Upload
tranmien
View
223
Download
2
Embed Size (px)
Citation preview
Using the PowerSC Tools for IBM iCompliance Monitoring and Reporting Tool
Compliance and Event Monitoring
© 2016 IBM Corporation
Compliance Monitoring and Reporting Tool
Terry FordSenior Managing Consultant
IBM Lab Services Power Systems Delivery
November 4, 2016
Security and Event Monitoring – Inhibitors
Security setup inherited from the past - previous owners / application designers nolonger are available
For many IBM i IT departments, security is performed by an individual withmultiple responsibilities – operations, administration, programming, etc.
Security implementation “how to” is often not understood, is neglected or notmonitored due to time constraints.
Security policies/standards often do not exist. If they do, monitoring of complianceto the policy is not done or understood and deviation from the policies/standards
2© 2016 IBM Corporation
to the policy is not done or understood and deviation from the policies/standardsacross the enterprise is unknown.
Gathering of security information is time consuming andscattered in multiple places on the system. The analysisof this data or monitoring of security changes is oftendated by the time it is read.
How do you measure security? What are Key RiskIndicators (KRI) ? How do I prove due diligence tosecurity monitoring?
PowerSC Tools for IBM iCompliance and Event Monitoring
3© 2016 IBM Corporation
Compliance and Event Monitoring
Compliance Assessment and Reporting Tool – Features
The Compliance Monitoring Tool is a security and systems information Data Mart with “RealTime” event monitoring capabilities. The tool utilizes DB2 Web Query to provide a low costweb-based interface for business analytics for easy monitoring of compliance on any or allsystems in an enterprise.
A centralized view of Security Compliance status across the enterprise provides the abilityto quantify and act upon several aspects of security as statistical measurable componentsas well as to corporate defined objectives for configuration consistency
A federated repository of IBM i user profiles that provide cross system observability ofprofile administration.
4© 2016 IBM Corporation
Security Event Monitoring - monitor and act on events as they happen - providing near"real time" monitoring of more than 180 of the most common security events. Additionalevents can be monitored through a customization utility.
A customizable scoring mechanism for prioritization of policy by customer objectiveswhich highlights deviations from policy, unexpected differences of policy settings betweensystems, and security attributes that do not adhere to corporate security objectives.
A utility to add user-defined items for monitoring security inventory, auditing, status, etc.that integrates with scoring mechanisms provided by the tool.
A utility for deploying tool fixes or enhancements that can be leveraged for deployingcustomer defined fixes
Compliance Assessment and Reporting Tool – Typical Uses
Demonstrating to auditors that control measures are in place
Observing and highlighting deviation from corporate security standards andpolicies
Demonstrating when observed deviations have occurred
Reporting defined security standards upon request by system or for the entireestate of systems
Quickly observing and assessing a broad range of security attributes (commonlyknown and unknown to administrators)
5© 2016 IBM Corporation
known and unknown to administrators)
Quickly looking across the corporate estate for consistency in administration
Adding customer-defined items for monitoring inventory,auditing, status, security events, etc. with incorporatedscoring mechanisms provided by the tool
Deploying fixes, enhancements or changes to individualLPARs or all LPARs for compliance or alignment withstandards
Monitoring PTF currency
Compliance Assessment and Reporting Tool - Enterprise
High Level Architecture
DFFTCA 3P 0DFRTBB 5ADFRTTB 5ADFMNTI 1ADFTG1B 1ADFTG2B 1ADFTG3B 1ADFTG4B 1ADFMNEE 25ADFMNEF 11P 2DFRERP 11P 2DFWELF 11P 2DFWILF 11P 2DFWILR 11P 2DFWILS 11P 2DFWILT 11P 2DFQI1W 5ADFQ2IW 3ADFTRES 10ADFYT1LL 45ADFYT1LO 12ADFYT1LR 12ADFRRWA 5ADF6TYHA 1ADFTIIPQ 1P 0DFDRTF 6P 0DFDRTG 6P 0DFDRTH 6P 0DFTPPL 1P 0DFTINM 3P 0DFTIR2 30ADFTIGL 12ADFTTDT 6P 0DFTTED 6P 0DFHHIJ 4P 2DFHHIK 4P 2DFTYHI 5P 2DFTYIA 1ADFTYKN 1ADFTTWK 1ADFTGHA 1ADFTGSS 2ADFTGPE 3ADFTGYI 5P 2
T00032P
DSFTCA 3P 0DSRTBB 5ADSRTTB 5ADSMNTI 1ADSVB1B 1ADSVB2B 1ADSYT1LO 50ADSYT1LR 12ADSRRWA 5ADS6TYHA 1ADSTIIPQ 3P 0DSDRTF 6P 0DSVBHA 1ADSVBSS 2ADSVBPE 3ADSVBYI 5P 2DSMNTI 25ADSVR2B 25ADSVR3B 25ADSYT2WL 12ADSYTWLT 12ADSRRYUQ 6A
T01045P
KSFTCA 3P 0KSGSBB 5AKSGDMB 5AKSMARI 1AKSYT3LA 50AKSYT3LE 6P 0KSRRWA 5AKS6TYHA 1AKSTIIPQ 9P 0KSDGSF 6P 0KSVYHA 2AKSVFSS 2AKSVGTE 3P 0KSVUYI 5P 2KSMPTI 2AKSVR2B 2AKSVR3B 2AKSYTBEL 10AKSYTPIT 10AKSRQAU1 5A
T01046P
AGFRCA 3P 0AGAC3EE 6P 0AGRRWA 5AAG6RYHA 1AAGR22PQ 9P 0AGDGSF 6P 0AGVYHA 14AAGVFSS 12AAGVGRE 3P 0AGVUY2 5P 2AGMPR2 2AAGVR2B 2AAGVR3B 2AAGACBEE 1AAGACP2R 10AAGRQAU1 5AAGGSBB 1AAGGDMB 8AAGMAR2 1AAGAC3EA 50AAG6TTHA 1AAGRSAPQ 6P 0AGHISF 6P 0
R02126P
TLFTCA 3P 0TLRTBB 5ATLRTTB 5ATLTNT3 1ATLKB1B 1ATLKB2B 1ATLTNT3 25ATLKR2B 25ATLKR3B 25ATLPT2WL 12ATLPTWLT 12ATLRRPUQ 6A
T03140P
FPPTWLT 12AFPLLPUQ 6AFPFTCA 1P 0FPLTTB 5AFPTNTP 1AFPYB1B 1AFPTNTP 25AFPYL2B 1P 0FPYLPB 25A
T05001P
ETL Process toLoad Data Mart onCentral System
DB2 for i Reporting Data MartDAILY
HISTORY
Remote systems Data Mart system
PROFILES
7© 2016 IBM Corporation
Central System
DB2 Web Query Meta Data
DAILY SUMMARY TABLECreated by the ComplianceAssessment ToolCollection Agent(One for every LPAR)
DB2 Web QueryDashboards/Reports
Compliance Assessment and Reporting Tool
High Level Architecture
EVENTS and DAILY Report Created by theCompliance Assessment Tool Collection Agent
DAILY
HISTORY
PROFILES
8© 2016 IBM Corporation
Covers:
- Password management
- Profile administration
- Special authorities
- Group inheritance
- Network configuration
An automated collection, analysis, and reporting tool on over 1000 system and securityrelated risks, information, statistics and demographics. All in one location and easy to use!
Enables compliance officer to demonstrate adherence topre-defined or customer-defined security polices.
System and Security reporting made easy!
Compliance Assessment and Reporting Tool - Enterprise
Centralized reporting of IBM i System and Security Components
9© 2016 IBM Corporation
- Network configuration
- NetServer attributes
- Operational security
- PTF currency
- Event monitoring
- Customer define items
- Security risks and more
Daily compliance dashboardreports at VM (partition),system or enterprise level
• A Security Compliance, Assessment, Reporting and Monitoring Data Mart in one Package!• Security analysis through a rich graphical interface that is mobile enabled• Contact Terry Ford ([email protected]) to get started or visit ibm.biz/IBMiSecurity
Compliance Assessment, Monitoring and Reporting Tool
Monitor enterprise security from one location …
10© 2016 IBM Corporation
Compliance Assessment and Reporting Tool
Provides “out of the box” assessment of systems for security compliance and exposures
Profile Analysis: Special Authorities / Inherited Privileges
Group Profiles / Ambiguous Profiles
Default Passwords / Password Expiration
Inactive Accounts
Administration / Configuration: System Values / Audit Control Settings
Invalid Signon attempts
*PUBLICLY Authorized Profiles
Privately Authorized Profiles
Initial Programs, Menus, and Attention Programs
Command Line Access
DDM Password Requirements
Registered Exit Points / Exit Programs
Function Usage
11© 2016 IBM Corporation
Invalid Signon attempts
Work Management Analysis
Service Tools (SST) Security
PTF Currency
Network Settings: Network attributes / Time Server
NetServer Configuration
TCP/IP servers / Autostart values
Digital Certificate Expiration
SNMP / SSH / SSL Configuration
Function Usage
Library Analysis / *ALLOBJ Inheritance
Customer Defined Events and Items
CPU/DASD Utilization and Availability
Actionable Security Events as they Happen
Listening ports / Network Encryption
IP Datagram Forwarding
IP Source Routing
APPN Configuration (yes – for many it is still there)
Server Authentication Entries
Cost of Compliance
Financial penalties being incorporated ascost of doing business
Fines
Liability cost increases
Greater regulatory scrutiny
Further pressures/increases to comply
Costs being paid through tacticalexpenditures at the expense of morestrategic business imperatives
Temporary reprioritization of business
12© 2016 IBM Corporation
Temporary reprioritization of businessobjectives
Impact to business continuity as auditfindings are satisfied
Potential disruption in business asstakeholders pursue alternate lines ofbusiness (loss of confidence inreputation of business)
Focus on remedial efforts rather thanthe business
-Thomas Reuters
Terry Ford, Team Lead Office: 1-507-253-7241
Help is always just an email or call away!
13© 2016 IBM Corporation
Terry Ford, Team LeadSenior Managing ConsultantSecurity Services DeliveryIBM Systems Lab Services
Office: 1-507-253-7241Mobile: [email protected]
3605 Highway 52 NBldg. 025-3 C113Rochester, MN 55901USA
Enterprise Dashboard- Summary of Overall System Status of all systems in the enterprise by various system attributes.- Information is based on last successful collection for each system.
Compliance Assessment and Reporting Tool
15© 2016 IBM Corporation
Regional Review (Drill down to overall grading and details)
Compliance Assessment and Reporting Tool
16© 2016 IBM Corporation
System DashboardKey System and data collection information- Status of last collection attempt (Success or Fail)- Key System attributes – VRM, Location, etc.- Overall and detailed system grading based upon last successful collection.
Compliance Assessment and Reporting Tool
17© 2016 IBM Corporation
Cross System AnalysisHorizontal or vertical presentation of risk indicators across LPARs
Compliance Assessment and Reporting Tool
18© 2016 IBM Corporation
Cross System AnalysisPTF Inventory…
Compliance Assessment and Reporting Tool
19© 2016 IBM Corporation
Cross System AnalysisPTF Currency…
Compliance Assessment and Reporting Tool
20© 2016 IBM Corporation
Cross System AnalysisCertificate Stores …
Compliance Assessment and Reporting Tool
21© 2016 IBM Corporation
Profile AnalysisHorizontal or vertical presentation of user profiles across LPARs
Compliance Assessment and Reporting Tool
23© 2016 IBM Corporation
Profile AnalysisAggregation of user profiles across LPARs
Compliance Assessment and Reporting Tool
24© 2016 IBM Corporation
Profile AnalysisDrill down into user profiles as configured across LPARs
Compliance Assessment and Reporting Tool
25© 2016 IBM Corporation
Event MonitoringEarly Detection of Administrative Mistakes or Malicious Activity
Compliance Assessment and Reporting Tool
26© 2016 IBM Corporation
Performance and Availability AnalysisUnderstand Risk of Outage due to Performance or Availability constraints
Compliance Assessment and Reporting Tool
27© 2016 IBM Corporation
IBM Lab Services offeringsfor IBM i security:
Simplifies management and measurement of security & compliance
Reduces cost of security & compliance
Improves detection and reporting of security exposures
Improves the audit capability to satisfy reporting requirements
PowerSC Tools for IBM i Benefits
Compliance Assessment andReporting. Includes Security EventMonitoring
Demonstrate adherence to pre-defined and customer definedsecurity polices, system component inventory. Centralizesecurity management and reporting via Db2 Web Query
Security Diagnostics Reduces operator time involved in remediating exposures
Privileged Elevation Tool Ensures compliance with guidelines on privileged users
PowerSC Tools for IBM iProven Security Solutions
28© 2016 IBM Corporation
for IBM i security:
IBM i SecurityAssessment
IBM i Single Sign OnImplementation
IBM i SecurityRemediation
Password Validation,Synchronization, 2FA
IBM i Encryption
Access Control Monitor Prevents user application failures due to inconsistent controls
Network Interface Firewall Reduces threat of unauthorized security breach and data loss
Certificate Expiration Manager Prevents system outages due to expired certificates
Password Validation /Synchronization / TOTP Two FactorAuthentication (2FA)
Ensures user passwords are not trivial and are insynchronization across all LPARs. Insure service accountsadhere to policy - including SVRAUTE. Enhance applicationswith 2FA service program.
Single Sign On (SSO) Suite Reduces for password resets and simplifies user experience
PowerSC Tools for IBM i are service offeringsfrom IBM Systems Lab Services
For more information on PowerSC Tools for IBM i offerings and services, contact:Terry Ford [email protected] Practice Leader, IBM Systems Lab Services Security
Our Mission and Profile
IBM Systems Lab Services and Training
Support the IBM Systems Agenda and accelerate the adoption of newproducts and solutions
Maximize performance of our clients’ existing IBM systems
Deliver technical training, conferences, and other services tailored tomeet client needs
Team with IBM Service Providers to optimize the deployment of IBMsolutions (GTS, GBS, SWG Lab Services and our IBM BusinessPartners)
Our Competitive Advantage
Leverage relationships with the IBM development labs to build deep
Mainframe Systems
Power Systems
System Storage
IT Infrastructure Optimization
29© 2016 IBM Corporation29
Successful Worldwide History
18 years in Americas
10 years in Europe/Middle East/Africa
6 years in Asia Pacific
Leverage relationships with the IBM development labs to build deeptechnical skills and exploit the expertise of our developers
Combined expertise of Lab Services and the Training for Systemsteam
Skills can be deployed worldwide to assure client requests can be met
www.ibm.com/systems/services/[email protected]
IT Infrastructure Optimization
Data Center Services
Training Services
Leverage the skills and expertise of IBM's technical consultants toimplement projects that achieve faster business value
IBM Systems Lab Services and Training
Ensure a smooth upgrade
Improve your availability
Design for efficient virtualization
Reduce management complexity
Assess your system security
Optimize database performance
How to contact us
email us at [email protected]
Follow us at @IBMSLST
Learn more ibm.com/systems/services/labservices
30© 2016 IBM Corporation
Optimize database performance
Modernize applications for iPad
Deliver training classes & conferences
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attackson others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require othersystems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISEIMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of anykind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, norshall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the useof IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / orcapabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future productor feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countriesor both. Other company, product, or service names may be trademarks or service marks of others.