After I finally figured out what was breaking the client/server communication in GuardianEdge, I ran accross another issue: "Not enough server storage is available to process this command." This error message popped up everytime I attempted to access a share on the encrypted drive. After some quick research, I determined this to be caused by the IRPStackSize registry setting. After some trial and error with the size and machine, I determined that setting this DWORD to (dec)20 on the domain controller was the correct fix. Apparently, this setting is either changed or removed by some versions of Norton AV.
Although annoying, it was a fairly easy fix. Now it is time to turn my attention to McAfee's Policy Auditor and to getting back into the *nix world.
At home I am currently playing around with the SecurityOnion LiveCD from Doug Burks, Fedora 10 as a client, Fedora 10 as a Server, and CentOS 5. These should keep me busy for awhile.
If you haven't checked it out yet, you should look at Doug's blog: http://securityonion.blogspot.com/
Doug is a packet guru and the SecurityOnion LiveCD is an excellent tool for intrusion analysis/detection.
Thanks for the mention, Dave. Keep up the good work!
ReplyDeleteDoug Burks
http://securityonion.blogspot.com