Transcript Document

Securely Audit and Monitor
NetWare® and eDirectory™
with Blue Lance
www.novell.com
Jeff Christensen
Product Manager
Novell, Inc.
[email protected]
Peter Thomas
Chief Technology Officer
Blue Lance, Inc.
[email protected]
Vision…one Net
A world where networks of all types—corporate and public,
intranets, extranets, and the Internet—work together as
one Net and securely connect employees, customers,
suppliers, and partners across organizational boundaries
Mission
To solve complex business and technical challenges with Net
business solutions that enable people, processes, and
systems to work together and our customers to profit from
the opportunities of a networked world
Who Is Blue Lance?
• A leader in protection of computer-managed
assets since 1985
• Pioneers of asset-monitoring technology
• Audit trails with real-time alerting
• Focus inside the firewall
 Monitor
and report on activities of privileged and
trusted users
Why Monitor?
“70% of all computer-related theft happens
inside the firewall”
Source: Information Security Magazine, 2000
A survey five hundred corporations had 75% of
computer-related theft happened inside the
firewall
Source: CSI/FBI 2001 Study
90% of all security violations were attributed to
insiders
Source: Exodus Communications, 2000
Survey of NetWare® Users
• “Do you use auditing to troubleshoot your
network?”
YES: 73%
• “Is an auditing tool required in your
organization?”
YES: 18%
• “Is auditing used on a full-time basis?”
YES: 4%
Source: Novell, February 2002
Auditing
• Compliance
 Banking
and finance: FDIC, OCC Regulations, GLB
 Government: C2 or common criteria
 Healthcare: HIPAA
• Other issues
 For
legal liability and protection of assets
 Troubleshooting the network
 Provides a detailed analysis of activity
Spending to Secure Assets Rising
Security Software Purchases
($ millions)
Source: Gartner, Inc.
What’s Next for You?
Perimeter/network sec. Biometrics
eCommerce security
Smart cards
Assessment
Audit
Firewalls
Hardware lockdown
Intrusion detection
Cryptographic tools
Encryption
Password security
Wireless security
E-mail security
Database security
Penetration testing
Vulnerability assessment
Authentication
Web access ctrl
Physical access ctrl
OS/app hardening
Secure ID/password
Software/servers
PKI/cert. handling
Non-firewall access ctrl
VPNs
Access control
Network security
appliances
Forensics
Log analysis
Where Is Your Protection Weakest?
Perimeter/network sec. Biometrics
eCommerce security
Smart cards
Assessment
Firewalls
Hardware lockdown
Intrusion detection
Cryptographic tools
Encryption
Password security
Wireless security
E-mail security
Database security
Penetration testing
Vulnerability assessment
Authentication
Web access ctrl
Physical access ctrl
OS/app hardening
Secure ID/password
Software/servers
PKI/cert. handling
Non-firewall access ctrl
VPNs
Access control
Network security
appliances
Pre-event
Audit
Forensics
Log analysis
Post-event
How Do You Protect
Yourself?
With LT Auditor+
• Windows-based audit trail security software
solution
 The
gold standard in monitoring
• Designed to protect organizational assets
accessible through Novell networks
• Provides around-the-clock monitoring of network
activity across the enterprise
Corporations That Rely on LT Auditor+
Major Corporations
20th Century Fox
Air Canada
Blue Cross Blue Shield
EDS
Federated Mutual Ins.
General Motors
IBM Global Services
Lockheed Martin
MD Anderson Hospital
Raytheon
Reliant Energy
Qantas Airlines
Tampa Electric
Trans Union
Banks
Government
Bank of Tokyo-Mitsubishi
Compass Bank for Savings
DKB Bank
First Union Bank
Heritage Bank
JP Morgan Chase
M&T Bank
Old National Bank
Star Financial Bank
United California Bank
US Bank
Washington Mutual
Wells Fargo Bank
WFS Financial
Department of Defense
Department of the Interior
Federal Bureau of Prisons
Federal Railroad Comm.
INS
NY Attorney General
NY Comptroller
Pension Benefit Guar. Corp.
State of Illinois
US Army
US Air Force
US Bankruptcy Courts
US Border Patrol
US Probation Office
LT Auditor+ v8.0 Components
•
•
•
•
LT Auditor+
LT Auditor+
LT Auditor+
LT Auditor+
for NetWare
Manager Console
Report Generator
for Windows
NetWare Architecture
LT Auditor+ for NetWare—Features
•
•
•
•
Supports NetWare 4.x, 5.x, and 6.x
Audits all changes to the Novell eDirectory™/*NDS®
Real-time alerting capability via SNMP
Enterprise-wide consolidation of all audit data into
a single repository
• Supports high-end databases
• Powerful filtering technology allows for collection
of pertinent audit data
 Also
ensures audit data reduction
*Novell Directory Services®
Features
(cont.)
• Single Management Console for remote policy
deployment and administration
• Audit the Auditor+
• Troubleshoot network problems
LT Auditor+ for NetWare Monitors
• Logins and logouts
• All intruder login attempts
• eDirectory schema
•
•
•
•
•
updates
NDS partition changes
RCONSOLE access
Trustee assignments
Volume mount/dismount
Modules being loaded
• eDirectory changes
• File deletions and
modifications
• Creation and deletions
of users and groups
• Security equivalences
assigned or revoked
• Password changes
Basic Components
• Manager Console
 Easy-to-use
graphical interface
 Used by security administrators to configure, create
and deploy security policies across the enterprise
• Novell NetWare Loadable Module™ (NLM™)
 Agents
that are loaded on servers
 Collects audit trail data locally on servers
 Back-end engine that does all the work
LT Auditor+ for NetWare Policies
• The following policies can be assigned by
the Manager Console
 Filter
 System
 Security
 Job
Policies (cont.)
• Filter policies
 Login,
eDirectory, file/directory and server filters
 Granular filtering capability
 Set up real-time alerting for sensitive events
 Configure as per organizational security policies
Policies
(cont.)
• Settings policies
 Archive
settings
• Determines when server agents (NLMs) create a data file
(archive file) of all audit trail data collected
 Data
transfer settings
• Determines how archive files are transferred to the
consolidation server for consolidation to a single repository
• Setup cross platform consolidation
Policies
(cont.)
• Security policies
• Authorized users
 Levels
of access control for authorized users
 Audit LT Auditor+
• “Police the Policeman”
Policies (cont.)
• Job Policies
 Consolidation
jobs
• Scheduled jobs that consolidate archived files to a Btrieve
database
• Can set filters to determine how archive files are
consolidated
 Deletion
jobs
• Scheduled jobs to periodically delete archive and
consolidated data files
Other Features of the Manager Console
•
•
•
•
Export to other servers in the network
Select different node addresses or users
Control loading of the LT Auditor modules
Automatically delete consolidation jobs on the
local servers
• Dedicate one server as the consolidation server
Report Generator
• Run reports from databases such as
 ORACLE/MS
SQL or BTRIEVE
• Built with the Crystal Reporting Engine
• Capability to export reports to multiple formats
like .HTML, .PDF, Excel, Word…
• Reports can be e-mailed to required personnel
• Automated scheduling capability
• Powerful querying capability
LT Auditor+ v8.0:
High-Powered with Low TCO
•
•
•
•
•
•
•
•
Single management console
Remote installation capability
Minimal configuration requirements
Automated policy deployment and report
scheduling
System performance monitoring capability
Tracks security changes
Real-time monitoring
Customizable queries and reports
LT Auditor v8.0
Radar for your network…