SlideShare a Scribd company logo

TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX

Symantec
Symantec

With SDDC, there is even more demand for application to be made available at the speed of business leading to automation in orchestration and deployment. This has enabled IT organization to be agile and lower their time to market. However we continue to see security as a bottleneck. Symantec Datacenter Secuity:Server removes this bottle neck by lowering security tax by providing threat protection with best in class AV scan engine of Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies i.e. mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware protection for workloads on Software Defined Data Center.

Software
1 of 78
Download to read offline
HOL-PRT-1464
Table of Contents HOL-PRT-1464 - Applying Data Center Security with Symantec & VMware NSX............................... 3 Lab Overview ............................................................................................................................ 4 Configuring policies, Test Virtual Machine and NSX Security Group................................................... 5 Introduction ............................................................................................................................... 6 Prepare Test Virtual Machine.................................................................................................... 7 Deploy Virtual Machine Threat Protection Policy .................................................................... 10 Create a NSX Security Group ................................................................................................. 17 Module 1 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features .. 21 Introduction ............................................................................................................................. 22 Threat Detection and Quarantine............................................................................................ 23 Purging.................................................................................................................................... 37 Rescan and Whitelisting.......................................................................................................... 41 Module 2 - Demonstrate Symantec's Virtual Machine Network Security Introspection ..................... 58 Introduction ............................................................................................................................. 59 Create New NSX Security Policy with Network Introspection Services .................................. 60 Simulate Inbound Network Threat in Log Only Mode ............................................................ 68 Simulate Inbound Network Threat and Block It....................................................................... 71 HOL-PRT-1464 Page 2HOL-PRT-1464
HOL-PRT-1464 - Applying Data Center Security with Symantec & VMware NSX HOL-PRT-1464 Page 3HOL-PRT-1464
Lab Overview With SDDC, there is even more demand for application to be made available at the speed of business leading to automation in orchestration and deployment. This has enabled IT organization to be agile and lower their time to market. However we continue to see security as a bottleneck. Symantec Datacenter Secuity:Server removes this bottle neck by lowering security tax by providing threat protection with best in class AV scan engine of Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies i.e. mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware protection for workloads on Software Defined Data Center. HOL-PRT-1464 Page 4HOL-PRT-1464
Configuring policies, Test Virtual Machine and NSX Security Group HOL-PRT-1464 Page 5HOL-PRT-1464
Introduction In this section you will do the prep work that is required for the both the module. As part of this you will: • Prepare the Test Guest Virtual Machine • Access Symantec Data Center: Server management console to create threat protection policy and publish them to VMware NSX. • Use VMware NSX Service Composer to create security groups, add virtual machines to this group. HOL-PRT-1464 Page 6HOL-PRT-1464
Prepare Test Virtual Machine To begin with these steps ,make sure you are in the Controlcenter VM. Access the Test Virtual Machine via RDP Double-click on the "TestGvm.RDP" shortcut on the Desktop. Unzip the Eicar text file Double-click on the eicar.zip on the Desktop. Notice that inside this zip file there is a text file called "eicar.txt". Eicar files are used to test threat protection engines. While real malware could do damage, this test file allows you to test anti-virus software without having to use a real virus file. Eicar files are set as verified virus file. For this test, the Eicar test file will be used to test threat protection features of Symantec Data Center Security:Server scan engine. This file will be copy to several locations in the next steps. Leave the window up. HOL-PRT-1464 Page 7HOL-PRT-1464
Create first demo folder Go to the C: drive and create a folder called "TP_Demo1". Add Eicar text file to first demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo1" folder. Create second demo folder Go back to the C: drive and create another folder called "TP_Demo2". HOL-PRT-1464 Page 8HOL-PRT-1464
Add Eicar text file to second demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo2" folder. Clean up all of the remaining Eicar files There are several other locations where the Eicar test file(s) are located. Removing these files will allow for less false positives. Delete EICAR zip file from Desktop Right-click on the eicar.zip on the Desktop and select Delete. Close all folder and files To prevent the On-Access Scan on test files close all folder and files opened. Minimize the Test Virtual Machine RDP session The preparation for the Test Virtual Machine is now completed. Minimize the TestGvm RDP session. HOL-PRT-1464 Page 9HOL-PRT-1464
Deploy Virtual Machine Threat Protection Policy To begin with this steps return to the Controlcenter VM. Access the Symantec Data Center Security: Server Management Server Double-click on the "Symantec DCS.RDP" shortcut on the Desktop of the Controlcenter. Symantec Data Center Security: Server Management Console Click on the "Management Console" shortcut on the Desktop of the Symantec DCS RDP session. HOL-PRT-1464 Page 10HOL-PRT-1464
Log into the Management Console Credentials to access the Management Console are: • User name: symadmin • Password: VMware1! Click on the "Log On" button Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. HOL-PRT-1464 Page 11HOL-PRT-1464
Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. Edit the existing Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". HOL-PRT-1464 Page 12HOL-PRT-1464
Disable the Rescan policy option On the Policy's General Settings, uncheck the box next to "Rescan Quarantine files when On-Demand scans runs" option. This feature will be enabled in a later step. HOL-PRT-1464 Page 13HOL-PRT-1464
Verify proper Network Security Settings Verify that the checkbox next to "Block connection when threats are found..." option is unchecked. Notice that this setting will allow the policy to only log threats. In a later module this feature will be enabled to test Symantec's Network Threat Protection Services. Save Policy Settings Click the "OK" button to save policy settings. HOL-PRT-1464 Page 14HOL-PRT-1464
Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". HOL-PRT-1464 Page 15HOL-PRT-1464
Accept Threat Protection Policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing published policy will appear. Click the "Ok" button. The same policy will be used through out the lab so overwriting the policy is part of the normal process. Accept Threat Protection policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection Policy was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. Minimize the Symantec DCS RDP session The configuration changes and deployment of the Threat Protection Policy are now completed. Minimize the Symantec DCS RDP session. HOL-PRT-1464 Page 16HOL-PRT-1464
Create a NSX Security Group In this section you will : • Create security group which will contain the Test virtual machine. This NSX security group(s) will be used for the upcoming modules. To begin with this steps make sure are in the Controlcenter VM. Acces Google Chrome Web Browser On the ControlCenter VM, click on the Google Chrome web browser shortcut on the Desktop. Feel free to select another browser if desire. Access the vSphere Web Client homepage Click on the Google Chrome's link shortcut displayed below. HOL-PRT-1464 Page 17HOL-PRT-1464
Login to the vSphere Web Client Home Page Use the following credentials... • User name: root • Password: VMware1! Do not use Windows session authentication. Access the Network & Security panel (NSX) On the vSphere Web Client home page select the "Network and Security" tab to access the VMware NSX appliance settings. HOL-PRT-1464 Page 18HOL-PRT-1464
Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Groups tab Click on the "Security Groups" tab. Create a new Security Group Click on the "New Security Group" icon. HOL-PRT-1464 Page 19HOL-PRT-1464
Name the Security Group Name the security group "Symantec Protected Group". No need to add a description. Include Test Virtual Machine to new Security Group 1. Select the 3rd option "Select objects to include". 2. Scroll through the filters until you find "Virtual Machine" and click on it. 3. Select the Test Virtual Machine (Win7-DCS-TestGvm) 4. Click the "Finish" button. HOL-PRT-1464 Page 20HOL-PRT-1464
Module 1 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features HOL-PRT-1464 Page 21HOL-PRT-1464
Introduction In this module you will learn how to : • Create security policies using VMware NSX Service Composer. • Add endpoint service for Anti-Virus • Use VMware NSX Service Composer to consume policy created by Symantec Data Center Security:Server • Map this policy to a security group thats used to protect a Guest Virtual Machine (GVM) • Use Data Center Security:Server manger console to verify the GVM's that are monitored and protected • Evaluate the flexibility of Data Center Security:Server by creating targeted scan • Review quarantined files and their event description. HOL-PRT-1464 Page 22HOL-PRT-1464
Threat Detection and Quarantine To begin this module access the vSphere Web Client and go to the "Network and Security" home page. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. HOL-PRT-1464 Page 23HOL-PRT-1464
Create new Security Policy Click on the "Create Security Policy" icon. Name the Security Policy Name the Security Policy "DCS AV Security Policy". Leave all the defaults. Click on the "Next" button. HOL-PRT-1464 Page 24HOL-PRT-1464
Add an Endpoint Service Click on the "Add endpoint service" icon. HOL-PRT-1464 Page 25HOL-PRT-1464
Provide appropriate entries and selections for new Endpoint Service 1. Name: "DCS AV Policy" 2. Action: "Apply" 3. Service Type: "Anti Virus" 4. Service Name: "Symantec DataCenter Security for VMware NSX 5. Service Configuration: "Virtual Machine Threat Protection Policy" 6. State: "Enabled" 7. Enforce: "Yes" 8. Click the "OK" button HOL-PRT-1464 Page 26HOL-PRT-1464
Complete the new Security Policy Click on the "Finish" Button to complete the policy. Apply new Security Policy to existing Security Group Right-click on the new "DCS AV Security Policy" and select "Apply Policy". HOL-PRT-1464 Page 27HOL-PRT-1464
Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. HOL-PRT-1464 Page 28HOL-PRT-1464
Check Security Groups in the Symantec Data Center Security: Server Management Console 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups 3. Click "Refresh" 4. Once the refresh completes the "Symantec Protected Group" should appear in the list of Security Groups Verify that Test Virtual Machine is protected Double-click on the "Symantec Protected Group" to check if the test virtual machine is under the Protected Guest VMs. HOL-PRT-1464 Page 29HOL-PRT-1464
Activate a scan on the Test Virtual Machine Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now". HOL-PRT-1464 Page 30HOL-PRT-1464
Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 31HOL-PRT-1464
Add folder Path Click on the "Add" button and enter the path "C:TP_Demo1". Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 32HOL-PRT-1464
Verify path on Test Virtual Machine to see if EICAR test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:TP_Demo1 and verify the eicar.txt file is missing. HOL-PRT-1464 Page 33HOL-PRT-1464
Find the quarantined file Go to "C:VirtualAgentQuarantine" and verify a file exists. This is the quarantined Eicar test file. Note: Several other files could be present in this folder. Make sure you check the date of the modified date of the file(s) present. The name of the file in this quarantine folder will also differ. Verify data inside quarantine file is obfuscated Open this file in notepad. Verify the data is obfuscated (i.e. Eicar string is not readable). HOL-PRT-1464 Page 34HOL-PRT-1464
Verify that "Endpoint malware threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Minimize the current TestGvm RDP session and return back to the Symantec DCS RDP session 2. Go to Monitors > Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a "Endpoint malware threat detected" event exists. HOL-PRT-1464 Page 35HOL-PRT-1464
Check "Endpoint malware threat detected" event details Double-click on the "Endpoint malware threat detected" event. Verify you see the infected file is "C:TP_Demo1eicar.txt". HOL-PRT-1464 Page 36HOL-PRT-1464
Purging In the previous section a eicar.txt file was quarantined. In this section, you will see how Data Center Security: Server can be configured to purge quarantined files after a specific time. Confirm purge quarantine files time interval Per the "Virtual Machine Threat Protection Policy", the quarantine file feature was enabled and the default for purging quarantine files was left to purge files older than 30 days. In the next set of steps the Test Virtual Machine's time and date will be modify to make sure that the quarantined file (C:TP_Demo1eicar.txt) is successfully purged from the system after the set time interval. Note the date on the Test Virtual Machine Open the date/time pop-up on the bottom right of the screen. Note the date (i.e. July 16, 2014). HOL-PRT-1464 Page 37HOL-PRT-1464
Advance date on Test Virtual Machine 30 days forward 1. Click on the start menu and type "PowerShell" 2. Right-click on the first result and select "Run as administrator" 3. Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(30) HOL-PRT-1464 Page 38HOL-PRT-1464
Verify files are purged from the Quarantine folder Note that the date moved forward 30 days (i.e. August 15, 2014). Within 2 minutes, the files in the quarantine folder will be purged/deleted per the configuration on the "Virtual Machine Threat Protection Policy". HOL-PRT-1464 Page 39HOL-PRT-1464
Reset time on the Test Virtual Machine Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(-30) Confirm that machine is back to original date (i.e. July 16, 2014). HOL-PRT-1464 Page 40HOL-PRT-1464
Rescan and Whitelisting The rescan option in the Threat Protection Policy’s Quarantine settings rescans the quarantined files when On-Demand Scans are run. Quarantined files are released/restored to original location if they are no longer classified as threats either based on the new definitions or if they are exclusively whitelisted in the Scan Settings of the Security Virtual Appliance configuration base policy (SVA_Config_Base_Policy). In this section you will Rescan after Whitelisting the Eicar test file. Activate a second scan on the Test Virtual Machine 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" HOL-PRT-1464 Page 41HOL-PRT-1464
Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 42HOL-PRT-1464
Add folder Path 1. Click on the "Add" button 2. Enter the path "C:TP_Demo2" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 43HOL-PRT-1464
Verify path on Test Virtual Machine to see if Eicar test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:TP_Demo2 and verify the eicar.txt file is missing. Verify Eicar test file is in quarantine folder Go to "C:VirtualAgentQuarantine" and verify the the eicar.txt quarantined file exists. HOL-PRT-1464 Page 44HOL-PRT-1464
Edit Virtual Machine Threat Protection Policy 1. Return to your Symantec DCS RDP session 2. Go to Policies > Virtual Threat Machine Protection > Workspace >Symantec folder 3. Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit" HOL-PRT-1464 Page 45HOL-PRT-1464
Enable Rescan in the Virtual Machine Threat Protection Policy Check the ‘Rescan quarantined files...” option and click the "Ok" button. HOL-PRT-1464 Page 46HOL-PRT-1464
Edit policy revision number In the resulting "submit changes" pop-up, edit Revision number from 2 to 1. (This avoids steps to reconfigure Security Policy on the vSphere Web Client) Publish Virtual Machine Threat Protection Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Click OK when asked to over-write existing policy. A second pop-up will appear stating that the policy won't take effect until you apply to a Security Group. Click OK to finalize action. HOL-PRT-1464 Page 47HOL-PRT-1464
Find latest "Endpoint threat malware threat detected" event 1. Go to Monitors > Events > Monitor Types > Virtual Machine Threat Protection Events 2. Notice the latest "Endpoint threat malware threat detected" event. Double-click on the event to see event details HOL-PRT-1464 Page 48HOL-PRT-1464
Copy the Eicar test file hash 1. Copy the file hash value by double-clicking on it to highlight it and using keyboard shortcut CTRL + c 2. Close the event detail window HOL-PRT-1464 Page 49HOL-PRT-1464
Edit Security Virtual Appliance Configuration Base Policy 1. Go back to Policies > Virtual Threat Machine Protection > Workspace >Symantec folder 2. Right-click on the "SVA_Config_Base_Policy" and select "Edit" HOL-PRT-1464 Page 50HOL-PRT-1464
Whitelist the Eicar test file 1. Go to the "Scan Settings" tab 2. Click on "Edit[+]" to see the list of whitelisted files 3. Click on the "Add" button 4. In "SHA-256 Digest" field, paste the file has copied using the keyboard shortcut CTRL + v 5. In the "Description" field, type "EICAR Test Demo File" 6. Click "OK" to enter the new entry into the list 7. Click on the "OK" button on the policy to save the change 8. Click on the "Submit" button to submit changes (Note: no need to modify Revision number here) HOL-PRT-1464 Page 51HOL-PRT-1464
HOL-PRT-1464 Page 52HOL-PRT-1464
Publish Security Virtual Appliance Configuration Base Policy Right-click on the "SVA_Config_Based_Policy" and select "Publish". Click OK on the success pop- up. HOL-PRT-1464 Page 53HOL-PRT-1464
Activate a third scan on the Test Virtual Machine 1. Go to back to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 2. Click on the "Refresh" Button 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" HOL-PRT-1464 Page 54HOL-PRT-1464
Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 55HOL-PRT-1464
Add folder Path 1. Click on the "Add" button 2. Enter the path "C:TP_Demo2" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 56HOL-PRT-1464
Verified Whitelisted file was restored 1. Go back to the TestGvm (Test Virtual Machine) RDP session 2. Make sure that the eicar.txt test file in C:TP_Demo2 was restored 3. The Quarantine folder in C:VirtuaAgentQuarantine should be empty HOL-PRT-1464 Page 57HOL-PRT-1464
Module 2 - Demonstrate Symantec's Virtual Machine Network Security Introspection HOL-PRT-1464 Page 58HOL-PRT-1464
Introduction This module discusses: • Registering DCS: Server 6.0 with vCenter and NSX • Register SVA with NSX • Configure Auto-Deployment of vCenter Endpoint Service • Configure Auto-Deployment of Symantec Anti-malware Service • Verify Status of Service Deployment HOL-PRT-1464 Page 59HOL-PRT-1464
Create New NSX Security Policy with Network Introspection Services To begin this module access the vSphere Web Client and go to the "Network and Security" home page. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. HOL-PRT-1464 Page 60HOL-PRT-1464
Create new Security Policy Click on the "Create Security Policy" icon. Name the new Security Policy Name the Security Policy "DCS Network Threat Protection". HOL-PRT-1464 Page 61HOL-PRT-1464
Add a new Network Introspection Service option 1. Click on the 4th option on the left side panel named "Network Introspection Services" 2. Click on the green plus (+) icon to add a new Network Introspection Service HOL-PRT-1464 Page 62HOL-PRT-1464
Provide appropriate entries and selections for new Network Introspection Service 1. Name: "DCS Network Threat" 2. Service Name: "Symantec DataCenter Security Service for VMware NSX" 3. Profile: "Virtual Machine Threat Protection Policy profile" 4. Source: Click on "Change...", on the source pop-up select "Any" 5. Destination: Leave as "Policy's Security Groups" 6. Click the "OK" button • The "Source" and "Destination" selection will apply to “Incoming” traffic from "Any" to the security group where this policy gets applied. • Leave the remaining default settings. HOL-PRT-1464 Page 63HOL-PRT-1464
HOL-PRT-1464 Page 64HOL-PRT-1464
Finalize changes to the existing Security Policy Click on the "Finish" Button to save and finalize the new "DCS Network Threat" security policy. HOL-PRT-1464 Page 65HOL-PRT-1464
Apply new Security Policy to existing Security Group Right-click on the new "DCS Network Threat Protection" and select "Apply Policy". HOL-PRT-1464 Page 66HOL-PRT-1464
Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. HOL-PRT-1464 Page 67HOL-PRT-1464
Simulate Inbound Network Threat in Log Only Mode In this section you will perform the simulation of a network threat, specifically a SQL Injection, to an SQL web front end. The test virtual Machine (TestGvm) is hosting an implementation of PHP for Windows running on an Internet Information Services (IIS) server. The victim website hosted in the Test Virtual machine contains a table with dummy personal identifiable information (PII). A URL with a crafted SQL injection query will be used to test whether the attack is allowed or denied. In this step, the SQL injection simulation will be succesful since the Virtual Machine Threat Detection Policy is set to log only mode. Refresher of Network Security Settings in Virtual Machine Threat Protection policy In an earlier step it was verified that the "Block connection when threats are found (Threats will only be logged when left unchecked)" option was uncheck. There is no need to modify the "Virtual Machine Threat Protection Policy" for this steps since the policy is already modified to only log when the threat is found. Type the URL with a crafted SQL injection query and explore results • From the Controlcenter access the Google Chrome web browser • Click on the "Access PHP File from..." bookmark in the bookmarks bar • or type the URL directly: http://192.168.120.30/ax/gettprojectnodes.php?test=1&root_node=selectfromwhere HOL-PRT-1464 Page 68HOL-PRT-1464
Notice how the URL is structured and the results you get in the web browser. The PII data is now exposed. Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a ‘Guest network threat detected’ event exists. HOL-PRT-1464 Page 69HOL-PRT-1464
Check "Guest network threat detected" event details The remediation status is “Guest network threat logged” since the Virtual Machine Threat Protection Policy is configured to only log when the threat is found. Some of the information logged in the event include: threat name, source and destination IP address and port of the network traffic, among others. HOL-PRT-1464 Page 70HOL-PRT-1464
Simulate Inbound Network Threat and Block It In this step the network threat (SQL injection) will be activated one more time. This time the SQL injection simulation will fail as we will make changes on the Virtual Machine Threat Protection Policy to prevent the attack from occurring. Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. HOL-PRT-1464 Page 71HOL-PRT-1464
Edit the Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". HOL-PRT-1464 Page 72HOL-PRT-1464
Modify Network Security Settings to enable the blockage of threats 1. Check the box next to "Block connection when threats are found..." option. 2. Click on the "Ok" button Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes. HOL-PRT-1464 Page 73HOL-PRT-1464
Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Accept Threat Protection policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing publish policy will appear. Click the "Ok" button. HOL-PRT-1464 Page 74HOL-PRT-1464
Accept Threat Protection Policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. HOL-PRT-1464 Page 75HOL-PRT-1464
Type the URL with a crafted SQL injection query and explore results • From the Controlcenter access the Google Chrome web browser • Click on the "Access PHP File from..." bookmark in the bookmarks bar • or type the URL directly: http://192.168.120.30/ax/gettprojectnodes.php?test=1&root_node=selectfromwhere Notice how the URL is now blocked. The Virtual Machine Threat Protection Policy is now actively blocking network threats. HOL-PRT-1464 Page 76HOL-PRT-1464
Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a ‘Guest network threat detected’ event exists. HOL-PRT-1464 Page 77HOL-PRT-1464
Check "Guest network threat detected" event details The remediation status this time is “Guest network threat blocked” since the Virtual Machine Threat Protection Policy is configured to block the connection when threat is found. HOL-PRT-1464 Page 78HOL-PRT-1464

Recommended

Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest optionsYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Windows guest debugging presentation from KVM Forum 2012
Windows guest debugging presentation from KVM Forum 2012Windows guest debugging presentation from KVM Forum 2012
Windows guest debugging presentation from KVM Forum 2012Yan Vugenfirer
 
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Yan Vugenfirer
 
How to configure esx to pass an audit
How to configure esx to pass an auditHow to configure esx to pass an audit
How to configure esx to pass an auditConcentrated Technology
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 

Recommended

Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest optionsYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Windows guest debugging presentation from KVM Forum 2012
Windows guest debugging presentation from KVM Forum 2012Windows guest debugging presentation from KVM Forum 2012
Windows guest debugging presentation from KVM Forum 2012Yan Vugenfirer
 
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Yan Vugenfirer
 
How to configure esx to pass an audit
How to configure esx to pass an auditHow to configure esx to pass an audit
How to configure esx to pass an auditConcentrated Technology
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5Ploynatcha Akkaraputtipat
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5Ploynatcha Akkaraputtipat
 
Vsp 41 config_max
Vsp 41 config_maxVsp 41 config_max
Vsp 41 config_maxVenkata Ramana
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Ivanti
 
Installation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vmInstallation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vmRon Morgan
 
Setup guide nos-v3_5
Setup guide nos-v3_5Setup guide nos-v3_5
Setup guide nos-v3_5Ploynatcha Akkaraputtipat
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_enAnatoliy Tkachev
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
Top Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows ServerTop Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows ServerBlauge
 
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernelguestf1a032
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksFrank A. Petillo, Sr.
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
154090896 installation-of-oracle-database-12c
154090896 installation-of-oracle-database-12c154090896 installation-of-oracle-database-12c
154090896 installation-of-oracle-database-12cVenkatesh Ramiya Krishnamoorthy
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practicessyrinxtech
 
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Symantec
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 

More Related Content

What's hot

1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Ivanti
 
Installation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vmInstallation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vmRon Morgan
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hangGang He
 
Top Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows ServerTop Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows ServerBlauge
 
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernelguestf1a032
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksFrank A. Petillo, Sr.
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practicessyrinxtech
 

What's hot (20)

Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5
 
Vsp 41 config_max
Vsp 41 config_maxVsp 41 config_max
Vsp 41 config_max
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015
 
Installation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vmInstallation of oracle 12c RAC on linux vm
Installation of oracle 12c RAC on linux vm
 
Setup guide nos-v3_5
Setup guide nos-v3_5Setup guide nos-v3_5
Setup guide nos-v3_5
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practices
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problem
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Mac review 2012_en
Mac review 2012_enMac review 2012_en
Mac review 2012_en
 
Understanding Linux system hang
Understanding Linux system hangUnderstanding Linux system hang
Understanding Linux system hang
 
Top Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows ServerTop Issues For Microsoft Support For Windows Server
Top Issues For Microsoft Support For Windows Server
 
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernel
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and Tricks
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
154090896 installation-of-oracle-database-12c
154090896 installation-of-oracle-database-12c154090896 installation-of-oracle-database-12c
154090896 installation-of-oracle-database-12c
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practices
 

Similar to TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX

Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Symantec
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Install VMWare Tools CentOS 7
Install VMWare Tools CentOS 7Install VMWare Tools CentOS 7
Install VMWare Tools CentOS 7VCP Muthukrishna
 
Symantec CryptoExec for WHMCS - Installation and Management Guide
Symantec CryptoExec for WHMCS - Installation and Management GuideSymantec CryptoExec for WHMCS - Installation and Management Guide
Symantec CryptoExec for WHMCS - Installation and Management GuideSSLRenewals
 
sfdx continuous Integration with Jenkins on aws (Part I)
sfdx continuous Integration with Jenkins on aws (Part I)sfdx continuous Integration with Jenkins on aws (Part I)
sfdx continuous Integration with Jenkins on aws (Part I)Jérémy Vial
 
Netbackup intallation guide
Netbackup intallation guideNetbackup intallation guide
Netbackup intallation guiderajan981
 
Report on forensics tools
Report on forensics toolsReport on forensics tools
Report on forensics toolsVishnuPratap7
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
Monitoring Windows Server Systems Demo Script
Monitoring Windows Server Systems Demo ScriptMonitoring Windows Server Systems Demo Script
Monitoring Windows Server Systems Demo ScriptMicrosoft TechNet
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityHTS Hosting
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld
 
VMWare Tools Installation and Troubleshooting Guide
VMWare Tools Installation and Troubleshooting GuideVMWare Tools Installation and Troubleshooting Guide
VMWare Tools Installation and Troubleshooting GuideVCP Muthukrishna
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
AmazonRTOS - Antonio Luciano
AmazonRTOS - Antonio LucianoAmazonRTOS - Antonio Luciano
AmazonRTOS - Antonio LucianoAntonio Luciano
 
Configuration testing
Configuration testingConfiguration testing
Configuration testingfarouq umar
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Virtualizing citrix access gateway step by step
Virtualizing citrix access gateway step by stepVirtualizing citrix access gateway step by step
Virtualizing citrix access gateway step by steprcrusco
 
How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devicesSusant Sahani
 

Similar to TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX (20)

Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vault
 
Install VMWare Tools CentOS 7
Install VMWare Tools CentOS 7Install VMWare Tools CentOS 7
Install VMWare Tools CentOS 7
 
Symantec CryptoExec for WHMCS - Installation and Management Guide
Symantec CryptoExec for WHMCS - Installation and Management GuideSymantec CryptoExec for WHMCS - Installation and Management Guide
Symantec CryptoExec for WHMCS - Installation and Management Guide
 
sfdx continuous Integration with Jenkins on aws (Part I)
sfdx continuous Integration with Jenkins on aws (Part I)sfdx continuous Integration with Jenkins on aws (Part I)
sfdx continuous Integration with Jenkins on aws (Part I)
 
Netbackup intallation guide
Netbackup intallation guideNetbackup intallation guide
Netbackup intallation guide
 
Report on forensics tools
Report on forensics toolsReport on forensics tools
Report on forensics tools
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_Lab
 
Monitoring Windows Server Systems Demo Script
Monitoring Windows Server Systems Demo ScriptMonitoring Windows Server Systems Demo Script
Monitoring Windows Server Systems Demo Script
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server Security
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
 
VMWare Tools Installation and Troubleshooting Guide
VMWare Tools Installation and Troubleshooting GuideVMWare Tools Installation and Troubleshooting Guide
VMWare Tools Installation and Troubleshooting Guide
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
AmazonRTOS - Antonio Luciano
AmazonRTOS - Antonio LucianoAmazonRTOS - Antonio Luciano
AmazonRTOS - Antonio Luciano
 
Configuration testing
Configuration testingConfiguration testing
Configuration testing
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Virtualizing citrix access gateway step by step
Virtualizing citrix access gateway step by stepVirtualizing citrix access gateway step by step
Virtualizing citrix access gateway step by step
 
How to-simulate-network-devices
How to-simulate-network-devicesHow to-simulate-network-devices
How to-simulate-network-devices
 

More from Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Recently uploaded (20)

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX

  • 2. Table of Contents HOL-PRT-1464 - Applying Data Center Security with Symantec & VMware NSX............................... 3 Lab Overview ............................................................................................................................ 4 Configuring policies, Test Virtual Machine and NSX Security Group................................................... 5 Introduction ............................................................................................................................... 6 Prepare Test Virtual Machine.................................................................................................... 7 Deploy Virtual Machine Threat Protection Policy .................................................................... 10 Create a NSX Security Group ................................................................................................. 17 Module 1 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features .. 21 Introduction ............................................................................................................................. 22 Threat Detection and Quarantine............................................................................................ 23 Purging.................................................................................................................................... 37 Rescan and Whitelisting.......................................................................................................... 41 Module 2 - Demonstrate Symantec's Virtual Machine Network Security Introspection ..................... 58 Introduction ............................................................................................................................. 59 Create New NSX Security Policy with Network Introspection Services .................................. 60 Simulate Inbound Network Threat in Log Only Mode ............................................................ 68 Simulate Inbound Network Threat and Block It....................................................................... 71 HOL-PRT-1464 Page 2HOL-PRT-1464
  • 3. HOL-PRT-1464 - Applying Data Center Security with Symantec & VMware NSX HOL-PRT-1464 Page 3HOL-PRT-1464
  • 4. Lab Overview With SDDC, there is even more demand for application to be made available at the speed of business leading to automation in orchestration and deployment. This has enabled IT organization to be agile and lower their time to market. However we continue to see security as a bottleneck. Symantec Datacenter Secuity:Server removes this bottle neck by lowering security tax by providing threat protection with best in class AV scan engine of Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies i.e. mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware protection for workloads on Software Defined Data Center. HOL-PRT-1464 Page 4HOL-PRT-1464
  • 5. Configuring policies, Test Virtual Machine and NSX Security Group HOL-PRT-1464 Page 5HOL-PRT-1464
  • 6. Introduction In this section you will do the prep work that is required for the both the module. As part of this you will: • Prepare the Test Guest Virtual Machine • Access Symantec Data Center: Server management console to create threat protection policy and publish them to VMware NSX. • Use VMware NSX Service Composer to create security groups, add virtual machines to this group. HOL-PRT-1464 Page 6HOL-PRT-1464
  • 7. Prepare Test Virtual Machine To begin with these steps ,make sure you are in the Controlcenter VM. Access the Test Virtual Machine via RDP Double-click on the "TestGvm.RDP" shortcut on the Desktop. Unzip the Eicar text file Double-click on the eicar.zip on the Desktop. Notice that inside this zip file there is a text file called "eicar.txt". Eicar files are used to test threat protection engines. While real malware could do damage, this test file allows you to test anti-virus software without having to use a real virus file. Eicar files are set as verified virus file. For this test, the Eicar test file will be used to test threat protection features of Symantec Data Center Security:Server scan engine. This file will be copy to several locations in the next steps. Leave the window up. HOL-PRT-1464 Page 7HOL-PRT-1464
  • 8. Create first demo folder Go to the C: drive and create a folder called "TP_Demo1". Add Eicar text file to first demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo1" folder. Create second demo folder Go back to the C: drive and create another folder called "TP_Demo2". HOL-PRT-1464 Page 8HOL-PRT-1464
  • 9. Add Eicar text file to second demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo2" folder. Clean up all of the remaining Eicar files There are several other locations where the Eicar test file(s) are located. Removing these files will allow for less false positives. Delete EICAR zip file from Desktop Right-click on the eicar.zip on the Desktop and select Delete. Close all folder and files To prevent the On-Access Scan on test files close all folder and files opened. Minimize the Test Virtual Machine RDP session The preparation for the Test Virtual Machine is now completed. Minimize the TestGvm RDP session. HOL-PRT-1464 Page 9HOL-PRT-1464
  • 10. Deploy Virtual Machine Threat Protection Policy To begin with this steps return to the Controlcenter VM. Access the Symantec Data Center Security: Server Management Server Double-click on the "Symantec DCS.RDP" shortcut on the Desktop of the Controlcenter. Symantec Data Center Security: Server Management Console Click on the "Management Console" shortcut on the Desktop of the Symantec DCS RDP session. HOL-PRT-1464 Page 10HOL-PRT-1464
  • 11. Log into the Management Console Credentials to access the Management Console are: • User name: symadmin • Password: VMware1! Click on the "Log On" button Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. HOL-PRT-1464 Page 11HOL-PRT-1464
  • 12. Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. Edit the existing Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". HOL-PRT-1464 Page 12HOL-PRT-1464
  • 13. Disable the Rescan policy option On the Policy's General Settings, uncheck the box next to "Rescan Quarantine files when On-Demand scans runs" option. This feature will be enabled in a later step. HOL-PRT-1464 Page 13HOL-PRT-1464
  • 14. Verify proper Network Security Settings Verify that the checkbox next to "Block connection when threats are found..." option is unchecked. Notice that this setting will allow the policy to only log threats. In a later module this feature will be enabled to test Symantec's Network Threat Protection Services. Save Policy Settings Click the "OK" button to save policy settings. HOL-PRT-1464 Page 14HOL-PRT-1464
  • 15. Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". HOL-PRT-1464 Page 15HOL-PRT-1464
  • 16. Accept Threat Protection Policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing published policy will appear. Click the "Ok" button. The same policy will be used through out the lab so overwriting the policy is part of the normal process. Accept Threat Protection policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection Policy was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. Minimize the Symantec DCS RDP session The configuration changes and deployment of the Threat Protection Policy are now completed. Minimize the Symantec DCS RDP session. HOL-PRT-1464 Page 16HOL-PRT-1464
  • 17. Create a NSX Security Group In this section you will : • Create security group which will contain the Test virtual machine. This NSX security group(s) will be used for the upcoming modules. To begin with this steps make sure are in the Controlcenter VM. Acces Google Chrome Web Browser On the ControlCenter VM, click on the Google Chrome web browser shortcut on the Desktop. Feel free to select another browser if desire. Access the vSphere Web Client homepage Click on the Google Chrome's link shortcut displayed below. HOL-PRT-1464 Page 17HOL-PRT-1464
  • 18. Login to the vSphere Web Client Home Page Use the following credentials... • User name: root • Password: VMware1! Do not use Windows session authentication. Access the Network & Security panel (NSX) On the vSphere Web Client home page select the "Network and Security" tab to access the VMware NSX appliance settings. HOL-PRT-1464 Page 18HOL-PRT-1464
  • 19. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Groups tab Click on the "Security Groups" tab. Create a new Security Group Click on the "New Security Group" icon. HOL-PRT-1464 Page 19HOL-PRT-1464
  • 20. Name the Security Group Name the security group "Symantec Protected Group". No need to add a description. Include Test Virtual Machine to new Security Group 1. Select the 3rd option "Select objects to include". 2. Scroll through the filters until you find "Virtual Machine" and click on it. 3. Select the Test Virtual Machine (Win7-DCS-TestGvm) 4. Click the "Finish" button. HOL-PRT-1464 Page 20HOL-PRT-1464
  • 21. Module 1 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features HOL-PRT-1464 Page 21HOL-PRT-1464
  • 22. Introduction In this module you will learn how to : • Create security policies using VMware NSX Service Composer. • Add endpoint service for Anti-Virus • Use VMware NSX Service Composer to consume policy created by Symantec Data Center Security:Server • Map this policy to a security group thats used to protect a Guest Virtual Machine (GVM) • Use Data Center Security:Server manger console to verify the GVM's that are monitored and protected • Evaluate the flexibility of Data Center Security:Server by creating targeted scan • Review quarantined files and their event description. HOL-PRT-1464 Page 22HOL-PRT-1464
  • 23. Threat Detection and Quarantine To begin this module access the vSphere Web Client and go to the "Network and Security" home page. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. HOL-PRT-1464 Page 23HOL-PRT-1464
  • 24. Create new Security Policy Click on the "Create Security Policy" icon. Name the Security Policy Name the Security Policy "DCS AV Security Policy". Leave all the defaults. Click on the "Next" button. HOL-PRT-1464 Page 24HOL-PRT-1464
  • 25. Add an Endpoint Service Click on the "Add endpoint service" icon. HOL-PRT-1464 Page 25HOL-PRT-1464
  • 26. Provide appropriate entries and selections for new Endpoint Service 1. Name: "DCS AV Policy" 2. Action: "Apply" 3. Service Type: "Anti Virus" 4. Service Name: "Symantec DataCenter Security for VMware NSX 5. Service Configuration: "Virtual Machine Threat Protection Policy" 6. State: "Enabled" 7. Enforce: "Yes" 8. Click the "OK" button HOL-PRT-1464 Page 26HOL-PRT-1464
  • 27. Complete the new Security Policy Click on the "Finish" Button to complete the policy. Apply new Security Policy to existing Security Group Right-click on the new "DCS AV Security Policy" and select "Apply Policy". HOL-PRT-1464 Page 27HOL-PRT-1464
  • 28. Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. HOL-PRT-1464 Page 28HOL-PRT-1464
  • 29. Check Security Groups in the Symantec Data Center Security: Server Management Console 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups 3. Click "Refresh" 4. Once the refresh completes the "Symantec Protected Group" should appear in the list of Security Groups Verify that Test Virtual Machine is protected Double-click on the "Symantec Protected Group" to check if the test virtual machine is under the Protected Guest VMs. HOL-PRT-1464 Page 29HOL-PRT-1464
  • 30. Activate a scan on the Test Virtual Machine Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now". HOL-PRT-1464 Page 30HOL-PRT-1464
  • 31. Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 31HOL-PRT-1464
  • 32. Add folder Path Click on the "Add" button and enter the path "C:TP_Demo1". Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 32HOL-PRT-1464
  • 33. Verify path on Test Virtual Machine to see if EICAR test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:TP_Demo1 and verify the eicar.txt file is missing. HOL-PRT-1464 Page 33HOL-PRT-1464
  • 34. Find the quarantined file Go to "C:VirtualAgentQuarantine" and verify a file exists. This is the quarantined Eicar test file. Note: Several other files could be present in this folder. Make sure you check the date of the modified date of the file(s) present. The name of the file in this quarantine folder will also differ. Verify data inside quarantine file is obfuscated Open this file in notepad. Verify the data is obfuscated (i.e. Eicar string is not readable). HOL-PRT-1464 Page 34HOL-PRT-1464
  • 35. Verify that "Endpoint malware threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Minimize the current TestGvm RDP session and return back to the Symantec DCS RDP session 2. Go to Monitors > Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a "Endpoint malware threat detected" event exists. HOL-PRT-1464 Page 35HOL-PRT-1464
  • 36. Check "Endpoint malware threat detected" event details Double-click on the "Endpoint malware threat detected" event. Verify you see the infected file is "C:TP_Demo1eicar.txt". HOL-PRT-1464 Page 36HOL-PRT-1464
  • 37. Purging In the previous section a eicar.txt file was quarantined. In this section, you will see how Data Center Security: Server can be configured to purge quarantined files after a specific time. Confirm purge quarantine files time interval Per the "Virtual Machine Threat Protection Policy", the quarantine file feature was enabled and the default for purging quarantine files was left to purge files older than 30 days. In the next set of steps the Test Virtual Machine's time and date will be modify to make sure that the quarantined file (C:TP_Demo1eicar.txt) is successfully purged from the system after the set time interval. Note the date on the Test Virtual Machine Open the date/time pop-up on the bottom right of the screen. Note the date (i.e. July 16, 2014). HOL-PRT-1464 Page 37HOL-PRT-1464
  • 38. Advance date on Test Virtual Machine 30 days forward 1. Click on the start menu and type "PowerShell" 2. Right-click on the first result and select "Run as administrator" 3. Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(30) HOL-PRT-1464 Page 38HOL-PRT-1464
  • 39. Verify files are purged from the Quarantine folder Note that the date moved forward 30 days (i.e. August 15, 2014). Within 2 minutes, the files in the quarantine folder will be purged/deleted per the configuration on the "Virtual Machine Threat Protection Policy". HOL-PRT-1464 Page 39HOL-PRT-1464
  • 40. Reset time on the Test Virtual Machine Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(-30) Confirm that machine is back to original date (i.e. July 16, 2014). HOL-PRT-1464 Page 40HOL-PRT-1464
  • 41. Rescan and Whitelisting The rescan option in the Threat Protection Policy’s Quarantine settings rescans the quarantined files when On-Demand Scans are run. Quarantined files are released/restored to original location if they are no longer classified as threats either based on the new definitions or if they are exclusively whitelisted in the Scan Settings of the Security Virtual Appliance configuration base policy (SVA_Config_Base_Policy). In this section you will Rescan after Whitelisting the Eicar test file. Activate a second scan on the Test Virtual Machine 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" HOL-PRT-1464 Page 41HOL-PRT-1464
  • 42. Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 42HOL-PRT-1464
  • 43. Add folder Path 1. Click on the "Add" button 2. Enter the path "C:TP_Demo2" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 43HOL-PRT-1464
  • 44. Verify path on Test Virtual Machine to see if Eicar test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:TP_Demo2 and verify the eicar.txt file is missing. Verify Eicar test file is in quarantine folder Go to "C:VirtualAgentQuarantine" and verify the the eicar.txt quarantined file exists. HOL-PRT-1464 Page 44HOL-PRT-1464
  • 45. Edit Virtual Machine Threat Protection Policy 1. Return to your Symantec DCS RDP session 2. Go to Policies > Virtual Threat Machine Protection > Workspace >Symantec folder 3. Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit" HOL-PRT-1464 Page 45HOL-PRT-1464
  • 46. Enable Rescan in the Virtual Machine Threat Protection Policy Check the ‘Rescan quarantined files...” option and click the "Ok" button. HOL-PRT-1464 Page 46HOL-PRT-1464
  • 47. Edit policy revision number In the resulting "submit changes" pop-up, edit Revision number from 2 to 1. (This avoids steps to reconfigure Security Policy on the vSphere Web Client) Publish Virtual Machine Threat Protection Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Click OK when asked to over-write existing policy. A second pop-up will appear stating that the policy won't take effect until you apply to a Security Group. Click OK to finalize action. HOL-PRT-1464 Page 47HOL-PRT-1464
  • 48. Find latest "Endpoint threat malware threat detected" event 1. Go to Monitors > Events > Monitor Types > Virtual Machine Threat Protection Events 2. Notice the latest "Endpoint threat malware threat detected" event. Double-click on the event to see event details HOL-PRT-1464 Page 48HOL-PRT-1464
  • 49. Copy the Eicar test file hash 1. Copy the file hash value by double-clicking on it to highlight it and using keyboard shortcut CTRL + c 2. Close the event detail window HOL-PRT-1464 Page 49HOL-PRT-1464
  • 50. Edit Security Virtual Appliance Configuration Base Policy 1. Go back to Policies > Virtual Threat Machine Protection > Workspace >Symantec folder 2. Right-click on the "SVA_Config_Base_Policy" and select "Edit" HOL-PRT-1464 Page 50HOL-PRT-1464
  • 51. Whitelist the Eicar test file 1. Go to the "Scan Settings" tab 2. Click on "Edit[+]" to see the list of whitelisted files 3. Click on the "Add" button 4. In "SHA-256 Digest" field, paste the file has copied using the keyboard shortcut CTRL + v 5. In the "Description" field, type "EICAR Test Demo File" 6. Click "OK" to enter the new entry into the list 7. Click on the "OK" button on the policy to save the change 8. Click on the "Submit" button to submit changes (Note: no need to modify Revision number here) HOL-PRT-1464 Page 51HOL-PRT-1464
  • 53. Publish Security Virtual Appliance Configuration Base Policy Right-click on the "SVA_Config_Based_Policy" and select "Publish". Click OK on the success pop- up. HOL-PRT-1464 Page 53HOL-PRT-1464
  • 54. Activate a third scan on the Test Virtual Machine 1. Go to back to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 2. Click on the "Refresh" Button 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" HOL-PRT-1464 Page 54HOL-PRT-1464
  • 55. Select scan type option In the resulting pop-up, select "Scan Targeted Paths". HOL-PRT-1464 Page 55HOL-PRT-1464
  • 56. Add folder Path 1. Click on the "Add" button 2. Enter the path "C:TP_Demo2" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. HOL-PRT-1464 Page 56HOL-PRT-1464
  • 57. Verified Whitelisted file was restored 1. Go back to the TestGvm (Test Virtual Machine) RDP session 2. Make sure that the eicar.txt test file in C:TP_Demo2 was restored 3. The Quarantine folder in C:VirtuaAgentQuarantine should be empty HOL-PRT-1464 Page 57HOL-PRT-1464
  • 58. Module 2 - Demonstrate Symantec's Virtual Machine Network Security Introspection HOL-PRT-1464 Page 58HOL-PRT-1464
  • 59. Introduction This module discusses: • Registering DCS: Server 6.0 with vCenter and NSX • Register SVA with NSX • Configure Auto-Deployment of vCenter Endpoint Service • Configure Auto-Deployment of Symantec Anti-malware Service • Verify Status of Service Deployment HOL-PRT-1464 Page 59HOL-PRT-1464
  • 60. Create New NSX Security Policy with Network Introspection Services To begin this module access the vSphere Web Client and go to the "Network and Security" home page. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. HOL-PRT-1464 Page 60HOL-PRT-1464
  • 61. Create new Security Policy Click on the "Create Security Policy" icon. Name the new Security Policy Name the Security Policy "DCS Network Threat Protection". HOL-PRT-1464 Page 61HOL-PRT-1464
  • 62. Add a new Network Introspection Service option 1. Click on the 4th option on the left side panel named "Network Introspection Services" 2. Click on the green plus (+) icon to add a new Network Introspection Service HOL-PRT-1464 Page 62HOL-PRT-1464
  • 63. Provide appropriate entries and selections for new Network Introspection Service 1. Name: "DCS Network Threat" 2. Service Name: "Symantec DataCenter Security Service for VMware NSX" 3. Profile: "Virtual Machine Threat Protection Policy profile" 4. Source: Click on "Change...", on the source pop-up select "Any" 5. Destination: Leave as "Policy's Security Groups" 6. Click the "OK" button • The "Source" and "Destination" selection will apply to “Incoming” traffic from "Any" to the security group where this policy gets applied. • Leave the remaining default settings. HOL-PRT-1464 Page 63HOL-PRT-1464
  • 65. Finalize changes to the existing Security Policy Click on the "Finish" Button to save and finalize the new "DCS Network Threat" security policy. HOL-PRT-1464 Page 65HOL-PRT-1464
  • 66. Apply new Security Policy to existing Security Group Right-click on the new "DCS Network Threat Protection" and select "Apply Policy". HOL-PRT-1464 Page 66HOL-PRT-1464
  • 67. Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. HOL-PRT-1464 Page 67HOL-PRT-1464
  • 68. Simulate Inbound Network Threat in Log Only Mode In this section you will perform the simulation of a network threat, specifically a SQL Injection, to an SQL web front end. The test virtual Machine (TestGvm) is hosting an implementation of PHP for Windows running on an Internet Information Services (IIS) server. The victim website hosted in the Test Virtual machine contains a table with dummy personal identifiable information (PII). A URL with a crafted SQL injection query will be used to test whether the attack is allowed or denied. In this step, the SQL injection simulation will be succesful since the Virtual Machine Threat Detection Policy is set to log only mode. Refresher of Network Security Settings in Virtual Machine Threat Protection policy In an earlier step it was verified that the "Block connection when threats are found (Threats will only be logged when left unchecked)" option was uncheck. There is no need to modify the "Virtual Machine Threat Protection Policy" for this steps since the policy is already modified to only log when the threat is found. Type the URL with a crafted SQL injection query and explore results • From the Controlcenter access the Google Chrome web browser • Click on the "Access PHP File from..." bookmark in the bookmarks bar • or type the URL directly: http://192.168.120.30/ax/gettprojectnodes.php?test=1&root_node=selectfromwhere HOL-PRT-1464 Page 68HOL-PRT-1464
  • 69. Notice how the URL is structured and the results you get in the web browser. The PII data is now exposed. Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a ‘Guest network threat detected’ event exists. HOL-PRT-1464 Page 69HOL-PRT-1464
  • 70. Check "Guest network threat detected" event details The remediation status is “Guest network threat logged” since the Virtual Machine Threat Protection Policy is configured to only log when the threat is found. Some of the information logged in the event include: threat name, source and destination IP address and port of the network traffic, among others. HOL-PRT-1464 Page 70HOL-PRT-1464
  • 71. Simulate Inbound Network Threat and Block It In this step the network threat (SQL injection) will be activated one more time. This time the SQL injection simulation will fail as we will make changes on the Virtual Machine Threat Protection Policy to prevent the attack from occurring. Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. HOL-PRT-1464 Page 71HOL-PRT-1464
  • 72. Edit the Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". HOL-PRT-1464 Page 72HOL-PRT-1464
  • 73. Modify Network Security Settings to enable the blockage of threats 1. Check the box next to "Block connection when threats are found..." option. 2. Click on the "Ok" button Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes. HOL-PRT-1464 Page 73HOL-PRT-1464
  • 74. Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Accept Threat Protection policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing publish policy will appear. Click the "Ok" button. HOL-PRT-1464 Page 74HOL-PRT-1464
  • 75. Accept Threat Protection Policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. HOL-PRT-1464 Page 75HOL-PRT-1464
  • 76. Type the URL with a crafted SQL injection query and explore results • From the Controlcenter access the Google Chrome web browser • Click on the "Access PHP File from..." bookmark in the bookmarks bar • or type the URL directly: http://192.168.120.30/ax/gettprojectnodes.php?test=1&root_node=selectfromwhere Notice how the URL is now blocked. The Virtual Machine Threat Protection Policy is now actively blocking network threats. HOL-PRT-1464 Page 76HOL-PRT-1464
  • 77. Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a ‘Guest network threat detected’ event exists. HOL-PRT-1464 Page 77HOL-PRT-1464
  • 78. Check "Guest network threat detected" event details The remediation status this time is “Guest network threat blocked” since the Virtual Machine Threat Protection Policy is configured to block the connection when threat is found. HOL-PRT-1464 Page 78HOL-PRT-1464