Antariksha Technologies

Confidential

Introduction:
In March 2015, it became publicly known that Hillary Clinton, during her
tenure as United States Secretary of State, had exclusively used her family's
private email server for official communications, rather than official State
Department email accounts maintained on federal servers. Those official
communications included thousands of emails that would later be marked
classified by the State Department retroactively.(source Wikipedia)
This act of Ms Clinton created a major controversy in US and the matter was investigated by
FBI. The FBI in its 83 page report stated that Ms Clinton has been extremely careless in
handling its mail data, though no charges were filed.

While the above episode involves usage of personal mail server which was
physically located within the boundaries of her official residence, in contrast
majority of the government officials in India use the gmail/yahoo/Hotmail
accounts for which no one has clue where the data is stored and who else is
eyeing at that data.
The objective of this paper is not to profess the idea of using official mail
server of the government provided by NIC but is to bring out the callous
attitude that we have towards Information Security as a whole.

Defining TODAYS WEB THREATS

Datacentre security is crucial for every modern business in this digital
information age. The Datacentre, which forms the core component through
which almost all data flows, must therefore be resilient and secure.
Datacentre security entails maintaining the Confidentiality, Integrity, and
Availability of data.
With datacentres having undergone significant transformation over time, they
today need to be responsive and service oriented providers of IT as a utility.
This makes the responsibility of securing the data even more difficult. In fact,
Datacentre security has become similar to defending a fort or securing an
airport from external threats.
This paper offers a high-level framework to achieve next-generation
Datacentre security.
With the skyrocketing popularity of websites and web-based applications has come a
corresponding explosion in the numbers, types, magnitudes, and costs of attacks that
specifically target the vulnerabilities of these systems. Generally, these attacks fall into
two categories:
Denial of Service (DoS) / Distributed Denial of Service (DDoS)
Hacks that steal data, such as SQL injection and other command injection
attacks

DoS attacks are among the most common threats to Internet operations.
These attacks saturate network bandwidth to make the network unavailable to
its intended users. They involve blasting a site with enough traffic to flood the
connections between the Internet and the business. Often multiple nodes are
used to send traffic to a site in a distributed denial of service (DDoS). DDoS

Antariksha Technologies

Confidential

attacks reduce the amount of traffic that any one attacking system needs to
send while increasing the impact on the target.
A mind-boggling array of DoS and DDoS attacks occur at the network layer.
These can be grouped into two broad categories: simple flooding and
amplification attacks. Several tools are available that automate the process of
creating both types of attacks, allowing people with no technical background
to quickly and easily threaten their choice of website.
Attacks at the Application Layer
The network layer is no longer the only target of DoS attacks. Increasingly
popular application layer attacks look like legitimate requests yet cause denial
of service by exhausting the capabilities of the web application servers. These
attacks may cause the server to use significant computing resources for each
request, perform sub-optimally, or return different results for each request to
avoid caching on the server.

Examples include attacks that:

Exploit SSL The traffic for some pages, such as the login page, must be
encrypted using SSL to protect user credentials in motion. It takes nine
steps to establish an SSL handshake, many requiring complex
cryptographic and key generation operations. If an attacker uses a botnet to
establish numerous SSL sessions simultaneously, the application becomes
unavailable because the system gets hung up processing previous
requests.
Overwhelm the database A database driven page such as a store locator
needs to hit the database for every request. That typically involves a large
number of different or complex database transactions as well as field level
validation and other techniques for defending against other application layer
attacks. Sending such requests repeatedly will overwhelm the database
server.
Attack a form page Form pages need to access a database with every
request. Attackers can cause unnecessary database processing, for
example, by using random numbers in place of real zip codes or by
submitting huge passwords.

Attacks that Steal Data

While DoS/DDoS attacks render your site unusable, attacks that steal data
can also have a direct impact on your bottom line. Organizations face an
increasing number of attacks designed to steal data. These attacks usually
take advantage of vulnerabilities in web applications and can be difficult to
detect because they generate application traffic that appears legitimate to
traditional network-layer security tools.
Attempts to steal data are most likely to take the form of Command Injection
attacks. With these types of attacks, a hacker injects commands into a
vulnerable application. The attacker can then execute these commands to
view data, wipe out data, or take over the machine. Injection flaws occur when
the application lacks correct input data validation, which allows the attacker to
manipulate input to include untrusted data in a command or query. The most

Antariksha Technologies

Confidential

common types of command injection attacks include SQL Injection, Remote

File Inclusion and Local File Inclusion:
SQL Injection SQL Injection takes advantage of improper coding of web applications
to allow hackers to inject SQL commands into, say, a login form to allow them to
directly query the data held within a website. Features such as login pages, support
and product request forms, feedback forms, search pages and shopping carts are all
susceptible to SQL Injection attacks.
Remote File Inclusion Remote File Inclusion (RFI) is a website vulnerability that
allows an attacker to use a script to include a remote file on the web server. This
permits the hacker to do everything from executing code on the web server for
temporary data theft to taking over a vulnerable server.
Local File Inclusion Local File Inclusion (LFI) is similar to a Remote File Inclusion
vulnerability except instead of including remote files, only local files, i.e. files on the
current server, can be included.

Account Checker Attacks Account checker is another popular attack that

targets customer data. These attacks occur when cybercriminals use
automated attack tools and scripts called account checkers to determine valid
user ID/password combinations. Once the account is breached, the attacker
collects the users personal data and credit card information to use in further
fraud. Attackers hide their attacks by cycling through a list of open proxies.
Account checker attacks can also cause a DDoS condition when the attacker
fails to properly configure their tools; the tools will try user-names and
passwords as quickly as possible, overloading target servers.

DNS Attacks
DNS is a weak link in web security. In addition to DDoS and amplification attacks,
DNS is subject to threats that include registrar hijacking and redirection/cache
poisoning.
Registrar Hijacking(Phishing or Spear Phishing)
The domain name registrar manages the reservation of Internet domain
names. Registrar hijacking attacks use social engineering against the
registrars customer support staff. If an attacker can use a phishing attack to
compromise an organizations account with their registrar, it gains control over
the domain name and can point it to servers of their choice, including name
servers, web servers, email servers and so on. The domain could even be
transferred to a new owner.
Redirection/Cache Poisoning

In DNS redirection attacks, the attacker redirects queries for DNS

names to servers under the control of the attacker by advertising a
false routing protocol to redirect traffic to the attackers servers.
Alternatively, attackers pollute the cache of a DNS server with
erroneous DNS data that directs future queries to servers under the
attackers control.

A Multi-Layered
APPLICATIONS

Approach

to

SECURING

WEB

Antariksha Technologies

Confidential

Defending against DoS Attacks at the Network Layer:

Defending against network-layer DoS attacks demands a two-pronged
approach. First, you need enough network bandwidth to easily deal with
massive amounts of traffic. You also need a way to filter attack traffic to allow
legitimate traffic through while discarding attack traffic.

Protecting Applications from DoS Attacks and Data Theft

Many application-layer vulnerabilities can be eliminated, by practicing good
web-application hygiene and using a secure software development lifecycle.
For example, one can harden each application through secure configuration
and timely updates and patches. Developers should keep security in mind
throughout the application requirements, architecture and design phases.
They should also build security protections into the software such as providing
sufficient input validation to make sure the application cant be attacked using
command injection techniques. All configurations and applications should be
tested thoroughly for vulnerabilities
Internet hygiene, however, is rarely perfect or practiced. It makes sense to
guard against any unprotected vulnerabilities by also using a Web
Application Firewall. The WAF can provide virtual patching; you can
program rules into the WAF to protect against new vulnerabilities until your IT
staff can apply the actual patch. The WAF also delivers another line of
defense against both threats to data (such as SQL Injection attacks that take
advantage of application layer vulnerabilities) and application-layer DoS
attacks (such as Slowloris-type session manipulation). Of course, a lone WAF
is as likely as any other device to be overwhelmed by a DoS attack; this
means the WAF also needs anti-DoS capabilities and architectural protections
to shield it from brute force attacks. For more information on what to look for
in a WAF

A framework for next-gen Datacentre security

An organizations Datacentre security approach must be tailored to meet its
needs. Customized security tools should be implemented to support decision
making. The ideal security team should comprise experienced security
analysts, risk and compliance managers, and dedicated service delivery
managers for ensuring smooth service delivery. Figure 1 depicts a framework
for next-gen Datacentre security.

Antariksha Technologies

Confidential

Lets take a look at the components that make up this next gen-data security
framework. Security governance, the operations centre, and architecture
envelope all the security layers of the Open System Interconnection (OSI)
model. They provide security assurance for the next-generation Datacentre by
ensuring the confidentiality and availability of organization, employee, and
customer information.
Security
governance

improving
compliance
and
mitigating
risksCompliance and security standards are one of the top priorities, and at
the same time, the hardest to implement and maintain with respect to
Datacentre operations. Neglecting security governance could expose the
organization to operational, financial, and reputational risks. Security
governance ensures that the information security approach supports business
objectives and risk management, while adhering to applicable compliance
standards. Effective security governance needs to be real-time and part of the
overall corporate governance model.
Sponsorship from management is also important, since it facilitates role
assignment, division of responsibilities,and the allocation of ownership. Senior
management from the IT function must be included as part of the
organizational sub-structure to oversee the security mandate.
Security operations centre leveraging the right expertise and tools
Many organizations today lack a security operations centre due to limited
access to skilled IT security staff and tools. In addition, several diverse
security technologies exist, and as a result, a significant amount of time is
spent on operational tasks such as patch management and firewall rule
changes.
Designing and implementing an effective security operations centre requires
the support of certified professionals who are experienced in operating and
managing security tools and technologies on a regular basis. The security
operations centre encompasses incident management and remediation,

Antariksha Technologies

Confidential

vulnerability and log management, security event monitoring, malware

forensic analysis, and troubleshooting of security devices.
Security architecture design aligning business strategy with the security
plan
Designing the security architecture is a multi-phased endeavor. The security
architecture is heavily influenced by what an organization is trying to achieve.
Hence, the ideal first step is to understand the organizations business
strategy for a specific duration. For example, whether an organization is
expanding its cloud based solutions, extending its mobile based applications
across multiple geographies, or modifying its existing application deployment
model, these impact the IT infrastructure deployment. This, in turn, impacts
the security architecture.
The next step involves evaluating the Datacentres current security posture.
This can be achieved by gathering and analyzing information about network
and security devices to identify vulnerabilities within the operating system,
network, and device configuration. Vulnerability assessments are generally
performed manually by in-houseexperts or external security consultants. Such
assessments should include penetration testing as well as internal and
external audits of policy compliance.
A detailed analysis of the Datacentres current security posture and
infrastructure is likely to expose possible gaps. These gaps can be filled either
by using security solutions to make changes within the existing IT
infrastructure or modifying the security deployment architecture. With the
improved security posture as a base, organizations can remap their upcoming
projects to align business strategy with the Datacentre security plan.
Security enablers supporting the security architecture
Security enablers provide various mechanisms that need to be adhered to
while providing security to next generation Datacentres. Organizations should
follow the ISO 27000 framework and deploy best-of-breed technologies for
designing their security architecture. Personnel certified in Datacentre security
can provide insights into potential security threats and how to mitigate them.
ITIL based delivery along with an integrated delivery for providing the right
compliance information is also important. Additionally, these enablers help
maintain the balance between security controls and operating expenses, while
taking into account existing IT infrastructure and deployment architecture.

A holistic security strategy with layered security controls

In order to secure their Datacentres, organizations can no longer depend on a
traditional security approach that focuses on protection at the network level.
Once the network is breached, hackers can easily access systems and data
within the compromised network. Organizations therefore need a holistic
strategy that secures all the components of the IT environment at each layer
of the OSI, and if one layer is compromised, there are other layers
that continue to protect corporate data. With organizational data residing in
various locations, Datacentres, and devices, multiple security technologies

Antariksha Technologies

Confidential

need to be deployed to cover every possible vulnerability. The different

security layers are explained further in the following sections.

Network security
A layered approach for Datacentre security starts with the network. This is
because almost every physical appliance in todays world has an IP address
and is connected to a network. Moreover, most security attacks either start at
the network layer or eventually touch the network layer at some given point
during an attack.
A network identity solution improves security at the network layer and
provides user or role based access and device based profiling. The default
password should be changed for every asset: servers, laptops, network and
security appliances, and so on. Any default user account created during
server initialization or installation must be deleted. Services that are not
required should be disabled, and unused ports should be blocked on every
system and network appliance. Putting servers with sensitive data behind the
Demilitarized Zone (DMZ) further enhancessecurity. These zones are secure
segments of the corporate network for which access can be controlled
through tiered firewalls.
Here are seven other best practices for enhancing the security of network
devices:

Maintain detailed records on every network device including

device name type, owner, installed location, serial number, and
service tag.
Manage static IP assignment to all management interfaces of
the network devices. This includes adding their records to the
domain name server, and monitoring everything within the IP
address management solution.
Ensure regular application of patches and security updates on
firmware across all network devices.

Antariksha Technologies

Confidential

Perform regular backups of every network configuration and

confirmation, and ensure that data can be restored using these
backups.
Include every network device in regular vulnerability scans to
identify potential threats to the network.
Implement port restrictions to prevent users from running any
network device under a promiscuous mode.
Perform proactive analysis of all security violations.

Host security
Host level security generally includes malware protection or anti-virus
solutions, host intrusion prevention, device control, and end-point Data Loss
Prevention (DLP). These are application control software for blocking
unauthorized applications and preventing users from making modifications
within the operating system registry.
End-point security
In most organizations, employees often access the internet from outside the
office. Therefore, a host based content filtering solution should be deployed
on every laptop and desktop to minimize the security risk. Updating all endpoint security servers and client applications regularly is also critical. Endpoint control and compliance solutions secure end-point devices to uncover,
analyze, and remediate abnormalities that lead to failed audits and faulty
intelligence on security threats.
File integrity monitoring
This involves validating the integrity of critical files on the operating system,
business applications, and so on.
Virtualization security
With more and more datacentres embracing Virtualisation, this is another
important component that monitors the communication taking place between
all virtual machines hosted over a common bare metal machine. Agent-less
security services increase the performance of end-user machines or servers.
A special team, which could be a part of the security operations centre unit,
should perform malware forensics on all machines affected by an end-point
breach. This helps with root cause analysis and offers a timely remediation
solution.
Application security
Generally, organizations implement a mix of open source, internally
developed, and commercially available applications. Some applications might
not be written to strict secure code guidelines, thereby making them
vulnerable, especially over the internet. As more organizations engage
customers, partners, and regulators over the internet, they are also expected
to protect data by complying with regulations such as PCI or other
compliances enforced by law of land and in case of India, it is IT act 2000 and
amendment .

Antariksha Technologies

Confidential

Organizations can minimize risks by having a dedicated web server for

internet facing applications in a multi-tier environment, reviewing application
code, and running vulnerability scans against hosted applications on a regular
basis. Addressing identified vulnerabilities throughout the vulnerability
management lifecycle and storing data in a protected data warehouse are
also imperative to maintaining security.
Identity and access management, as well as privileged identity management,
and single sign-on technologies should also be implemented to ensure that
only authorized users can log in and access applications. Encryption software,
database activity monitoring (DAM) solutions, and digital rights management
(DRM) systems should also be used. A Web Application Firewall (WAF) is also
an important security control, since most cyber-attacks exploit the inherent
vulnerability of web applications.
Checklist for Datacentre security:
1) Web Application Firewall: Identifies attacks, like SQL injection, OS
command injection, XSS(Cross Site Scriting), by correlating a profile
violation and signatures.

Features of WAFs
HTTP protocol support
Understands 1.0, 1.1 protocols
Header information
Field content, length, etc
XML/SOAP support
XML parsing & element enforcement
SOAP element support & validation
Xpath & SQL Injection
Anti-evasion
Decoding & path standardization
SSL Decryption / Inspection
Signatures
Network (DNS exploits, Solaris/Linux specific, )

Antariksha Technologies

Confidential

Generic attack (directory traversal, web-cgi, web-php, )

Known web application vulnerabilities (CVE defined web app
vulnerabilities, wikis, phpmyexplorer, )
Policy engine
Supports alerting based on signatures, user/session information,
TCP/IP elements, time of day, occurrences, operation, etc.
Blocking or auditing or notification (SNMP, syslog, etc)

2) Firewall(NGFW): A next-generation firewall (NGFW) is a network

security system that is able to detect and block sophisticated attacks by
enforcing security policies at the application level, as well as at the port
and protocol level. Next-generation firewalls integrate three key assets:
enterprise firewall capabilities, an intrusion prevention system (IPS)
and application control.

NGFWs differ from UTMs as they are designed to perform intrusion

prevention and deep packet inspection while many of the other
features of UTM are offloaded to other devices to conserve network
throughput and thereby better serve an enterprise network.

1. Identify and control applications on any port

2. Identify and control circumventors(evasions)
3. Decrypt outbound SSL and control SSH
4. Provide application function control
5. Systematically manage unknown traffic
6. Scan for viruses and malware in all applications, on all ports
7. Enable the same application visibility and control for all users and
devices
8. Make network security simpler, not more complex, with the addition
of application control
9. Deliver the same throughput and performance with application
control fully activated
10. Support the exact same firewall functions in both a hardware and
virtualized form factor

Antariksha Technologies

Confidential

3) Advanced Persistent Threats Solution(APT): APT is an adversary

who conducts
offensive
digital operations (called computer
network operations or perhaps computer network exploitation) to
support various state-related objectives. APT is characterized by
devotion to maintaining some degree of control of a target's computer
infrastructure, acting persistently to preserve or regain control and
access. Unclassified briefings by counter-intelligence and military
analysts use the term "aggressive" to emphasize the degree to which
APT pursues these objectives against a variety of government, military,
and private targets.
While, NGFW protects the perimeter with Layer 7 firewall technology.
APT solution appliance finds advanced threats that have bypassed
perimeter security controls and new Command & Control. These
technologies help avoid the all-too common scenario of an advanced
threat slipping into the network and remaining undetected for months.
APT appliance should dynamically publishes infected and suspected
assets and Command & Control domains that are active in the
enterprise network. NGFW should
then execute a prescriptive
response and apply rules depending on the status provided by APT
appliance,
for example:
Full logging, restricting access or redirecting traffic
Quarantining or blocking infected devices from accessing critical
stores,
network segments and/or Internet access
Restricting devices from accessing active Command & Control
domains
Features of APT solution:
Network Observation : Sensors placed in key locations, within your
network, observe egress, proxy and DNS traffic. They listen to traffic
passively and talk to each other so they can track a devices activity
over time.
Behavioral Analysis: Multiple detection engines apply threat
intelligence fed by our Threat Discovery Center in analyzing behaviors
and content.
Case Building: Suspicious evidence is examined by the Case
Analyzer, a context aware engine that builds a case of suspicious or
malicious status for each device.
Reduce Clutter: Devices that are designated as clean are removed
from the case list to allow response teams to focus on what matters.
Risk Level Assessment: When a case of evidence moves from
suspected to infected, nine different Risk Profilers assess the level of
risk based on the threat activity, intent and importance of the device to
the organization.

Antariksha Technologies

Confidential

Actionable Information: True Positives Cases are prioritized based on

their risk score and sent to the Breach Response team with complete
forensic evidence for immediate action.
Suspected Cases: Suspected cases are automatically closed without
ever needing manual attention.
Proven Infection: Only truly malicious cases are isolated for your
security team to address and respond to.
4)

Web Threat Protection: Web Security Gateway lets organizations

benefit from online applications and tools without exposure to webborne malware and viruses, lost user productivity, and misused
bandwidth. As a comprehensive solution for web security and
management, it unites Spyware, Malware, and Virus protection with
a powerful policy and reporting engine. Advanced features ensure that
organizations adapt to emerging requirements like social-network
regulation, remote filtering, and visibility into SSL-encrypted traffic.

Features of Web Threat Protection:

URL Filtering Granular policy by user, group, location, time, and quota
Outbound Firewall Granular rules by locations, IP addresses, ports,
and protocols
Global Cloud Platform Protect HQ, remote offices, laptops,
smartphones, and IoT devices;Full AD and LDAP integration
Real-Time Reporting and Logging Report on web transaction,
anywhere, in seconds
Inline Antivirus & Antispyware Signature-based antimalware and full
inbound/outbound file inspection
File Type Controls for Uploads/Downloads True file type control by
users, groups, and destinations
APT ProtectionStandard Behavioral Analysis Protect against
zero-day threats and vulnerabilities in suspicious files
SSL Inspection Full inspection of all SSL traffic, with granular
exclusion policy
Advanced Threat Protection Real-time feeds stop phishing, botnets,
XSS, anonymizers, and more
Web Access Control Ensure outdated versions of browsers and
plugins are compliant
Cloud Application Visibility & Control Discover, monitor, and control
access to thousands of web applications

Antariksha Technologies

Confidential

Mobile Application Reporting & Control Visibility, granular policy

control, and threat protection for devices on the corporate network
Data Loss Prevention Inline scanning to identify confidential data
leaving the organization
Bandwidth Control Protect bandwidth for mission-critical web apps by
location or time of day

5) Security Analytics:

With rapidly growing cyber threats and adding both complexity and
sophistication, organizations, especially the government organizations
are exposed to an increasing level of risk to damaging attacks , data
breaches, financial losses and cyber terrorism. While most are aware
of the increased exposure to attacks, organizations are consistently
hampered by a lack of will, lack of personnel, limited security expertise,
and lack right set of tools to effectively combat cyber-threats.
Implementing an effective, next-generation security operation requires
a holistic approach to security intelligence to expedite the detection,
prioritization and neutralization of cyber-threats originating from inside
and outside the network. This demands real-time visibility and
understanding of threats targeting the complete attack surface that
includes endpoints, network resources and user accounts. Security
Analytics, helps organizations overcome operational and
technical obstacles by delivering automated, out-of-the-box
capabilities that reduce the time it takes to detect and respond to
a broad range of cyber-threats

Security analytics tools help organizations implement real-time

monitoring of servers, endpoints and network traffic, consolidate and
coordinate diverse event data from application and network logs, and
perform forensic analysis to better understand attack methods and
system vulnerabilities. Taken together, these functions help security

Antariksha Technologies

Confidential

professionals assess how systems were compromised, which systems

were affected and if an attack is still underway.

Feautres of Security Analytics:

Solution should be able to effectively Capture, Monitor, Review,
and Retain log data
Solution should monitor all primary attack vectors like Endpoints,
Network and User Accounts in real-time using a variety of techniques
for security intelligence.
Should be able to quickly neutralize:
Malware Outbreak Security Analytics should be able to deploy
rules that automatically detect an outbreak by correlating log
data from existing antivirus solutions common in most customer
environments. Administrators can then immediately drill down
on the event details to see all infected systems and identify the
original point of entry. Security Analytics solution should be able
to immediately neutralize the threat by quarantining infected
machines.

Data Exfiltration Insider threats are frequently detected late in

the attack cycle by traditional security solutions. Using readily
available log data from host systems as well as network
monitoring and security devices, out-of-the-box Security
Analytics rules should correlate attack behavior with specific
actions. While administrators prioritize their incident response
to investigate the highest risk activities first, the solution should
be able to automatically neutralize the threat by disabling the
user account or blocking the destination IP.

Compromised User Account Compromised credentials are

the most common method by which attackers can successfully
breach networks. It is important to detect, when credentials are
stolen and are being used in an attack. Security Analytics
solution should deliver preconfigured rules that correlate
authentication activity collected from existing Active
Directory/LDAP logs with attack data from IDS/IPS devices to
identify when compromised credentials may be involved in an
attack. Solution should be capable of either disabling a
suspiciously behaving account immediately or add it to a
watchlist to trigger higher priority alarms tied to any future
suspicious activity.

Antariksha Technologies

Confidential

Privilege Abuse: Whether being used by malicious insiders or

external attackers, privileged accounts have the potential to
cause extensive damage to an organization. An Admin account,
for example, can be used for a broad range of malicious
activities, from deleting or stealing critical data to reconfiguring
security settings that leave the network open to additional
attacks. Security Analytics solution should be able to enforce
security best practices by monitoring active directory or LDAP
logs to alert when any account is added to an Admin group, and
can automatically validate that activity against an authorized
whitelist of authorized privileged users to detect potential
abuse. Solution should automatically disable any account that
has been granted unauthorized privileges until it has been
verified.

Compromised Server: Security Analytics should be able to

analyse IDS/IPS events, log data from firewalls, and flow data
to correlate attack events with network activity to detect when a
targeted host system has received a malicious payload.
Solution should automatically neutralize the threat by initiating a
quarantine of the compromised server.
About Author(Antariksha Technologies): It has over 20+ man years of
consulting experience for Government customers. The founders have worked
on many complex and trabsformational projects like Automation of Public
Sector Finance, Passport Seva, CCTNS, Defence Communications Network,
Indirect taxation etc. The founders are also credited with launch of many
security products in India like Network Associates(now called Intel Security),
Symantec and WinMagic.