Upload
taford
View
102
Download
0
Embed Size (px)
Citation preview
Using the PowerSC Tools for IBM iCompliance and Event Monitoring Tool
Compliance and Event Monitoring
© 2016 IBM Corporation
Compliance and Event Monitoring Tool
Terry FordSenior Managing Consultant
February 1, 2016
Statement of Good Security Practices
IT system security involves protecting systems and information through prevention,detection and response to improper access from within and outside your enterprise.Improper access can result in information being altered, destroyed, misappropriated ormisused or can result in damage to or misuse of your systems, including for use in attackson others. No IT system or product should be considered completely secure and nosingle product, service or security measure can be completely effective in preventingimproper use or access. IBM systems, products and services are designed to be part of alawful, comprehensive security approach, which will necessarily involve additionaloperational procedures, and may require other systems, products or services to be most
2© 2016 IBM Corporation
operational procedures, and may require other systems, products or services to be mosteffective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICESARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
“Some organizations will be a
target regardless of what they do,
but most become a TARGET because
3© 2016 IBM Corporation
but most become a TARGET because
of what they do (or don’t do)”
Monitoring – Compliance and Monitoring to What?
Company Policy and/or Standards
These should define how systems shouldbe built, maintained, monitored, andinteracted with by its custodians andusers. Another way of thinking about it,they are a Service Level Agreement(SLA) between Owners, Managementand the people they have hired to “work”the business. Owners and Management
4© 2016 IBM Corporation
the business. Owners and Managementderive a “sense of security” knowing thatits employees are managing the businessaccording to this agreement. Owners andManagement must be involved in thecreation and maintenance of thesedocuments. Compliance monitoring thenis simply demonstrating that theemployees (and management) are doingwhat they have been hired to do.
Compliance and Event Monitoring – Inhibitors
Security setup inherited from the past - previous owners / application designers nolonger are available
For many IBM i IT departments, security is performed by an individual withmultiple responsibilities – operations, administration, programming, etc.
Security implementation “how to” is often not understood, is neglected or notmonitored due to time constraints.
Security policies/standards often do not exist. If they do, monitoring of complianceto the policy is not done or understood and deviation from the policies/standards
5© 2016 IBM Corporation
to the policy is not done or understood and deviation from the policies/standardsacross the enterprise is unknown.
Gathering of security information is time consuming andscattered in multiple places on the system. The analysisof this data or monitoring of security changes is oftendated by the time it is read.
How do you measure security? What are Key RiskIndicators (KRI) ? How do I prove due diligence tosecurity monitoring?
Compliance and Event Monitoring – Measuring Security
“If you can’t measure it, how can you improve or fix it ?”
Provide evidence that risk is being managed according to enterprise defined riskthresholds empowering Senior Management to make informed risk managementdecisions on where best to allocate resource.
REQUIREMENTS:
Centralized view of Security Compliance status across the enterprise
• No access to remote machines required• Maintain segregation of duties
6© 2016 IBM Corporation
• Maintain segregation of duties• Provide management visibility, meaningful reports that drive action
Customizable Control Tests
• Measurable Results• Ability to define Key Risk Indicators (KRI’s)• Traceability back to Security Standards and Company Policies
Dashboard Style Reporting
• Red, Yellow (Amber), Green (RAG) Metrics• ‘Clickable’ reports – to drill down to the issue• Trending – to measure improvements (hopefully) over time
Compliance Assessment and Event Monitoring Tool
“I just want to arrive in the morning, get a cup of coffee, and have a view of what systemsare in compliance and which are not.”
7© 2016 IBM Corporation
Compliance Assessment and Event Monitoring Tool
Provides “out of the box” assessment of systems for security compliance and exposures
Profile Analysis: Special Authorities / Inherited Privileges
Group Profiles / Ambiguous Profiles
Default Passwords / Password Expiration
Inactive Accounts
Administration / Configuration: System Values / Audit Control Settings
Invalid Signon attempts
*PUBLICLY Authorized Profiles
Privately Authorized Profiles
Initial Programs, Menus, and Attention Programs
Command Line Access
DDM Password Requirements
Registered Exit Points / Exit Programs
8© 2016 IBM Corporation
Invalid Signon attempts
Work Management Analysis
Service Tools (SST) Security
PTF Currency
Network Settings: Network attributes / Time Server
NetServer Configuration
TCP/IP servers / Autostart values
Digital Certificate Expiration
SNMP / SSH / SSL Configuration
Registered Exit Points / Exit Programs
Function Usage
Library Analysis / *ALLOBJ Inheritance
Customer Defined Items
Listening ports / Network Encryption
IP Datagram Forwarding
IP Source Routing
APPN Configuration (yes – for many it is still there)
Server Authentication Entries
Compliance Assessment and Event Monitoring Tool
High Level Architecture
ETL Process toLoad Data Mart onCentral System
DB2 for i Reporting Data Mart
DAILY
HISTORY
Remote systems Data Mart system
PROFILES
9© 2016 IBM Corporation
Central System
DB2 Web Query Meta Data
DAILY SUMMARY TABLECreated by the ComplianceAssessment ToolCollection Agent(One for every LPAR)
DB2 Web QueryDashboards/Reports
Compliance Assessment and Event Monitoring Tool
Data Mart Tables
DB2 for i Reporting Data Mart
10© 2016 IBM Corporation
Detailed history ofsystem security andcompliance grading
System Attributes Security Attributes Best Practice Policy / Policy Exception User Profiles
How currentis the data Iam viewing?
Logging of successor failure ofscheduled ETLprocesses withremote systems
How do I wishto filter on andview the data?
System descriptiveinformation suchas location, usage,VRM level,Template, etc.
How is Red, Yellow(Amber), andGreen defined?
User definedthresholds foraggregate securityattribute grading.
Compliance Assessment and Event Monitoring Tool – Typical Use
Demonstrating to auditors that control measures are in place
Observing and highlighting deviation from corporate security standards andpolicies
Demonstrating when observed deviations have occurred
Reporting defined security standards upon request by system or for the entireestate of systems
Quickly observing and assessing a broad range of security attributes (commonlyknown and unknown to administrators)
11© 2016 IBM Corporation
known and unknown to administrators)
Quickly looking across the corporate estate for consistency in administration
Adding customer-defined items for monitoring inventory,auditing, status, etc. with incorporated scoringmechanisms provided by the tool
Deploying fixes, enhancements or changes to individualLPARs or all LPARs for compliance or alignment withstandards
Monitoring PTF currency
Terry Ford, Team Lead Office: 1-507-253-7241
Help is always just an email or call away!
12© 2016 IBM Corporation
Terry Ford, Team LeadSenior Managing ConsultantSecurity Services DeliveryIBM Systems Lab Services
Office: 1-507-253-7241Mobile: [email protected]
3605 Highway 52 NBldg. 025-3 C113Rochester, MN 55901USA
Enterprise Dashboard- Summary of Overall System Status of all systems in the enterprise by various system attributes.- Information is based on last successful collection for each system.
Compliance Assessment and Event Monitoring Tool
14© 2016 IBM Corporation
Regional Review (Drill down to overall grading and details)
Compliance Assessment and Event Monitoring Tool
15© 2016 IBM Corporation
System DashboardKey System and data collection information- Status of last collection attempt (Success or Fail)- Key System attributes – VRM, Location, etc.- Overall and detailed system grading based upon last successful collection.
Compliance Assessment and Event Monitoring Tool
16© 2016 IBM Corporation
Cross System AnalysisHorizontal or vertical presentation of risk indicators across LPARs
Compliance Assessment and Event Monitoring Tool
17© 2016 IBM Corporation
Cross System AnalysisPTF Inventory…
Compliance Assessment and Event Monitoring Tool
18© 2016 IBM Corporation
Cross System AnalysisPTF Currency…
Compliance Assessment and Event Monitoring Tool
19© 2016 IBM Corporation
Cross System AnalysisCertificate Stores …
Compliance Assessment and Event Monitoring Tool
20© 2016 IBM Corporation
Profile AnalysisHorizontal or vertical presentation of user profiles across LPARs
Compliance Assessment and Event Monitoring Tool
22© 2016 IBM Corporation
Profile AnalysisAggregation of user profiles across LPARs
Compliance Assessment and Event Monitoring Tool
23© 2016 IBM Corporation
Profile AnalysisDrill down into user profiles as configured across LPARs
Compliance Assessment and Event Monitoring Tool
24© 2016 IBM Corporation
Event MonitoringEarly Detection of Administrative Mistakes or Malicious Activity
Compliance Assessment and Event Monitoring Tool
25© 2016 IBM Corporation
Performance and Availability AnalysisUnderstand Risk of Outage due to Performance or Availability constraints
Compliance Assessment and Event Monitoring Tool
26© 2016 IBM Corporation
Our Mission and Profile
IBM Systems Lab Services and Training
Support the IBM Systems Agenda and accelerate the adoption of newproducts and solutions
Maximize performance of our clients’ existing IBM systems
Deliver technical training, conferences, and other services tailored tomeet client needs
Team with IBM Service Providers to optimize the deployment of IBMsolutions (GTS, GBS, SWG Lab Services and our IBM BusinessPartners)
Our Competitive Advantage
Leverage relationships with the IBM development labs to build deep
Mainframe Systems
Power Systems
System Storage
IT Infrastructure Optimization
27© 2016 IBM Corporation27
Successful Worldwide History
18 years in Americas
10 years in Europe/Middle East/Africa
6 years in Asia Pacific
Leverage relationships with the IBM development labs to build deeptechnical skills and exploit the expertise of our developers
Combined expertise of Lab Services and the Training for Systemsteam
Skills can be deployed worldwide to assure client requests can be met
www.ibm.com/systems/services/[email protected]
IT Infrastructure Optimization
Data Center Services
Training Services
Leverage the skills and expertise of IBM's technical consultants toimplement projects that achieve faster business value
IBM Systems Lab Services and Training
Ensure a smooth upgrade
Improve your availability
Design for efficient virtualization
Reduce management complexity
Assess your system security
Optimize database performance
How to contact us
email us at [email protected]
Follow us at @IBMSLST
Learn more ibm.com/systems/services/labservices
28© 2016 IBM Corporation
Optimize database performance
Modernize applications for iPad
Deliver training classes & conferences
The image part with relationship ID rId14 was not found in the file.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attackson others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require othersystems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISEIMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of anykind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, norshall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the useof IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / orcapabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future productor feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countriesor both. Other company, product, or service names may be trademarks or service marks of others.