Upload
leona-oneal
View
219
Download
0
Embed Size (px)
Citation preview
www.novell.com
Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance
Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance
Jeff ChristensenProduct ManagerNovell, [email protected]
Peter ThomasChief Technology OfficerBlue Lance, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Who Is Blue Lance?
• A leader in protection of computer-managed assets since 1985
• Pioneers of asset-monitoring technology• Audit trails with real-time alerting• Focus inside the firewall
Monitor and report on activities of privileged and trusted users
“70% of all computer-related theft happens inside the firewall”
Source: Information Security Magazine, 2000
A survey five hundred corporations had 75% of computer-related theft happened inside the firewall
Source: CSI/FBI 2001 Study
90% of all security violations were attributed to insiders
Source: Exodus Communications, 2000
Why Monitor?
• “Do you use auditing to troubleshoot your network?”
• “Is an auditing tool required in your organization?”
• “Is auditing used on a full-time basis?”
Survey of NetWare® Users
YES: 73%
YES: 18%
YES: 4%
Source: Novell, February 2002
Auditing
• Compliance Banking and finance: FDIC, OCC Regulations,
GLB Government: C2 or common criteria Healthcare: HIPAA
• Other issues For legal liability and protection of assets Troubleshooting the network Provides a detailed analysis of activity
Spending to Secure Assets Rising
($ millions)
Security Software Purchases
Source: Gartner, Inc.
What’s Next for You?
Firewalls
Physical access ctrl
Password security
Non-firewall access ctrl
Web access ctrl
Hardware lockdown
Access control
E-mail security
Intrusion detection
OS/app hardening
Wireless security
Network securityappliances
eCommerce security
Perimeter/network sec.
Database security
VPNs
PKI/cert. handling
Cryptographic tools
Encryption
Vulnerability assessment
Penetration testing
Assessment
Software/servers
Smart cards
Biometrics
Secure ID/password
Authentication
Forensics
Log analysis
Audit
Where Is Your Protection Weakest?
Firewalls
Physical access ctrl
Password security
Non-firewall access ctrl
Web access ctrl
Hardware lockdown
Access control
E-mail security
Intrusion detection
OS/app hardening
Wireless security
Network securityappliances
eCommerce security
Perimeter/network sec.
Database security
VPNs
PKI/cert. handling
Cryptographic tools
Encryption
Vulnerability assessment
Penetration testing
Assessment
Software/servers
Smart cards
Biometrics
Secure ID/password
Authentication
Forensics
Log analysis
Audit
Pre-eventPre-event Post-eventPost-event
How Do You Protect Yourself?
How Do You Protect Yourself?
With LT Auditor+
• Windows-based audit trail security software solution
The gold standard in monitoring
• Designed to protect organizational assets accessible through Novell networks
• Provides around-the-clock monitoring of network activity across the enterprise
Corporations That Rely on LT Auditor+
Major Corporations
20th Century FoxAir CanadaBlue Cross Blue
ShieldEDSFederated Mutual Ins.General MotorsIBM Global ServicesLockheed MartinMD Anderson HospitalRaytheonReliant EnergyQantas AirlinesTampa ElectricTrans Union
Banks
Bank of Tokyo-Mitsubishi
Compass Bank for Savings
DKB BankFirst Union BankHeritage BankJP Morgan ChaseM&T BankOld National BankStar Financial BankUnited California BankUS BankWashington MutualWells Fargo BankWFS Financial
Government
Department of DefenseDepartment of the InteriorFederal Bureau of PrisonsFederal Railroad Comm.INSNY Attorney GeneralNY ComptrollerPension Benefit Guar.
Corp.State of IllinoisUS ArmyUS Air ForceUS Bankruptcy CourtsUS Border PatrolUS Probation Office
LT Auditor+ v8.0 Components
• LT Auditor+ for NetWare• LT Auditor+ Manager Console• LT Auditor+ Report Generator• LT Auditor+ for Windows
NetWare Architecture
LT Auditor+ for NetWare—Features
• Supports NetWare 4.x, 5.x, and 6.x• Audits all changes to the Novell
eDirectory™/*NDS®
• Real-time alerting capability via SNMP• Enterprise-wide consolidation of all audit data into
a single repository• Supports high-end databases• Powerful filtering technology allows for collection
of pertinent audit data Also ensures audit data reduction
*Novell Directory Services®
Features (cont.)
• Single Management Console for remote policy deployment and administration
• Audit the Auditor+
• Troubleshoot network problems
LT Auditor+ for NetWare Monitors
• Logins and logouts• All intruder login
attempts• eDirectory schema
updates• NDS partition changes• RCONSOLE access • Trustee assignments• Volume mount/dismount• Modules being loaded
• eDirectory changes• File deletions and
modifications• Creation and deletions
of users and groups• Security equivalences
assigned or revoked• Password changes
Basic Components
• Manager Console Easy-to-use graphical interface Used by security administrators to configure,
create and deploy security policies across the enterprise
• Novell NetWare Loadable Module™ (NLM™) Agents that are loaded on servers Collects audit trail data locally on servers Back-end engine that does all the work
LT Auditor+ for NetWare Policies
• The following policies can be assigned by the Manager Console
Filter System Security Job
Policies (cont.)
• Filter policies Login, eDirectory, file/directory and server filters Granular filtering capability Set up real-time alerting for sensitive events Configure as per organizational security policies
Policies (cont.)
• Settings policies Archive settings
• Determines when server agents (NLMs) create a data file (archive file) of all audit trail data collected
Data transfer settings• Determines how archive files are transferred to the
consolidation server for consolidation to a single repository
• Setup cross platform consolidation
Policies (cont.)
• Security policies
• Authorized users Levels of access control for authorized users Audit LT Auditor+
• “Police the Policeman”
Policies (cont.)
• Job Policies Consolidation jobs
• Scheduled jobs that consolidate archived files to a Btrieve database
• Can set filters to determine how archive files are consolidated
Deletion jobs • Scheduled jobs to periodically delete archive and
consolidated data files
Other Features of the Manager Console
• Export to other servers in the network• Select different node addresses or users• Control loading of the LT Auditor modules• Automatically delete consolidation jobs on
the local servers• Dedicate one server as the consolidation
server
Report Generator
• Run reports from databases such as ORACLE/MS SQL or BTRIEVE
• Built with the Crystal Reporting Engine• Capability to export reports to multiple
formats like .HTML, .PDF, Excel, Word…• Reports can be e-mailed to required
personnel• Automated scheduling capability• Powerful querying capability
LT Auditor+ v8.0:High-Powered with Low TCO
• Single management console• Remote installation capability• Minimal configuration requirements• Automated policy deployment and report
scheduling• System performance monitoring capability• Tracks security changes• Real-time monitoring• Customizable queries and reports
LT Auditor v8.0LT Auditor v8.0Radar for your
network…Radar for your network…