Key Considerations for Vulnerability Management: Audit and Compliance



Similar documents
How To Manage A System Vulnerability Management Program

System Security Policy Management: Advanced Audit Tasks

Release Notes. Audit Integration Component 6.1. Notice. September 13, 2006

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Nine Steps to FISMA Compliance

IBM Tivoli Endpoint Manager for Lifecycle Management

IBM Tivoli Endpoint Manager for Security and Compliance

WHITE PAPER. Altiris Recovery Products for DELL Customers. Produced By Product Management Altiris. August 6, 2003.

ALTIRIS Patch Management Solution 6.2 for Windows Help

Altiris Managed Virtualization. Standardized Configuration Management for Virtual Physical Environments. White Paper

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Altiris IT Management Suite 7.1 from Symantec

ALTIRIS Deployment Solution 6.8 PXE Overview

IBM Tivoli Endpoint Manager for Lifecycle Management

SapphireIMS Business Service Monitoring Feature Specification

IBM Tivoli Endpoint Manager for Security and Compliance

How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006

ALTIRIS CONNECTOR 6.0 FOR ACTIVE DIRECTORY HELP

How To Manage Your Computer With Zenworks 10 Configuration Management

IBM Endpoint Manager for Lifecycle Management

SapphireIMS 4.0 Asset Management Feature Specification

Lumension Endpoint Management and Security Suite

How To Use Ibm Tivoli Monitoring Software

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Symantec IT Management Suite 7.5 powered by Altiris

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Symantec Server Management Suite 7.6 powered by Altiris technology

IBM Endpoint Manager for Server Automation

SapphireIMS 4.0 BSM Feature Specification

Kaseya IT Automation Framework

Automated Server Provisioning Benefits and Practices

Altiris Server Management Suite 7.1 from Symantec

ALTIRIS Integrated Component for Microsoft Active Directory 6.1 Help

More enhanced features.

Altiris IT Management Suite 7.1 from Symantec

Delivering Security & Compliance On Demand

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time

BMC BladeLogic Client Automation Installation Guide

GFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner

GFI Product Comparison. GFI LanGuard 2011 vs Microsoft Baseline Security Analyzer 2.2

Unicenter Asset Intelligence r11

Complete Patch Management

Patch Management SoftwareTechnical Specs

VMware vcenter Update Manager Administration Guide

RES ONE Automation 2015 Task Overview

Dynamic Data Center Compliance with Tripwire and Microsoft

The Power to Take Control of Software Assets

Asset. Unicenter Management r11

How To Use An Inventory And License Management Tool In A Microsoft Inventory Program

Sun ONE Identity Server Web Policy Agents Release Notes

Managing UNIX and Linux Platforms in a Windows World

Data Sheet: Storage Management Veritas CommandCentral Storage 5.1 Centralized visibility and control across heterogeneous storage environments

IBM Tivoli Monitoring for Databases

24x7 Scheduler Multi-platform Edition 5.2

Eliminating XP from the environment by the end of organizations to cost-effectively plan, manage and support PC change initiatives.

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

IBM WebSphere MQ File Transfer Edition, Version 7.0

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

VMware vcenter Update Manager Administration Guide

Data Sheet: Disaster Recovery Veritas Volume Replicator by Symantec Data replication for disaster recovery

ALTIRIS Notification Connector Configuration Guide

IBM Maximo Asset Management Essentials

How To Monitor Your Entire It Environment

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot

IBM Endpoint Manager for Mobile Devices

Introducing FUJITSU Software Systemwalker Centric Manager V15.1.1

SOSFTP Managed File Transfer

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

IBM Maximo Asset Management for IT

SUMMIT ASSET MANAGEMENT DATASHEET

This brochure has been created using Acrobat PDF format from Adobe Systems Incorporated. All Rights Reserved. Copyright 2009, Hitachi, Ltd.

Complete Patch Management

The Altiris CMDB BECAUSE YOU HAVE A BUSINESS TO RUN, NOT JUST AN OPERATING SYSTEM

Total Protection for Compliance: Unified IT Policy Auditing

Enforcive /Cross-Platform Audit

Vector Asset Management User Manual

IBM Tivoli Directory Integrator

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Altiris Consulting. Disaster Recovery Checklist. NS and SQL

IBM Tivoli Netcool/Impact

ManageEngine Desktop Central Training

Red Hat Enterprise Linux and management bundle for HP BladeSystem TM

ALTIRIS PARTNERING WITH DELL FOR SERVER UPDATE MANAGEMENT

Introduction to the HP Server Automation system security architecture

Desktop Management. IT Compliance

Goverlan Remote Control

Resolving the Top Three Patch Management Challenges

GFI Product Manual. Deployment Guide

Product Life Cycle Management

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

IBM Tivoli Compliance Insight Manager

HP Server Automation Standard

Guardium Change Auditing System (CAS)

8 Key Requirements of an IT Governance, Risk and Compliance Solution

data express DATA SHEET OVERVIEW

Veritas Cluster Server by Symantec

Transcription:

Key Considerations for Vulnerability Management: Audit and Compliance October 5, 2005 2005 Altiris Inc. All rights reserved.

ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that allows IT organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogeneous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate via a common Web-based console and repository. For more information, visit www.altiris.com. NOTICE The content in this document represents the current view of Altiris as of the date of publication. Because Altiris responds continually to changing market conditions, this document should not be interpreted as a commitment on the part of Altiris. Altiris cannot guarantee the accuracy of any information presented after the date of publication. Copyright 2004, Altiris, Inc. All rights reserved. Altiris, Inc. 588 West 400 South Lindon, UT 84042 Phone: (801) 226-8500 Fax: (801) 226-8506 BootWorks U.S. Patent No. 5,764,593. RapiDeploy U.S. Patent No. 6,144,992. Altiris, BootWorks, Inventory Solution, PC Transplant, RapiDeploy, and RapidInstall are registered trademarks of Altiris, Inc. in the United States. Carbon Copy is a registered trademark licensed to Altiris, Inc. in the United States and a registered trademark of Altiris, Inc. in other countries. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other brands and names are the property of their respective owners. Information in this document is subject to change without notice. For the latest documentation, visit www.altiris.com. www.altiris.com

CONTENTS Considerations... 1 Consideration: Mix and match agent-based and agentless auditing technology on all desktops and servers for Windows, UNIX, and Linux to meet the needs of your environment, including remote sites 1 The best auditing solution matches the needs of your environment 1 Agent-based auditing technology is appropriate under certain circumstances 1 Agentless auditing technology requires no work and eliminates risk 1 Distributed proxies are necessary for remote and lowbandwidth sites 2 Consideration: Bandwidth utilization 2 Consideration: Customizable and flexible system security policies 2 Consideration: Industry regulations 3 Consideration: Patch management 3 Consideration: Multi-platform: Windows, UNIX, and Linux 4 Consideration: Software identification 4 Consideration: Hardware identification 4 Consideration: Reporting 4 Consideration: Price 5 Console pricing 5 UNIX vs. Windows pricing 5 Audit and Compliance Functionality... 6 www.altiris.com

www.altiris.com

CONSIDERATIONS Consideration: Mix and match agent-based and agentless auditing technology on all desktops and servers for Windows, UNIX, and Linux to meet the needs of your environment, including remote sites The best auditing solution matches the needs of your environment Agent-based and agentless auditing solutions both have their merits, and a system that fully supports both methods in a flexible, mix and match fashion will provide the best solution for a seamless integration into your current architecture. Agent-based auditing technology is appropriate under certain circumstances An agent-based approach is acceptable when there are a number of systems centrally located and highly secure, which is often the case with servers and machines that may be in a highly secured lock down state where all agentless communication protocols (such as Windows Networking and SSH) are shut off or when administrative credentials may not be shared. In addition, an agent-based solution should not require administrative credentials and should integrate with existing corporate directories to manage users and the level of auditing rights they have, and for which systems. Agent-based auditing solutions should offer three classes of users who are provided with the following audit capabilities: Limited audit with no scripts or executables Audit-only (no remediation) Audit and remediation Furthermore, agents should be available for every supported platform and should provide the means to be easily upgraded when new versions are available, with minimal management. Agentless auditing technology requires no work and eliminates risk Agentless technology allows an organization to audit, assess and comply with a system security policy for all systems (desktops and servers) in the network without the use of an agent on each system. Agentless technology uses the inherent facilities of the operating system. These facilities are part of the operating system and therefore no additional software needs to be added to the system, thereby reducing work and risk. To ensure that an audit and compliance solution is truly agentless, it should be agentless for all of the following: Auditing against system security policies Applying system security settings Auditing for OS and application patches www.altiris.com Key Considerations for Vulnerability Management: Audit and Compliance > 1

Applying OS and application patches Auditing software inventory for security purposes Auditing hardware inventory for security purposes Querying against all systems Uninstalling software Disabling hardware Distributed proxies are necessary for remote and low-bandwidth sites Auditing solutions should also offer a distributed proxy that will enable system security functionality on the far side of firewalls at remote sites. Distributed proxies provide value when firewalls block the traditional communication protocols that agentless technology employs. The best audit and compliance solution offers agentless technology for all systems, a distributed proxy for remote sites (if required), an agent for systems that may exist in a highly secured locked down state, and a mix and match of these approaches. Consideration: Bandwidth utilization When deploying software within your network, it is important to understand the bandwidth utilization and the impact it may have on your network. An audit and compliance solution should provide the ability to throttle the bandwidth to user-defined limits. It must be possible to specify the bandwidth limits for the central console as well as for the remote sites (for example, WAN) and other low-bandwidth connected systems using a distributed proxy. Consideration: Customizable and flexible system security policies Every organization is unique. For audit and compliance, most start with a baseline best practices policy such as the Microsoft Security White Paper, SANS (SysAdmin, Audit, Network, Security) Step-by-Step, National Security Agency (NSA), National Institute of Standards and Technology (NIST), and others. However, each policy must be studied to determine exactly which system settings are both pertinent and applicable to a particular environment. Therefore, having an audit and compliance solution that allows for flexibility and customizability is key to both auditing and compliance success. Key customizable requirements include the ability to: Create expressions-based rules for intelligent actions Delete rules from best practices system security policies Edit values/settings from best practices system security policies 2 < Key Considerations for Vulnerability Management: Audit and Compliance www.altiris.com

Create new rules unique to particular systems Write queries against systems Launch scripts and programs as a part of the entire solution It is critical that an audit and compliance solution be able to both audit a system at any level of comprehensiveness, as well as fix a system at any level of comprehensiveness. The most powerful solutions allow you to create customized policies at a granular level and be able to both audit and remediate at that same level. Consideration: Industry regulations There are many governmental regulations in place that organizations must pay attention to such as Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), FDA 21 CFR Part 11, and many others. All of these regulations are guidelines and do not specify individual system settings or solutions required for compliance. However, they do recommend that a best practices system security policy be applied. Therefore, an audit and compliance solution should offer industry best practices system security policies such as Microsoft, SANS, NSA, NIST, Dept of the Navy, and so on in order to comply with governmental regulations. A five step process is required for audit and compliance with industry regulations: 1. Choose a best practices system security policy and edit as needed. 2. Document the reasons for that choice. 3. Audit and report on all systems. 4. Remediate instances of non-compliance. 5. Document instances where remediation was not performed. Consideration: Patch management Many security issues revolve around maintaining proper system settings, and industry best practices system security policies are designed to address this. However, a secondary security risk revolves around staying current with key patches. An audit and compliance solution must address both risks. It must audit and bring all systems into compliance with the system security policy, and it must also audit for all patches that are not up to-date, allowing for automatic patch application. Most companies audit against up-to-date patches, then perform an extensive lab test of all patches considered for application, and finally apply the approved patches to all systems. www.altiris.com Key Considerations for Vulnerability Management: Audit and Compliance > 3

Consideration: Multi-platform: Windows, UNIX, and Linux Most companies have a mixture of Windows XP, Windows NT, Windows 2000, Windows 2003, Solaris, Linux, AIX, and HP-UX. An audit and compliance solution must support the operating systems in an organization. Consideration: Software identification System settings and up-to-date patches solve a large percentage of system security problems, but other open doors still exist. Users could have rogue versions of software that open up file shares and back doors (such as Kazaa). An audit and compliance solution should identify all software that presents security risks on desktops and should offer the option of automatic deletion. This functionality also can be used for identifying software not authorized by the organization, such as Instant Messaging programs (Yahoo, MSN, AOL, and so on). The identification of services running on the system such as FTP, SNMP and others is as important as the identification of software applications. These services often expose vulnerabilities. Consideration: Hardware identification Unauthorized hardware on Windows desktops can create open communication paths to systems. One example is an unauthorized modem on a user s system, or a modem with auto-answer turned on. An audit and compliance solution should identify all unauthorized hardware devices that present security risks. It should also be capable of not only locating the hardware, but also disabling or turning key features off. Consideration: Reporting Management needs to know the level of compliance and risk assessment of system settings against the system security policy, patch levels, rogue or unlicensed software, as well as unauthorized hardware. The reports need to show individual systems as well as trending and summary analysis for the consolidation of all systems. The reports also need to be able to provide a meaningful single measure of audit compliance status. An audit and compliance solution should offer standard key reporting templates. The system should also support ODBC, thereby allowing all data to be stored in an organization s central database such as Microsoft SQL Server, Oracle, IBM DB2, or any other ODBC-compliant database. ODBC support allows for standardized corporate reporting and correlation with other security data. 4 < Key Considerations for Vulnerability Management: Audit and Compliance www.altiris.com

Consideration: Price All IT budgets are tightly managed and price matters as much as functionality. Many solutions address only system settings or only patching. Even though separate groups within IT may be responsible for each, there is no need to pay two license fees per system. An audit and compliance solution with a single low license fee that addresses both system settings and patches, with no charge for the central console, can be used by multiple groups and therefore is the most cost effective solution. Console pricing In all audit and compliance solutions, the central console may be used by multiple system administrators, internal and external auditors, security staff, and others. Therefore, the price per central console can function as a hidden cost since it could be multiplied many times by many IT users. The most cost-effective audit and compliance solutions do not require an additional fee for the central console. UNIX vs. Windows pricing Some audit and compliance solutions are higher priced for UNIX than Windows. Be sure to ask the price of a Windows desktop versus a UNIX desktop and a Windows sever versus a UNIX server. Obtaining pricing for Windows only could result in a surprise when the final quote includes UNIX at a higher price per system. www.altiris.com Key Considerations for Vulnerability Management: Audit and Compliance > 5

AUDIT AND COMPLIANCE FUNCTIONALITY Audit and compliance solution functionality WINDOWS Does Altiris SecurityExpressions do this? Can Altiris SecurityExpressions do this agentlessly as well as via an agent? Auditing of system security policy settings Compliance with system security policy for system settings Auditing of patches (Microsoft hotfixes) for operating systems and applications Application of patches (Microsoft hotfixes) for operating systems and applications Auditing of software that presents system security risks Auditing of services that present system security risks Auditing of unauthorized hardware that presents system security risks Uninstall or disable software that presents system security risks Disable hardware that presents system security risks Query systems for property lists UNIX Auditing of system security policy settings Compliance with system security policy for system settings Auditing of patches 6 < Key Considerations for Vulnerability Management: Audit and Compliance www.altiris.com

Audit and compliance solution functionality UNIX Does Altiris SecurityExpressions do this? Can Altiris SecurityExpressions do this agentlessly as well as via an agent? Application of patches Auditing of software that presents system security risks Auditing of services that present system security risks SYSTEM SECURITY POLICY Easy management of audit tasks with scheduling and flexible notification Set bandwidth utilization limits for central console Set bandwidth utilization limits for distributed proxy Highly customizable to exact requirements Microsoft Security White Paper SANS (SysAdmin, Audit, Network, Security) Step-by-Step National Security Agency (NSA) Guidelines National Institute of Standards and Technology (NIST) Department of the Navy Best practices system security policies to meet industry regulations www.altiris.com Key Considerations for Vulnerability Management: Audit and Compliance > 7

Audit and compliance solution functionality MULTI-PLATFORM Does Altiris SecurityExpressions do this? Can Altiris SecurityExpressions do this agentlessly as well as via an agent? Microsoft Windows XP Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows 2003 Sun Solaris Red Hat Linux IBM AIX HP-UX REPORTING Includes Crystal reporting engine Includes standardized trend and summary reports ODBC to any ODBC compliant database (SQL, Oracle, DB2, etc.) Export reports to PDF, Word, Excel, HTML, etc. for management reporting Single measurement of audit compliance status 8 < Key Considerations for Vulnerability Management: Audit and Compliance www.altiris.com

Audit and compliance solution functionality PRICING Does Altiris SecurityExpressions do this? Can Altiris SecurityExpressions do this agentlessly as well as via an agent? License fee per Windows desktop Contact Altiris License fee per Windows server Contact Altiris License fee per UNIX server Same as Windows License fee per central administrators console No charge www.altiris.com Key Considerations for Vulnerability Management: Audit and Compliance > 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information