Symantec ESM authenticates each connection to ensure that both connections involve valid Symantec ESM software. To initiate the authentication process, Symantec ESM uses the Diffie-Helman algorithm to exchange secure keys between Symantec ESM components. Symantec ESM uses the secure key to initialize the DESX encryption engine. Symantec ESM encrypts all communication between the components using the industry standard DESX algorithm. The originator verifies the transformed key. Unauthorized users cannot easily spoof Symantec ESM connections because Diffie-Helman exchanges a different key each time.
Every process that involves the ESM agents, the ESM console, or the installation program that connects to a Symantec ESM manager must have an authorized Symantec ESM access record. These access records consist of a name and a password.
Symantec ESM encrypts the password using an algorithm that is similar to the encryption algorithm that most UNIX operating systems use in the /etc/passwd or /etc/shadow files. Symantec ESM stores the encrypted password in a Symantec ESM data file. Only privileged users such as root, supervisor, system, or administrator can access the file. If a Symantec ESM manager rejects an access record password, Symantec ESM delays for a second before it returns an acknowledgment. This delay can defeat brute force attacks against passwords.
Symantec ESM protects agents from unauthorized access through the manager registration process. Agents accept network connections only from Symantec ESM managers with whom they have previously registered. ESM maintains a list of authorized managers on each agent in the /esm/config/manager.dat file. The agent checks this file each time a manager tries a connection. The file stores the Symantec ESM manager name for the TCP/IP communication protocols.
To make a change in a system file by using a correction from the console, ESM requires the user to log on to the system. Only a valid privileged system account can authorize the agent to perform the correction.