Symantec heeft in het verleden twee verschillende bedrijven overgenomen die encryptiesoftware ontwikkelden, namelijk GuardianEdge en PGP. De software van deze twee acquisities werden lange tijd als twee verschillende encryptie productlijnen door Symantec uitgebracht, de GuardianEdge-lijn werd hernoemd naar Endpoint Encryption, en de PGP-lijn werd hernoemd naar Encryption Desktop samen met Encryption Management Server. Voor een buitenstaander is het verwarrend dat één bedrijf twee verschillende encryptie producten uitbracht die met elkaar concurreerden en die niet met elkaar konden samenwerken. Daar is met de uitgave van Endpoint Encryption 11 in 2014 grotendeels een einde aan gekomen. Aangezien er geen makkelijke weg beschikbaar is om te upgraden van SED en SEMS naar SEE worden er nog maintenance packs uitgebracht voor de oude PGP-lijn. De ontwikkelaars hebben Symantec Encryption Management Server 3.4.1 uitgebracht voorzien van de volgende veranderingen:
What's New in Symantec Encryption Management Server 3.4.1The following issues were resolved in version 3.4.1:
- Lockout feature for Administrator accounts added - Symantec Encryption Management Server now enables you to automatically lock Administrator accounts after a number of failed login attempts. You can configure the number of login attempts that are allowed, as well as the duration of the lockout period. This feature protects Administrator accounts and Symantec Encryption Management Server against unauthorized access using the brute force entry method.
- Support added for PUP updates - Symantec Encryption Management Server now supports PUP updates while upgrading from version 3.4.0 or later.
Upgrade
- Added support for a configurable security feature that locks Administrator accounts after a number of failed login attempts. [3947631]
- In response to HTTP_PROXY security vulnerabilities CVE-2016-5387 (httpd) and CVE-2016-5388 (Apache Tomcat), removed the header and rebuilt the packages, even though Symantec Encryption Management Server was not impacted. [3988862]
- Resolved the potential security vulnerability for SSL/TLS identified in CVE-2016-2183 by applying the patch provided by Red Hat Enterprise Linux, thus preventing attacks against 64-bit block ciphers. [3989781]
- In response to security vulnerability CVE-2016-5696, updated the value of the tcp_challenge_ack_limit in the Linux kernel. [3999008]
- In response to security vulnerability CVE-2016-2776 in which a BIND flaw potentially could arise in response to certain queries, upgraded the bind packages. [4005768]
- In response to security vulnerability CVE-2016-5195, applied the patch provided by Red Hat Enterprise Linux to ensure no privilege escalation takes place because of a breakage in MAP_PRIVATE COW, even though Symantec Encryption Management Server was not affected. [4010837]
- Certificates with a subject length greater than 256 characters can now be imported. [2658254]
- If you configure an email policy rule to encrypt outbound emails using an additional certificate (Other Keys/Certificates option), outbound messages are no longer delivered in plain text after the certificate expires. Instead, such emails are now blocked or bounced. [3896269]
- Administrators can now configure Symantec Encryption Web Email Protection external user accounts so that the Web Email Protection invitations sent to external users expire after a specific time period. [3916589]
- Custom keyservers are now replicated across all clustered servers. [3738817] However, when you upgrade your server from version 3.3.2 or later to 3.4.1, if you had manually added the custom keyservers to the cluster members, duplicate custom keyserver entries appear. If you had manually added custom keyservers, make sure that you perform the following steps after upgrade:
- On the cluster members where you originally manually added keyserver entries, manually delete them.
- On the sponsor node only, manually add the custom keyserver entry. This keyserver entry is replicated on all the cluster members.
- After running an upgrade and backup-restore process, orgKeyID and orgKeyBlock are no longer removed from the factory default policy. [3964607]
- After upgrading Symantec Encryption Management Server to version 3.4.1, Symantec Encryption Desktop clients no longer fail to synchronize with the server if the user name of the currently active account includes characters with accent marks. [3994451]
