1 / 31

Chicago, IL

TAMeb v6 - Common Auditing and Reporting Service. Phil Connor – Tivoli WW Courseware Development. Tivoli Users Group Conference Call – June 8, 2006. Chicago, IL. April 24-27, 2006. Objectives. Describe Common Auditing and Reporting Services (CARS).

Download Presentation

Chicago, IL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TAMeb v6 - Common Auditing and Reporting Service Phil Connor – Tivoli WW Courseware Development Tivoli Users Group Conference Call – June 8, 2006 Chicago, IL April 24-27, 2006

  2. Objectives • Describe Common Auditing and Reporting Services (CARS). • Describe the key benefits and usage of CARS in the enterprise. • Explain the usage of CARS within IBM Tivoli Access Manager version 6.0.

  3. Common Audit and Reporting Services Overview • Provides enterprise auditing and reporting functionality

  4. Auditing and Reporting • Security-related critical activities such as: • Login failures • Unauthorized access to protected resources • Modification of security policy • Non-compliance with a specified security policy • Business-related critical activities such as: • Bank transactions • Insurance claims processing • Order processing • Content and change management: • Updates and deletions of critical documents • Changes made by administrators

  5. Auditing and Reporting – Continued • Reporting on audit data can be used for: • External controls: • Showing compliance for various standards and legal requirements such as Sarbanes-Oxley Act, Basel II, and HIPPA • Internal Controls: • Showing compliance to an organization’s security policies • Checking enforcement and effectiveness of IT controls, for accountability, and vulnerability or risk analysis • Forensic investigations of security incidents • Consistent auditing and reporting needed

  6. Key Benefits • Provides Auditing Support • Defines a consistent format for auditable events using the Common Base Event (CBE) format • Provides a centralized collection point for auditable events from various sources using the Common Event Infrastructure (CEI) • Provides consistent management of lifecycle of audit data • Facilitates Reporting of audit data • Provides interfaces to stage audit data into custom report tables • Enables customers to use a reporting tool of their choice • Facilitates cross-product audit reports • Exploits products to provide ready-to-use audit reports

  7. Key Benefits – Continued • Planned to be rolled out as part of various IBM products • CARS is supported only for the application it ships with. • Product proposals are in progress for delivering CARS to customers for storing audit data generated by their in-house applications.

  8. CARS XML Store Utility • Aids in archival and restoration of audit data • Used in conjunction with third-party archival tools • Provides three options: • Prearchive • Postarchive • Cleanrestore

  9. CARS and Java Clients • Needed to submit auditable events to CARS server • Two types of clients: • C client • Java client

  10. Tivoli Access Manager Events • Authentication • Management of resources, security policies, users, groups • Configuration • Authorization • Runtime operations for security servers • Resource access events • User self-care password change operations

  11. Architecture

  12. Information Technology Control

  13. Compliance Security

  14. CARS Server Prerequisites • DB2 Universal Database WorkGroup Server Edition version 8.1 with fix pack 7 or higher • DB2 UDB Enterprise Server Edition version 8.1 or higher • WebSphere Application Server 6.0 with refresh pack 2 • IBM Java Runtime Environment 1.4.2

  15. CARS Client Prerequisites • C Client • Global Security Kit (GSKit) 7.0.3.13 • Tivoli Security Utilities (Installed automatically) • Java Client • Application Client for WebSphere Application Server 6.0 • WebSphere Application Server version 6.0 refresh pack 2

  16. Server and Client Platforms

  17. CARS Operational Reports Prerequisites • Windows 2000 Server • Service pack 4 • Windows 2000 Advanced Server • Service pack 4 • IBM HTTP Server (IHS) 6.0 • DB2 client 8.2 • Crystal Enterprise Server 9 with fix pack 2

  18. Server, Client and Operational Reports Installation Types • Interactive installation • Provides a user interface • Additional option to create a response file • Some defaults are predefined • Performed by graphical interface • Silent installation • Invoked using the -silent option • Uses response file • No standard output • Interactive uninstallation • Silent uninstallation

  19. Additional Installation Information • Client installation • CARS C and Java clients installed using GUI • CARS C client configuration accomplished using TAM audit configuration command line utility • CARS Java client configuration completed during install • Server installation • Includes CEI, CARS staging interfaces, and the CARS XML store utility • Operational Reports Installation • Includes Tivoli Access Manager reports • Comes with Crystal Enterprise Server 9 • Only compatible with Windows Server 2000 products • Uses HTTP Server 1.3 through 2.0 • DB2 client 8.2

  20. Configuration of the CARS Server • Configure events group profiles in XML data store • Configure the compress property • Configure common auditing and reporting • Configure non-common auditing and reporting • Deploy the IBM Java Runtime Environment stored procedure

  21. Installation and Configuration of CARS Operational Reports • Install the DB2 client. • Install the IBM HTTP Server (IHS) 6.0. • IHS is used as the front end for Crystal Reports. • Manual configuration is required to integrate. • Install and configure Crystal Enterprise Server 9.0. • Configure the DB2 client. • Set the timeout value. • Install Crystal Enterprise Server service pack 2 or above. • Install CARS Operational Reports into Crystal Enterprise Server. • Connect Crystal Enterprise Server to CARS server.

  22. Configure Tivoli Access Manager for Auditing • Create the Protected Object Policy (POP) used for auditing: # pdadmin –a sec_master –p object00 pdadmin sec_master> pop create audit-all pdadmin sec_master> pop modify audit-all set audit-level all • Attach the POP: pdadmin sec_master> pop attach / audit-all

  23. CARS Reporting • Uses Crystal Enterprise Server 9.0 • Able to run compiled reports • Report generation on demand or scheduled

  24. Preparing Data for Reporting • Crystal Enterprise Server • XML data store • Staging • Relies on the file: • /opt/IBM/Tivoli/CommonAudit/server \ /etc/ibmcars.properties • Performed on the command-line interface using an IBM Java Runtime utility: • java com.ibm.cars.staging.Staging • Historical • Incremental • Prune • Script to stage data: • stage.sh object00

  25. General Audit Event Details Report General Audit Event History Audit Event History by User Failed Authentication History Failed Authorization History Locked Account History User Password Change History Password Change History Server Availability Report Certificate Expiration Report Most Active Accessors Report General Authorization Event History Authorization Event History by Action General Administration Event History User Administration Event History Group Administration Event History Security Server Audit Event History Resource Access By Accessor Report Resource Access By Resource Report Tivoli Access Manager Reports

  26. Crystal Report Example

  27. Crystal Report Example

  28. Crystal Report Example

  29. Crystal Report Example

  30. References • Tivoli WW Courseware Development http://www-306.ibm.com/software/tivoli/education • Publications http://submit.boulder.ibm.com/tividd/td/tdprodlist.html • Common Event Infrastructure http://www-128.ibm.com/developerworks/library-combined/ac-cei

  31. Questions

More Related