www.novell.com

Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance

Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance

Jeff ChristensenProduct ManagerNovell, Inc.jrchristensen@novell.com

Peter ThomasChief Technology OfficerBlue Lance, Inc.pthomas@bluelance.com

Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries

MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Who Is Blue Lance?

• A leader in protection of computer-managed assets since 1985

• Pioneers of asset-monitoring technology• Audit trails with real-time alerting• Focus inside the firewall

Monitor and report on activities of privileged and trusted users

“70% of all computer-related theft happens inside the firewall”

Source: Information Security Magazine, 2000

A survey five hundred corporations had 75% of computer-related theft happened inside the firewall

Source: CSI/FBI 2001 Study

90% of all security violations were attributed to insiders

Source: Exodus Communications, 2000

Why Monitor?

• “Do you use auditing to troubleshoot your network?”

• “Is an auditing tool required in your organization?”

• “Is auditing used on a full-time basis?”

Survey of NetWare® Users

YES: 73%

YES: 18%

YES: 4%

Source: Novell, February 2002

Auditing

• Compliance Banking and finance: FDIC, OCC Regulations,

GLB Government: C2 or common criteria Healthcare: HIPAA

• Other issues For legal liability and protection of assets Troubleshooting the network Provides a detailed analysis of activity

Spending to Secure Assets Rising

($ millions)

Security Software Purchases

Source: Gartner, Inc.

What’s Next for You?

Firewalls

Physical access ctrl

Password security

Non-firewall access ctrl

Web access ctrl

Hardware lockdown

Access control

E-mail security

Intrusion detection

OS/app hardening

Wireless security

Network securityappliances

eCommerce security

Perimeter/network sec.

Database security

VPNs

PKI/cert. handling

Cryptographic tools

Encryption

Vulnerability assessment

Penetration testing

Assessment

Software/servers

Smart cards

Biometrics

Secure ID/password

Authentication

Forensics

Log analysis

Audit

Where Is Your Protection Weakest?

Firewalls

Physical access ctrl

Password security

Non-firewall access ctrl

Web access ctrl

Hardware lockdown

Access control

E-mail security

Intrusion detection

OS/app hardening

Wireless security

Network securityappliances

eCommerce security

Perimeter/network sec.

Database security

VPNs

PKI/cert. handling

Cryptographic tools

Encryption

Vulnerability assessment

Penetration testing

Assessment

Software/servers

Smart cards

Biometrics

Secure ID/password

Authentication

Forensics

Log analysis

Audit

Pre-eventPre-event Post-eventPost-event

How Do You Protect Yourself?

How Do You Protect Yourself?

With LT Auditor+

• Windows-based audit trail security software solution

The gold standard in monitoring

• Designed to protect organizational assets accessible through Novell networks

• Provides around-the-clock monitoring of network activity across the enterprise

Corporations That Rely on LT Auditor+

Major Corporations

20th Century FoxAir CanadaBlue Cross Blue

ShieldEDSFederated Mutual Ins.General MotorsIBM Global ServicesLockheed MartinMD Anderson HospitalRaytheonReliant EnergyQantas AirlinesTampa ElectricTrans Union

Banks

Bank of Tokyo-Mitsubishi

Compass Bank for Savings

DKB BankFirst Union BankHeritage BankJP Morgan ChaseM&T BankOld National BankStar Financial BankUnited California BankUS BankWashington MutualWells Fargo BankWFS Financial

Government

Department of DefenseDepartment of the InteriorFederal Bureau of PrisonsFederal Railroad Comm.INSNY Attorney GeneralNY ComptrollerPension Benefit Guar.

Corp.State of IllinoisUS ArmyUS Air ForceUS Bankruptcy CourtsUS Border PatrolUS Probation Office

LT Auditor+ v8.0 Components

• LT Auditor+ for NetWare• LT Auditor+ Manager Console• LT Auditor+ Report Generator• LT Auditor+ for Windows

NetWare Architecture

LT Auditor+ for NetWare—Features

• Supports NetWare 4.x, 5.x, and 6.x• Audits all changes to the Novell

eDirectory™/*NDS®

• Real-time alerting capability via SNMP• Enterprise-wide consolidation of all audit data into

a single repository• Supports high-end databases• Powerful filtering technology allows for collection

of pertinent audit data Also ensures audit data reduction

*Novell Directory Services®

Features (cont.)

• Single Management Console for remote policy deployment and administration

• Audit the Auditor+

• Troubleshoot network problems

LT Auditor+ for NetWare Monitors

• Logins and logouts• All intruder login

attempts• eDirectory schema

updates• NDS partition changes• RCONSOLE access • Trustee assignments• Volume mount/dismount• Modules being loaded

• eDirectory changes• File deletions and

modifications• Creation and deletions

of users and groups• Security equivalences

assigned or revoked• Password changes

Basic Components

• Manager Console Easy-to-use graphical interface Used by security administrators to configure,

create and deploy security policies across the enterprise

• Novell NetWare Loadable Module™ (NLM™) Agents that are loaded on servers Collects audit trail data locally on servers Back-end engine that does all the work

LT Auditor+ for NetWare Policies

• The following policies can be assigned by the Manager Console

Filter System Security Job

Policies (cont.)

• Filter policies Login, eDirectory, file/directory and server filters Granular filtering capability Set up real-time alerting for sensitive events Configure as per organizational security policies

Policies (cont.)

• Settings policies Archive settings

• Determines when server agents (NLMs) create a data file (archive file) of all audit trail data collected

Data transfer settings• Determines how archive files are transferred to the

consolidation server for consolidation to a single repository

• Setup cross platform consolidation

Policies (cont.)

• Security policies

• Authorized users Levels of access control for authorized users Audit LT Auditor+

• “Police the Policeman”

Policies (cont.)

• Job Policies Consolidation jobs

• Scheduled jobs that consolidate archived files to a Btrieve database

• Can set filters to determine how archive files are consolidated

Deletion jobs • Scheduled jobs to periodically delete archive and

consolidated data files

Other Features of the Manager Console

• Export to other servers in the network• Select different node addresses or users• Control loading of the LT Auditor modules• Automatically delete consolidation jobs on

the local servers• Dedicate one server as the consolidation

server

Report Generator

• Run reports from databases such as ORACLE/MS SQL or BTRIEVE

• Built with the Crystal Reporting Engine• Capability to export reports to multiple

formats like .HTML, .PDF, Excel, Word…• Reports can be e-mailed to required

personnel• Automated scheduling capability• Powerful querying capability

LT Auditor+ v8.0:High-Powered with Low TCO

• Single management console• Remote installation capability• Minimal configuration requirements• Automated policy deployment and report

scheduling• System performance monitoring capability• Tracks security changes• Real-time monitoring• Customizable queries and reports

LT Auditor v8.0LT Auditor v8.0Radar for your

network…Radar for your network…