DetectIT & Axent s ESM Product Description Axent s Enterprise Security Manager (ESM) provides enterprise-wide, multi-platform management that simplifies and centralizes the administration of security. ESM manages security on multiple operating systems, applications and other platforms in the corporate enterprise. Using predefined corporate security policies, ESM facilitates the monitoring and measuring of security in the corporate enterprise. Key Features at a glance ESM for DetectIT provides a multi-platform security solution. ESM provides quick and easy analysis of security problems. ESM s management across multi-platforms eliminates the need for various account managers. ESM s addition to the DetectIT modules expands the scope of the security management solution to include security integration on the AS/400. Key Features in detail 1) ESM for DetectIT provides a multi-platform security solution. DetectIT s modular design parallels ESM and allows for a powerful integration with ESM for an enterprise solution across multiple platforms including Unix NT, NetWare and manageable from a single enterprise console. Data from DetectIT on the AS/400s is transferred over TCP/IP to an ESM agent running on one of RS/6000 AIX, Sun Solaris or Windows NT. That data is then integrated with all of the ESM security data. Using the ESM console, security checks can be enabled or disabled. Security access including failed authentications and the action to perform, job timeouts, auditing control and levels can all be monitored from a single console. 2) ESM provides quick and easy analysis of security problems. Built with an easy to use GUI that allows the administrator to graphically see where the security issues reside and then to "drill down" on the security concerns merely by clicking in an area of concern. By clicking on an area of the graph which represents the systems, the administrator can drill down to the individual servers, to the modules (such as account integrity) and then down to the individual error on the server.
3) ESM s management across multi-platforms eliminates the need for various account managers. ESM's powerful functionality enables administrators to manage the enterprise without having privileged accounts on any of the servers or applications being managed. 4) ESM s addition to the DetectIT modules expands the scope of the security management solution to include security integration on the AS/400. DetectIT provides comprehensive security management of the AS/400. Modules are provided to manage user access, applications, object integrity, networks, libraries and auditing. DetectIT provides a layer of protection around live data and then reports on any unauthorized access to that data. Technical Specifications The comprehensive security management solution of ESM provides more than 800 security checks for all leading enterprise computing platforms and now includes the AS/400. This is a listing of the security checks available on the AS/400 using DetectIT and ESM. Profile Integrity No such group Non existent initial program Profile is disabled Never logged in Duplicate uid or gid User profile has *ALLOBJ authority Group profile has *ALLOBJ authority New user/deleted/changed profile New group/deleted/changed profile Profile is active on backup machine No backup machine defined for profile Special authority User has authority to PWRDWNSYS command System Security Allow object restore User domain user objects Auditing control Security auditing level Auditing end action Force auditing data Create default public authority Create object auditing Inactive job time-out Inactive job message queue Limit device sessions
Limit security officer device access Action for failed signon attempts Maximum sign-on attempts allowed System security level System Control Autoconfigure devices Autoconfigure of remote controllers Automatic system disabled reporting Autoconfigure virtual devices Communications recovery limits Controlling subsystem Database recovery wait indicator Device I/O error action Time interval before disconnected jobs end Force conversion on restore Type of IPL to perform Performance adjustment Maximum time for PWRDWNSYS *IMMED Automatic IPL after power restored Remote power on and IPL Remote service attribute IPL action with console problem Special environment Startup program Server authentication interval Uninterruptible power supply delay time Uninterruptible power supply message queue Maximum history log records Software error logging System part of library list User part of library list System Storage Base storage pool activity level Base storage pool minimum size Maximum activity level of system Machine storage pool size File Access Files accessible by users Files not accessible by users File auditing is enabled File auditing is disabled
Program Find Program adopts owner profile New program adopts owner profile Program no longer adopts owner profile Program adopting owner profile not found Program has default owner Sensitive commands :- STRDFU, STRSEU, STRSQL, RUNRMTCMD etc Authority to sensitive commands for any user Network Utilities Remote user signon without password Client access is enabled / disabled DDM control is enabled / disabled Network job action System distribution directory Signon Parameters Failed signon attempt Inactive profile Cannot signon Signon restrictions No signon restrictions No password Password expired Password last change Password warnings Group profile has signon password Display signon information Password Strength Guessed user password No password No minimum password length Using default minimum length Minimum password length Reusable password count Password expiration Require unique password Password same as profile name Password expiry interval Maximum password length Password validation program Restricted characters Restrict consecutive digits Restrict repeated characters
Character position difference Require numeric character File Attributes Files attributes have changed Different file ownership Job and Output Queues Non-existent job queue Output queue is not secure Non-existent output queue Device Integrity New, deleted or changed device Backup Integrity Library or object not backed up Non-existent object or library ESM for DetectIT Requirements Hardware AS/400 running OS/400 V3R1 or above. (TCP/IP) either: - RS/6000 running AIX V4.2 or Above OR Sun SPARC running SOLARIS V2.5.1 or above OR Windows NT(Server/Workstation) running Windows NT V4.0 or above with NTFS Software DetectIT/AUD R8.5 or above for AS/400 ESM 4.5 or above Description DetectIT is the AS/400 security software that can provide security data to ESM. The DetectIT/ESM interface is included in the DetectIT-AUD module.