I have a client that is deploying Mcafee Endpoint Encryption, formerly known as Safeboot. The product integrates with Active Directory and the newest version can be managed through the ePO management console. Overall the product has experienced a number of problems. Most of these problems are documented and can be mitigated by defragmenting the disk or removing software that replaces the MSGINA, such as the HP Protect Tools.

The one problem that they have not been able to correct though is the Sector Chain is Invalid error. This error generally happens right after installation but can happen at any time.  According to the support engineers I have spoken to the machine is generally unable to be recovered! This is a serious problem that Mcafee seems to not be addressing. They have said they are unable to replicate the problem but this issue has been brought up multiple times in different forums going back to 2008.

Come on Mcafee you need to fix this problem. You supposedly have hundreds of thousands of customers and you make the encryption used by the HP Protect Tools. You can fix this and need to ASAP.

HP Forums

http://bit.ly/dalIDD

Mcafee Knowledgebase Article

http://bit.ly/dCeL2q

As a follow up on my previous post on cabling an IPS I have attached an example that I have seen successful.This example is specific to a Mcafee M2750 device and assumes interfaces that are hard set. Note that the actual firewall and LAN switch are using Straight cables and not cross-over. The only cross-over is placed between the Fail-open kit and the IPS.

I have added Fortinet Visio Stencils. Fortinet is a company of great interest. (more…)

I have added Cisco Visio Icons. This includes most of the Cisco products and not just the security related icons. There are several .vss files as well as a PowerPoint document with lots of icons. Enjoy!

Sourcefire is hosting a webcast on IPS tuning. I think this is a critical step that is unfortunately overlooked in many organizations.

NSS Labs, the world’s leading independent information security research and testing organization. recently put seven leading Network IPS vendors through a rigorous test that included 1,159 validated exploits.

One of the findings from the test was that a “tuned” IPS blocks considerably more threats than an IPS configured with a default policy alone..

To learn more about the NSS Labs Network IPS test results and some of the industry best practices for IPS tuning, please join us on March 10th for a free and insightful live webcast.

Speakers: Rick Moy, President of NSS Labs &
Matt Watchinski, Sr. Director of Sourcefire’s Vulnerability Research Team™ (VRT)

Date: Wednesday, March 10th at 11:00 a.m. Eastern (EST)

http://bit.ly/dqOhTO

IBM has announced it is dropping the IBM Intenet Security Systems name and all the security divisions will now be under IBM Security Services (I guess they didn’t want to get rid of the ISS acronym) . X-Force will apparently be moved under IBM research and ISS will be moved under the same group as the Tivioli products. This is the offical end of an era. ISS was one of the first security companies and developed many innovative products and the X-Force was the top research group in the field.

IBM has continued the majority of the product lines and has maintained X-Force but it is not what it once was. This the trend was have seen over the years with the smaller innovative security companies being acquired by the larger players. We saw this with RSA and EMC, IBM and ISS, 3Com and TippingPoint now HP. It seems the only ones not acquired were Symantec and Mcafee who have been the acquirerers.

For IBM this change makes sense and most new it would come. Now all security products and services are now under a single organization. This will allow them th likely reduce cost and better cross sell their products.

Good bye ISS!