a beneficial program? Select the correct answer.
After you pass the Symantec Certified Technical Specialist exam, for how long does your certification remain valid? Select the correct answer.
A brokerage's computers were hacked into, causing a network failure. No customer accounts were affected, and the brokerage didn't suffer any monetary loss. However, the brokerage was forced to stop business operations for several hours, causing employees to sit idly waiting for the repair. The brokerage also suspects that some customers might have switched to another brokerage as a result of the incident. What type of losses has the brokerage incurred? Select the two correct answers.
Answers A and C are correct. Both Symantec AntiVirus and Symantec Client Security provide automatic detection and removal of spyware, adware, viruses, worms, and Trojan horses on desktops, laptops, and file servers. Symantec Client Security adds firewall intrusion prevention capabilities to defend against blended threats such as Nimda and Blaster.
Answers A, B, and G are correct. Viruses, worms, and Trojan horses are all threats. Phishing is a variant of spam, neither of which is considered a threat. Spyware and adware are classified as security risks.
Answer A is correct. Viruses are malicious code that spread from system to system with some user intervention. Worms are similar to viruses but spread without requiring user intervention. Phishing and spam are not types of malicious code.
Answer B is correct. Worms are malicious code objects that spread from system to system without user intervention. Viruses are similar to worms but require user intervention. Phishing and spam are not types of malicious code.
Answer B is correct. Trojan horses present themselves to the computer user as a beneficial program, such as a game or utility. While they're running the advertised function, they deliver their malicious payload in the background.
Answer C is correct. Symantec Certified Technical specialist credentials are valid for two years from the date you pass the SCTS, Small Business Security examination and accept the Symantec Certification Agreement.
Answers B and C are correct. The brokerage suffered a productivity loss when employees were forced to sit idly waiting for the network to be repaired. They also suffered an indirect loss when customers switched to another brokerage firm as a result of the incident. There was no direct loss or legal exposure described in the scenario.
© Copyright Pearson Education. All rights reserved.