1 / 43

Securely Audit and Monitor NetWare ® and eDirectory™ with Blue Lance

Securely Audit and Monitor NetWare ® and eDirectory™ with Blue Lance. Jeff Christensen Product Manager Novell, Inc. jrchristensen@novell.com Peter Thomas Chief Technology Officer Blue Lance, Inc. pthomas@bluelance.com. Vision…one Net

bela
Download Presentation

Securely Audit and Monitor NetWare ® and eDirectory™ with Blue Lance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance Jeff Christensen Product Manager Novell, Inc. jrchristensen@novell.com Peter Thomas Chief Technology Officer Blue Lance, Inc. pthomas@bluelance.com

  2. Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

  3. Who Is Blue Lance? • A leader in protection of computer-managed assets since 1985 • Pioneers of asset-monitoring technology • Audit trails with real-time alerting • Focus inside the firewall • Monitor and report on activities of privileged and trusted users

  4. Why Monitor? “70% of all computer-related theft happens inside the firewall” Source: Information Security Magazine, 2000 A survey five hundred corporations had 75% of computer-related theft happened inside the firewall Source: CSI/FBI 2001 Study 90% of all security violations were attributed to insiders Source: Exodus Communications, 2000

  5. Survey of NetWare® Users • “Do you use auditing to troubleshoot your network?” • “Is an auditing tool required in your organization?” • “Is auditing used on a full-time basis?” YES: 73% YES: 18% YES: 4% Source: Novell, February 2002

  6. Auditing • Compliance • Banking and finance: FDIC, OCC Regulations, GLB • Government: C2 or common criteria • Healthcare: HIPAA • Other issues • For legal liability and protection of assets • Troubleshooting the network • Provides a detailed analysis of activity

  7. Spending to Secure Assets Rising Security Software Purchases ($ millions) Source: Gartner, Inc.

  8. What’s Next for You? Biometrics Perimeter/network sec. Assessment Audit eCommerce security Firewalls Smart cards Hardware lockdown Forensics Cryptographic tools Intrusion detection Password security Wireless security Encryption E-mail security Database security Penetration testing Log analysis Vulnerability assessment Authentication Web access ctrl Secure ID/password OS/app hardening Physical access ctrl Software/servers Non-firewall access ctrl PKI/cert. handling VPNs Access control Network security appliances

  9. Where Is Your Protection Weakest? Biometrics Perimeter/network sec. Assessment Audit eCommerce security Firewalls Smart cards Hardware lockdown Forensics Cryptographic tools Intrusion detection Password security Wireless security Encryption E-mail security Database security Penetration testing Log analysis Vulnerability assessment Authentication Web access ctrl Secure ID/password OS/app hardening Physical access ctrl Software/servers Non-firewall access ctrl PKI/cert. handling VPNs Access control Network security appliances Pre-event Post-event

  10. How Do You Protect Yourself?

  11. With LT Auditor+ • Windows-based audit trail security software solution • The gold standard in monitoring • Designed to protect organizational assets accessible through Novell networks • Provides around-the-clock monitoring of network activity across the enterprise

  12. Major Corporations 20th Century Fox Air Canada Blue Cross Blue Shield EDS Federated Mutual Ins. General Motors IBM Global Services Lockheed Martin MD Anderson Hospital Raytheon Reliant Energy Qantas Airlines Tampa Electric Trans Union Corporations That Rely on LT Auditor+ Banks Bank of Tokyo-Mitsubishi Compass Bank for Savings DKB Bank First Union Bank Heritage Bank JP Morgan Chase M&T Bank Old National Bank Star Financial Bank United California Bank US Bank Washington Mutual Wells Fargo Bank WFS Financial Government Department of Defense Department of the Interior Federal Bureau of Prisons Federal Railroad Comm. INS NY Attorney General NY Comptroller Pension Benefit Guar. Corp. State of Illinois US Army US Air Force US Bankruptcy Courts US Border Patrol US Probation Office

  13. LT Auditor+ v8.0 Components • LT Auditor+ for NetWare • LT Auditor+ Manager Console • LT Auditor+ Report Generator • LT Auditor+ for Windows

  14. NetWare Architecture

  15. LT Auditor+ for NetWare—Features • Supports NetWare 4.x, 5.x, and 6.x • Audits all changes to the Novell eDirectory™/*NDS® • Real-time alerting capability via SNMP • Enterprise-wide consolidation of all audit data into a single repository • Supports high-end databases • Powerful filtering technology allows for collection of pertinent audit data • Also ensures audit data reduction *Novell Directory Services®

  16. Features (cont.) • Single Management Console for remote policy deployment and administration • Audit the Auditor+ • Troubleshoot network problems

  17. Logins and logouts All intruder login attempts eDirectory schema updates NDS partition changes RCONSOLE access Trustee assignments Volume mount/dismount Modules being loaded eDirectory changes File deletions and modifications Creation and deletions of users and groups Security equivalences assigned or revoked Password changes LT Auditor+ for NetWare Monitors

  18. Basic Components • Manager Console • Easy-to-use graphical interface • Used by security administrators to configure, create and deploy security policies across the enterprise • Novell NetWare Loadable Module™ (NLM™) • Agents that are loaded on servers • Collects audit trail data locally on servers • Back-end engine that does all the work

  19. LT Auditor+ for NetWare Policies • The following policies can be assigned by the Manager Console • Filter • System • Security • Job

  20. Policies (cont.) • Filter policies • Login, eDirectory, file/directory and server filters • Granular filtering capability • Set up real-time alerting for sensitive events • Configure as per organizational security policies

  21. Policies (cont.) • Settings policies • Archive settings • Determines when server agents (NLMs) create a data file (archive file) of all audit trail data collected • Data transfer settings • Determines how archive files are transferred to the consolidation server for consolidation to a single repository • Setup cross platform consolidation

  22. Policies (cont.) • Security policies • Authorized users • Levels of access control for authorized users • Audit LT Auditor+ • “Police the Policeman”

  23. Policies (cont.) • Job Policies • Consolidation jobs • Scheduled jobs that consolidate archived files to a Btrieve database • Can set filters to determine how archive files are consolidated • Deletion jobs • Scheduled jobs to periodically delete archive and consolidated data files

  24. Other Features of the Manager Console • Export to other servers in the network • Select different node addresses or users • Control loading of the LT Auditor modules • Automatically delete consolidation jobs on the local servers • Dedicate one server as the consolidation server

  25. Report Generator • Run reports from databases such as • ORACLE/MS SQL or BTRIEVE • Built with the Crystal Reporting Engine • Capability to export reports to multiple formats like .HTML, .PDF, Excel, Word… • Reports can be e-mailed to required personnel • Automated scheduling capability • Powerful querying capability

  26. LT Auditor+ v8.0:High-Powered with Low TCO • Single management console • Remote installation capability • Minimal configuration requirements • Automated policy deployment and report scheduling • System performance monitoring capability • Tracks security changes • Real-time monitoring • Customizable queries and reports

  27. LT Auditor v8.0 Radar for your network…

More Related