Deploy Symantec Endpoint Encryption 11.2.1 and Configure SEE to Encrypt Client Machines

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media (USB drives, external hard drives, and DVDs).

I had a chance to install it in my lab environment for a testing. This post is kind of recording all steps including all mistakes I had made, especially in the YouTube video.


1. Pre-Installation System Requirements:

1.1 OS Requirements

• Microsoft Windows Server 2016 Datacenter, with updates
• Microsoft Windows Server 2016 Standard, with updates
• Microsoft Windows Server 2012 R2 Datacenter, with updates
• Microsoft Windows Server 2012 R2 Standard, with updates
• Microsoft Windows Server 2008 R2 Enterprise SP1 (Deprecated in SEE 11.2.1 MP1)
• Microsoft Windows Server 2008 R2 Standard SP1 (Deprecated in SEE 11.2.1 MP1)

Basic Steps to Deploy and Config Symantec DLP 15.5 with Installation Videos

I were working on Symantec DLP project and had some experience with it. This post is going to review what I have been done and how I managed to install it in my home lab environment. It will not be alike a step by step installation tutorial since Symantec documents have explained details enough. It mostly high level lists all related steps. But I recorded my screen with what I have done and what kind of issues I have met , and how I resolved it. All are in those YouTube videos for future references, which will be helpful if you have same lab project for Symantec DLP products.

The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers -- Windows Server, Red Hat Enterprise Linux and others -- and cloud infrastructures, such as AWS.


1. Download Installation Files from Symantec File Connect

You will need a Serial Number to download all DLP related software from Symantec File Connect web site : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

Create a Free Tier Windows Virtual Machine in Azure

Azure free tier provides following free services for 12 months after one month for your free $200 credit:

1. 750 hours B1S VM Linux and Windows Virtual machines
2. 64GB x 1 Storage - 2 P6 SDDs
3. 5 GB File Storage
4. 250 GB SQL DB
5. 15 GB Bandwidth (Data Transfer)
6. etc

Windows 10 Tweaks, Tips and Tricks

Here are some simple but effective windows tweaks, tips and tricks to streamline your windows computing experience. Here are list of my collections (still keep adding):
1. Fix High CPU Usage by Windows Software Protect Service (Sppsvc.exe)
2. Install Telnet Client
3. Check System Uptime
4. Hiding Windows Folder
5. 上帝模式一键开启
6. 历史问题一目了然 (Reliability Monitor)
7. 一Click锁定电脑 Other than WIN+L
8. 常用程序快捷启动
9. 快速以管理员方式启动程序
10. 无盘符分区，保护/访问两相宜
11. 双击任意窗口的最左上角都能关闭该窗口
12. Ctrl+Alt+Del=Ctrl+Shift+Esc to open Task Manager
13. Issue: Microsoft Office can't find your license for this application or Windows is not activated
14. Windows 10 Battery Report
15. RDP Port Change to TCP 443
16. Windows 10 Defaultuser0 password Issue

Install Portainer to Manage Containers - Nginx, MySQL, WordPress

Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). It is meant to be as simple to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container). Portainer allows you to manage your Docker containers, images, volumes, networks and more !


1. Installation in CentOS / Ubuntu
1.1 CentOS 7/Debian 9

Here is an easiest way to install docker into your CentOS / Debian system. It is just one command:

sudo -i

yum -y update

curl -sSL https://get.docker.com/ | sh

Free Tier VPS Bench Comparison for AWS, Azure and Google Cloud

All of AWS, Azure and Google Cloud are providing some kind of free tier to the users. I am always wondering how those free tier VPS performance looks like. I did some bench work to test them out.

Here is the method and result.

Bench script:
https://github.com/n-st/nench provides a nice bench.sh and a single command for you to run this script on your VPS.

Commands to run this script:

(curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee nench.log

(wget -qO- wget.racing/nench.sh | bash; wget -qO- wget.racing/nench.sh | bash) 2>&1 | tee nench.log

Sysinternals Tool Sysmon Usage Tips and Tricks

Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting.
Sysinternals from Web Browser:

• https://live.sysinternals.com/

Basic Sysmon Usage commands:

Installation:
sysmon -i -accepteula [options]

• Extracts binaries into %systemroot%
• Registers event log manifest
• Enables default configuration

Forwarding Windows Event Logs to Syslog Server (Kiwi Syslog)

Centralizing your logs saves time and increases the reliability of your log data, especially for Windows machines. When Windows log files are stored locally on each server, you have to individually log into each one to go through them and look for any errors or warnings. It’s possible for a Windows server to forward its events to a “subscribing” server. In this scenario the collector server can become a central repository for Windows logs from other servers in the network.There are many ways you can forward your windows event logs to a centralized log server. You can use event log forwarding feature which was introduced in Windows Server 2008. Event log forwarding brought forth a native and automatic way to get events from multiple computers (event sources) into one or more machines called collectors. Another option is to use third party software, such Solarwinds Free Event Log Forwarder for Windows. 

In this post, I am going to introduce another free software , Eventlog to Syslog. The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT class operating systems monitoring the eventlog for new messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.

1. Install Syslog Server - Kiwi Syslog Free Version
Download address: https://thwack.solarwinds.com/community/free-tools-and-trials