作者: Allen Chung

http://www.symantec.com/business/support/index?page=content&id=DOC5442&locale=zh_TW

賽門鐵克在 2012 年 1 月，確認 pcAnywhere 原始程式碼遭到暴露，由駭客公開張貼。當時，賽門鐵克發布了一個修補程式來因應直接的漏洞。

此外，賽門鐵克也當下決定 pcAnywhere 安全性模型需要更新。

此更新既要針對傳統 pcAnywhere 產品又要針對 pcAnywhere Solution (是 Symantec Client Management Suite (CMS) 的一部分)，確保 pcAnywhere 通訊的安全性。

由於安全更新，這個新版的 pcAnywhere 與舊版不相容，也不連線至較舊版本的 pcAnywhere。

賽門鐵克建議客戶安裝最新版的 pcAnywhere (12.5 SP4 或 Solution 12.6.7)，並遵循一般安全性最佳實務準則。最新版的 pcAnywhere 包括所有先前的修補程式及更新的安全性模型。

如需升級指示，請參閱以下文章：
pcAnywhere 12.5 SP4 Release Notes (「pcAnywhere 12.5 SP4 版本說明」)

pcAnywhere 12.5 SP4 移除的功能

pcAnywhere 12.5 SP4 移除了過時的產品功能。此版的 pcAnywhere 不再提供下列功能。

• Symantec pcAnywhere Web Remote
• Symantec pcAnywhere Mobile
• Symantec pcAnywhere CrossPlatform
• Symantec pcAnywhere 閘道
• 被控端管理員
• Web 部署工具
• NetBIOS 和 SPX 連線類型和支援
• 支援除 Windows 適用的 pcAnywhere、NT 和 AD 以外的所有驗證類型

 

 

 

【完整的英文內容請參考下方資訊】

http://www.symantec.com/business/support/index?page=content&id=DOC5442&locale=en_US

Description

Introduction

In January 2012, Symantec confirmed that pcAnywhere source code was exposed by hackers who posted the code publicly. At that time, Symantec responded with a hot fix to address immediate vulnerabilities. In addition, Symantec determined that the pcAnywhere security model required an update. This update secures pcAnywhere communications for the traditional pcAnywhere product as well as the pcAnywhere Solution, which is part of the Symantec Client Management Suite (CMS).

As a result of the security updates, this new version of pcAnywhere is not backward-compatible with, and will not connect to, older versions of pcAnywhere.

Symantec recommends that customers install the latest version of pcAnywhere (12.5 SP4 or Solution 12.6.7) and follow general security best practices. The latest version of pcAnywhere includes all previous hot fixes and the updated security model.

For additional information visit go.symantec.com/sourcecode

pcAnywhere Access Server
Access Server is not supported by latest version of pcAnywhere. As a result of the source code being exposed, Symantec determined that Access Server is not secure for Internet-based remote control sessions. Since Access Server is not secure, the updated security model in the latest version of pcAnywhere does not allow communication with Access Server.

See the pcAnywhere Security Best Practices guide for risk scenarios and recommended security practices for using pcAnywhere and Access Server. In the absence of Access Server, Symantec recommends that you use VPN for Internet-based remote control sessions.

Upgrading to pcAnywhere 12.5 SP4

What should I do if my organization uses pcAnywhere?

Symantec recommends that customers install the latest version of pcAnywhere and follow general security best practices. The latest version of pcAnywhere includes all previous hot fixes and the updated security model.

For upgrade instructions, see the following article:
pcAnywhere 12.5 SP4 Release Notes

Features removed in pcAnywhere 12.5 SP4

In pcAnywhere 12.5 SP4 outdated product features were removed. The features listed below are no longer available in this version of pcAnywhere.

• Access Server
• Symantec pcAnywhere Web Remote
• Symantec pcAnywhere Mobile
• Symantec pcAnywhere CrossPlatform for Remote and Host
• Symantec pcAnywhere Gateway
• Host Assessment tool
• Host Administrator tool
• Package deployment tool
• Web deployment tool
• NetBIOS and SPX connection type support
• Support for all authentication types except pcAnywhere, NT, and AD for Windows/pcAnywhere and Apple Open Directory for Mac/pcAnywhere and Linux PAM for Linux
• Option for making passwords case sensitive on the Security Options tab of Host Properties dialog box
• Option to deplo y thin host if host is not present on pcAQuick Connect dialog box
• Encryption tab on pcAnywhere options dialog box

http://kb.parallels.com/en/5029

How to uninstall/delete a Virtual Machine in Parallels Desktop for Mac

Article ID: 5029

Created On: Apr 15, 2008

Last Review: Sep 6, 2013

Views:

APPLIES TO:

• Parallels Desktop 9 for Mac
• Parallels Desktop 8 for Mac

Resolution

To delete/uninstall your virtual machine (VM):

1. Launch Parallels Desktop, but do not start your virtual machine;
2. Open virtual machines list by right-clicking the application icon in the Dock -> Virtual Machines List

   

3. Right-click on your VM in the list;
4. Choose Remove in the menu.

   

5. Or open the Virtual Machine window, in the Parallels Desktop menu choose File -> Remove.

   

6. You can Keep files in case you wish to have access to files saved on this virtual machine. Choose Move to Trash if you do not need any data located in this Virtual Machine and want to remove it completely.

(IMPORTANT: This operation is IRREVERSIBLE. The Virtual Machine will be deleted, and there is no way to restore it.)

NOTE: If you do not have Parallels Desktop for Mac installed on your Mac, search for .pvm file in either /Users/username/Documents/Parallels/ or /Users/Shared/Parallels/ and move it to Trash. You may use Spotlight to find the virtual machine. Type “.pvm” in the Spotlight search bar to locate the Parallels Virtual Machine on your Mac.

【PGP 產品新舊品名對照】

http://www.symantec.com/business/support/index?page=content&id=TECH197084

 

【PGP 產品與內容物】

 

依據您所購買與輸入的 License key，此畫面會 [勾選] 出相對應的產品 ( 此畫面為 PGP Desktop Enterprise 或稱 PGP Desktop Corporate  )

以下是 PGP Desktop 的產品組合與內容物

 

• PGP Desktop Email = PGP Messaging
• PGP 套裝產品均含 (PGP Whole Disk、PGP Virtual Disk、PGP Zip)
• PGP Portable 已停產 ( 由 SEE RSE 取代 )，但 PGP Universal Server 主控台中仍可啟用 PGP Portable

PGP 還可以進行的操作

如果要更改合約聯絡人，請進行以下步驟：

1. 下載並填寫異動申請表

2. 信件書寫範例

主旨：Please help to change the license contract contact
內容：Please check the attachement and change the license contract contact.

3.請使用同單位 (必須要是一樣的 mail domain) 的信箱，將此信件及附件寄至 Data_Management-APAC@symantec.com

 

※ 異動申請表請填寫紅色欄位

可以撥打 【02-8761-5800 #4 (企業業務問題諮詢) #1  (非技術問題)】

告訴客服人員沒有收到升級通知信件，客服會要求提供產品序號 Mxxxxxxxxxx

然後會將升級通知信件再次發給原合約聯絡人，並詢問還要額外發給誰 (必須要是一樣的 mail domain)

關於SEE RSE 【限制使用者安裝或使用 SEE client】& 【加密密碼更新】

1. SEE RSE 【限制使用者安裝或使用 SEE client】

SEE RSE 安裝會需要重開機，重開機後會要求註冊

如果勾選註冊時需要密碼驗證，那麼撿到此 SEE client 安裝程式的人，即使安裝了 SEE client 也無法使用(此註冊密碼可以在主控台管控)

也可以透過以下管理員帳戶來反註冊，或設定多久時間沒有登入就自動反註冊

2. 【加密密碼更新】

(1) 加密可以採用密碼加密，或是憑證加密

(2) default password

如果用戶端沒有設定 default password，則每次將檔案拖曳至隨身碟時，會跳出密碼視窗，請於此輸入加密密碼

如果用戶端 有設定 default password，則每次將檔案拖曳至隨身碟時，會直接使用此default password 來對檔案進行加密

先前對檔案加密時所使用的密碼(default password 或自行輸入的密碼)如需更改，僅能透過手動方式修改

不過，如果是透過 default password 加密的使用者，修改則相對簡單，只需要將隨身碟中的檔案拖曳回個人電腦 ( 自動解密 )，再拖曳回隨身碟 ( 就會自動以新的 default password 加密 )

(3) Workgroup Key

Workgroup Key 也是屬於密碼加密，舊的 Workgroup Key 若要異動，也需要重新加密

3. 以下是隨身碟插入有安裝 SEE Client 後的狀況

隨身碟圖示更改

自動複製 Access Utility

未安裝 SEE Client 的用戶端看到加密檔案是以 .XML 格式呈現

直接開啟會顯示亂碼

必須執行 Access Utility 來開啟加密檔案，Access Utility 視窗中加密檔案呈現紅色鎖頭

嘗試開啟會求輸入解密密碼

預設有4次錯誤密碼的容許次數，超次後會暫停1分鐘 (可設定)，5分鐘後會再 reset 成4次錯誤密碼的容許次數

PGP Universal integrated with AD

 

請先 Enable Directory Synchronization

按下左下方【Settings】

勾選【Enroll clients using directory authentication】來整合 AD 驗證

按下【Add LDAP Directory】

name：給予一個 LDAP 識別名稱 (例如：elite2003.intra)

Type：如果是 AD 就選 (Active Directory)

LDAP Credentialsl： 輸入 AD 使用者名稱與帳號密碼

[Bind DN]：請輸入AD帳戶，格式範例 (CN=Administrator,CN=Users,DC=elite2003,DC=intra)

[Passphrase]：請輸入AD帳戶的密碼

Hostname：輸入 AD 主機名稱或 IP (2003.elite2003.intra)

port ：(389)

Protocol： (LDAP)

然後按下【Test Connection】確認連線正常

按下【Browse Base DNs】來定義 Base DN 搜尋範圍

按下【View Sample Records】來確認有撈到使用者

有撈到使用者

在 Group Setting 中定義 Group Membership

例如：

Attribute：(memberOf)

Value：( CN=pgp_group,OU=PGP_OU,DC=elite2003,DC=intra)

勾選【Enable Silent Enrollment】

允許 Single Sign-On

之後就可以下載用戶端安裝程式來安裝

Upgrade to SEE 8.2.1 MP7

Upgrade Management Server

Upgrade SEE Manager

1.MSIEXEC /i “[path]\Symantec Endpoint Encryption Framework[ x64].msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

MSIEXEC /i “D:\Symantec_Endpoint_Encryption_8.2.1_MP7_Removable_Storage_EN\ Symantec Endpoint Encryption Framework x64.msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

2.MSIEXEC /i “[path]\Symantec Endpoint Encryption Full Disk Edition[ x64].msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

MSIEXEC /i ” D:\Symantec_Endpoint_Encryption_8.2.1_MP7_Full_Disk_EN\SEE-FD\Server Installers\ Symantec Endpoint Encryption Full Disk Edition x64.msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

3.MSIEXEC /i “[path]\Symantec Endpoint Encryption Removable Storage[ x64].msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

MSIEXEC /i “D:\Symantec_Endpoint_Encryption_8.2.1_MP7_Removable_Storage_EN\ Symantec Endpoint Encryption Removable Storage x64.msi” REINSTALL=”ALL” REINSTALLMODE=”vomus”

Upgrade Windows Client

同上

SEE Removable Storage Edition 用戶端登入

123

未來Full Disk 忘記密碼時，可以透過以下問答的驗證來允許登入

SEE Administrator Client

用 Client Administrator 登入後，可以取消註冊到 SEE 的用戶端

插入的 USB 是屬於例外的裝置，新增的檔案不會被加密

SEERemovableStorageAccessUtility (Windows & Mac) 會自動 copy 至 USB 中

SEE Help Desk

[Client]

[Client]

[Client]

[Client]

[Client]