Securely Audit and Monitor NetWare® and eDirectory™ with Blue Lance

1
Securely Audit and Monitor NetWare and
eDirectory with Blue Lance

• Jeff Christensen
• Product Manager
• Novell, Inc.
• jrchristensen_at_novell.com
• Peter Thomas
• Chief Technology Officer
• Blue Lance, Inc.
• pthomas_at_bluelance.com

2

• Visionone Net
• A world where networks of all typescorporate
  and public, intranets, extranets, and the
  Internetwork together as one Net and securely
  connect employees, customers, suppliers, and
  partners across organizational boundaries
• Mission
• To solve complex business and technical
  challenges with Net business solutions that
  enable people, processes, and systems to work
  together and our customers to profit from the
  opportunities of a networked world

3
(No Transcript)
4
Who Is Blue Lance?

• A leader in protection of computer-managed assets
  since 1985
• Pioneers of asset-monitoring technology
• Audit trails with real-time alerting
• Focus inside the firewall
• Monitor and report on activities of privileged
  and trusted users

5
Why Monitor?
70 of all computer-related theft happens inside
the firewall Source Information Security
Magazine, 2000
A survey five hundred corporations had 75 of
computer-related theft happened inside the
firewall Source CSI/FBI 2001 Study
90 of all security violations were attributed to
insiders Source Exodus Communications, 2000
6
Survey of NetWare Users

• Do you use auditing to troubleshoot your
  network?
• Is an auditing tool required in your
  organization?
• Is auditing used on a full-time basis?

YES 73
YES 18
YES 4
Source Novell, February 2002
7
Auditing

• Compliance
• Banking and finance FDIC, OCC Regulations, GLB
• Government C2 or common criteria
• Healthcare HIPAA
• Other issues
• For legal liability and protection of assets
• Troubleshooting the network
• Provides a detailed analysis of activity

8
Spending to Secure Assets Rising
Security Software Purchases
( millions)
Source Gartner, Inc.
9
Whats Next for You?
Biometrics
Perimeter/network sec.
Assessment
Audit
Firewalls
eCommerce security
Smart cards
Hardware lockdown
Forensics
Intrusion detection
Cryptographic tools
Password security
Wireless security
Encryption
E-mail security
Database security
Penetration testing
Log analysis
Web access ctrl
Vulnerability assessment
Authentication
Secure ID/password
OS/app hardening
Physical access ctrl
Non-firewall access ctrl
Software/servers
PKI/cert. handling
VPNs
Access control
Network security appliances
10
Where Is Your Protection Weakest?
Biometrics
Perimeter/network sec.
Assessment
Audit
Firewalls
eCommerce security
Smart cards
Hardware lockdown
Forensics
Intrusion detection
Cryptographic tools
Password security
Wireless security
Encryption
E-mail security
Database security
Penetration testing
Log analysis
Web access ctrl
Vulnerability assessment
Authentication
Secure ID/password
OS/app hardening
Physical access ctrl
Non-firewall access ctrl
Software/servers
PKI/cert. handling
VPNs
Access control
Network security appliances
Pre-event
Post-event
11
Concentric Barriers of Security
Physical Security
12
How Do You Protect Yourself?
13
With LT Auditor

• Windows-based audit trail security software
  solution
• The gold standard in monitoring
• Designed to protect organizational assets
  accessible through Novell networks
• Provides around-the-clock monitoring of network
  activity across the enterprise

14
Corporations That Rely on LT Auditor

• Major Corporations
• 20th Century Fox
• Air Canada
• Blue Cross Blue Shield
• EDS
• Federated Mutual Ins.
• General Motors
• IBM Global Services
• Lockheed Martin
• MD Anderson Hospital
• Raytheon
• Reliant Energy
• Qantas Airlines
• Tampa Electric
• Trans Union

Banks Bank of Tokyo-Mitsubishi Compass Bank for
Savings DKB Bank First Union Bank Heritage
Bank JP Morgan Chase MT Bank Old National
Bank Star Financial Bank United California
Bank US Bank Washington Mutual Wells Fargo
Bank WFS Financial
Government Department of Defense Department of
the Interior Federal Bureau of Prisons Federal
Railroad Comm. INS NY Attorney General NY
Comptroller Pension Benefit Guar. Corp. State of
Illinois US Army US Air Force US Bankruptcy
Courts US Border Patrol US Probation Office
15
LT Auditor v8.0 Components

• LT Auditor for NetWare
• LT Auditor Manager Console
• LT Auditor Report Generator
• LT Auditor for Windows

16
NetWare Architecture
17
LT Auditor for NetWareFeatures

• Supports NetWare 4.x, 5.x, and 6.x
• Audits all changes to the Novell
  eDirectory/NDS
• Real-time alerting capability via SNMP
• Enterprise-wide consolidation of all audit data
  into a single repository
• Supports high-end databases
• Powerful filtering technology allows for
  collection of pertinent audit data
• Also ensures audit data reduction

Novell Directory Services
18
Features (cont.)

• Single Management Console for remote policy
  deployment and administration
• Audit the Auditor
• Troubleshoot network problems

19
LT Auditor for NetWare Monitors

• Logins and logouts
• All intruder login attempts
• eDirectory schema updates
• NDS partition changes
• RCONSOLE access
• Trustee assignments
• Volume mount/dismount
• Modules being loaded

• eDirectory changes
• File deletions and modifications
• Creation and deletions of users and groups
• Security equivalences assigned or revoked
• Password changes

20
Basic Components

• Manager Console
• Easy-to-use graphical interface
• Used by security administrators to configure,
  create and deploy security policies across the
  enterprise
• Novell NetWare Loadable Module (NLM)
• Agents that are loaded on servers
• Collects audit trail data locally on servers
• Back-end engine that does all the work

21
LT Auditor for NetWare Policies

• The following policies can be assigned by the
  Manager Console
• Filter
• System
• Security
• Job

22
(No Transcript)
23
Policies (cont.)

• Filter policies
• Login, eDirectory, file/directory and server
  filters
• Granular filtering capability
• Set up real-time alerting for sensitive events
• Configure as per organizational security policies

24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
Policies (cont.)

• Settings policies
• Archive settings
• Determines when server agents (NLMs) create a
  data file (archive file) of all audit trail data
  collected
• Data transfer settings
• Determines how archive files are transferred to
  the consolidation server for consolidation to a
  single repository
• Setup cross platform consolidation

29
(No Transcript)
30
Policies (cont.)

• Security policies
• Authorized users
• Levels of access control for authorized users
• Audit LT Auditor
• Police the Policeman

31
(No Transcript)
32
Policies (cont.)

• Job Policies
• Consolidation jobs
• Scheduled jobs that consolidate archived files to
  a Btrieve database
• Can set filters to determine how archive files
  are consolidated
• Deletion jobs
• Scheduled jobs to periodically delete archive and
  consolidated data files

33
(No Transcript)
34
Other Features of the Manager Console

• Export to other servers in the network
• Select different node addresses or users
• Control loading of the LT Auditor modules
• Automatically delete consolidation jobs on the
  local servers
• Dedicate one server as the consolidation server

35
(No Transcript)
36
Report Generator

• Run reports from databases such as
• ORACLE/MS SQL or BTRIEVE
• Built with the Crystal Reporting Engine
• Capability to export reports to multiple formats
  like .HTML, .PDF, Excel, Word
• Reports can be e-mailed to required personnel
• Automated scheduling capability
• Powerful querying capability

37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
LT Auditor v8.0High-Powered with Low TCO

• Single management console
• Remote installation capability
• Minimal configuration requirements
• Automated policy deployment and report scheduling
• System performance monitoring capability
• Tracks security changes
• Real-time monitoring
• Customizable queries and reports

43
(No Transcript)
44
(No Transcript)