Securely Audit and Monitor

utterlypanoramicSecurity

Nov 30, 2013 (3 years and 4 months ago)

49 views

www.novell.com

Securely Audit and Monitor
NetWare
®

and eDirectory™
with Blue Lance

Jeff Christensen

Product Manager

Novell, Inc.

jrchristensen@novell.com



Peter Thomas

Chief Technology Officer

Blue Lance, Inc.

pthomas@bluelance.com



Vision…one Net


A world where networks of all types

corporate and public,
intranets, extranets, and the Internet

work together as

one Net

and securely connect employees, customers,
suppliers, and partners across organizational boundaries


Mission


To solve
complex

business and technical
challenges

with
Net business solutions
that enable people, processes, and
systems to work together and our customers to profit from
the opportunities of
a networked world


Who Is Blue Lance?


A leader in protection of computer
-
managed
assets since 1985


Pioneers of asset
-
monitoring technology


Audit trails with real
-
time alerting


Focus inside the firewall


Monitor and report on activities of privileged and
trusted users

“70% of all computer
-
related theft happens
inside the firewall”

Source: Information Security Magazine, 2000

A survey five hundred corporations had 75% of
computer
-
related theft happened inside the
firewall

Source: CSI/FBI 2001 Study

90% of all security violations were attributed to
insiders

Source: Exodus Communications, 2000


Why Monitor?


“Do you use auditing to troubleshoot your
network?”



“Is an auditing tool required in your
organization?”



“Is auditing used on a full
-
time basis?”




Survey of NetWare
®

Users

YES: 73%

YES: 18%

YES: 4%

Source: Novell, February 2002


Auditing


Compliance


Banking and finance: FDIC, OCC Regulations, GLB


Government: C2 or common criteria


Healthcare: HIPAA



Other issues


For legal liability and protection of assets


Troubleshooting the network


Provides a detailed analysis of activity


Spending to Secure Assets Rising

($ millions)

Security Software Purchases

Source: Gartner, Inc.


What’s Next for You?

Firewalls

Physical access ctrl

Password security

Non
-
firewall access ctrl

Web access ctrl

Hardware lockdown

Access control

E
-
mail security

Intrusion detection

OS/app hardening

Wireless security

Network security

appliances

eCommerce security

Perimeter/network sec.

Database security

VPNs

PKI/cert. handling

Cryptographic tools

Encryption

Vulnerability assessment

Penetration testing

Assessment

Software/servers

Smart cards

Biometrics

Secure ID/password

Authentication

Forensics

Log analysis

Audit


Where Is Your Protection Weakest?

Firewalls

Physical access ctrl

Password security

Non
-
firewall access ctrl

Web access ctrl

Hardware lockdown

Access control

E
-
mail security

Intrusion detection

OS/app hardening

Wireless security

Network security

appliances

eCommerce security

Perimeter/network sec.

Database security

VPNs

PKI/cert. handling

Cryptographic tools

Encryption

Vulnerability assessment

Penetration testing

Assessment

Software/servers

Smart cards

Biometrics

Secure ID/password

Authentication

Forensics

Log analysis

Audit

Pre
-
event

Post
-
event

How Do You Protect


Yourself?



With LT Auditor+


Windows
-
based audit trail security software
solution


The gold standard in monitoring


Designed to protect organizational assets
accessible through Novell networks


Provides around
-
the
-
clock monitoring of network
activity across the enterprise


Corporations That Rely on LT Auditor+

Major Corporations


20th Century Fox

Air Canada

Blue Cross Blue Shield

EDS

Federated Mutual Ins.

General Motors

IBM Global Services

Lockheed Martin

MD Anderson Hospital

Raytheon

Reliant Energy

Qantas Airlines

Tampa Electric

Trans Union

Banks


Bank of Tokyo
-
Mitsubishi

Compass Bank for Savings

DKB Bank

First Union Bank

Heritage Bank

JP Morgan Chase

M&T Bank

Old National Bank

Star Financial Bank

United California Bank

US Bank

Washington Mutual

Wells Fargo Bank

WFS Financial

Government


Department of Defense

Department of the Interior

Federal Bureau of Prisons

Federal Railroad Comm.

INS

NY Attorney General

NY Comptroller

Pension Benefit Guar. Corp.

State of Illinois

US Army

US Air Force

US Bankruptcy Courts

US Border Patrol

US Probation Office


LT Auditor+ v8.0 Components


LT Auditor+ for NetWare


LT Auditor+ Manager Console


LT Auditor+ Report Generator


LT Auditor+ for Windows



NetWare Architecture


LT Auditor+ for NetWare

Features


Supports NetWare 4.x, 5.x, and 6.x


Audits all changes to the Novell eDirectory™/*NDS
®


Real
-
time alerting capability via SNMP


Enterprise
-
wide consolidation of all audit data into
a single repository


Supports high
-
end databases


Powerful filtering technology allows for collection
of pertinent audit data


Also ensures audit data reduction

*
Novell Directory Services
®


Features
(cont.)


Single Management Console for remote policy
deployment and administration



Audit the Auditor+



Troubleshoot network problems




LT Auditor+ for NetWare Monitors


Logins and logouts


All intruder login attempts


eDirectory schema
updates


NDS partition changes


RCONSOLE access


Trustee assignments


Volume mount/dismount


Modules being loaded




eDirectory changes


File deletions and
modifications


Creation and deletions

of users and groups


Security equivalences
assigned or revoked


Password changes


Basic Components



Manager Console


Easy
-
to
-
use graphical interface


Used by security administrators to configure, create
and deploy security policies across the enterprise



Novell NetWare Loadable Module™ (NLM™)


Agents that are loaded on servers


Collects audit trail data locally on servers


Back
-
end engine that does all the work



LT Auditor+ for NetWare Policies


The following policies can be assigned by

the Manager Console


Filter


System


Security


Job


Policies

(cont.)


Filter policies


Login, eDirectory, file/directory and server filters


Granular filtering capability


Set up real
-
time alerting for sensitive events


Configure as per organizational security policies


Policies
(cont.)


Settings policies


Archive settings


Determines when server agents (NLMs) create a data file
(archive file) of all audit trail data collected


Data transfer settings


Determines how archive files are transferred to the
consolidation server for consolidation to a single repository


Setup cross platform consolidation



Policies
(cont.)


Security policies



Authorized users


Levels of access control for authorized users


Audit LT Auditor+


“Police the Policeman”


Policies

(cont.)


Job Policies


Consolidation jobs


Scheduled jobs that consolidate archived files to a Btrieve
database


Can set filters to determine how archive files are
consolidated


Deletion jobs


Scheduled jobs to periodically delete archive and
consolidated data files


Other Features of the Manager Console


Export to other servers in the network


Select different node addresses or users


Control loading of the LT Auditor modules


Automatically delete consolidation jobs on the
local servers


Dedicate one server as the consolidation server


Report Generator


Run reports from databases such as


ORACLE/MS SQL or BTRIEVE


Built with the Crystal Reporting Engine


Capability to export reports to multiple formats
like
.HTML
,
.PDF
, Excel, Word…


Reports can be e
-
mailed to required personnel


Automated scheduling capability


Powerful querying capability

LT Auditor+ v8.0:

High
-
Powered with Low TCO


Single management console


Remote installation capability


Minimal configuration requirements


Automated policy deployment and report
scheduling


System performance monitoring capability


Tracks security changes


Real
-
time monitoring


Customizable queries and reports

LT Auditor v8.0

Radar for your network…