Log Audit Ensuring Behavior Compliance Secoway elog System



Similar documents
Secospace elog. Secospace elog

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Quidway SVN3000 Security Access Gateway

United Security Technology White Paper

IPS Anti-Virus Configuration Example

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Eudemon8000E Anti-DDoS SPU

mbits Network Operations Centrec

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

CISCO IOS NETWORK SECURITY (IINS)

Network Instruments white paper

SonicWALL PCI 1.1 Implementation Guide

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

HP IMC Firewall Manager

How To Create A Network Access Control (Nac) Solution

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

H.I.P.A.A. Compliance Made Easy Products and Services

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

USG6600 Next-Generation Firewall

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SapphireIMS 4.0 BSM Feature Specification

INTRUSION DETECTION SYSTEMS and Network Security

USG6300 Next-Generation Firewall

Server application Client application Quick remote support application. Server application

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

Move over, TMG! Replacing TMG with Sophos UTM

Huawei Eudemon200E-N Next-Generation Firewall

HP A-IMC Firewall Manager

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Software. Quidview 56 CAMS 57. XLog NTAS 58

PROFESSIONAL SECURITY SYSTEMS

Huawei Network Edge Security Solution

SonicWALL Unified Threat Management. Alvin Mann April 2009

Integrate Check Point Firewall

USM IT Security Council Guide for Security Event Logging. Version 1.1

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

74% 96 Action Items. Compliance

Cisco IOS Advanced Firewall

Chapter 11 Cloud Application Development

BEYOND LIMITATIONS CONNECTING POSSIBILITIES

SapphireIMS Business Service Monitoring Feature Specification

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Architecture Overview

IBM. Vulnerability scanning and best practices

Network- vs. Host-based Intrusion Detection

Huawei Agile WAN Solution

FIREWALLS & CBAC. philip.heimer@hh.se

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Trademark Notice. General Disclaimer

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

funkwerk packetalarm NG IDS/IPS Systems

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Huawei One Net Campus Network Solution

SolarWinds Certified Professional. Exam Preparation Guide

Symantec Security Information Manager 4.8 Release Notes

Unified network traffic monitoring for physical and VMware environments

Firewall Architectures of E-Commerce

Huawei esight Brief Product Brochure

Huawei Business Continuity and Disaster Recovery Solution

On-Premises DDoS Mitigation for the Enterprise

Deploying ACLs to Manage Network Security

Gateway Security at Stateful Inspection/Application Proxy

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Achieving PCI-Compliance through Cyberoam

Lab Configure IOS Firewall IDS

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Intrusion Detection Systems (IDS)

Firewalls, IDS and IPS

Firewalls. Chapter 3

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Integrating Juniper Netscreen (ScreenOS)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

EISOO AnyBackup 5.1. Detailed Features

Configuration Information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

HUAWEI 9000 HD Video Endpoint V100R011. Security Maintenance. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

Cyberoam Perspective BFSI Security Guidelines. Overview

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Automate your IT Security Services

Enforcive /Cross-Platform Audit

Business Protection Services OUR TECHNOLOGY & DELIVERABLES

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Security Technology: Firewalls and VPNs

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Guideline on Auditing and Log Management

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Transcription:

As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS, VPN, DPI, and AV devices), and network devices (routers, switches, and access devices) expand continuously. It is urgent to set up a comprehensive and unified log management system for managing all logs covering the network layer, system layer, and application layer. Security incidents appear one after another on hosts, databases, and Web servers, such as backdoor Trojan horses, SQL injections, Web tampering, and internal data tampering. How to detect and tackle the security incidents? How to investigate the incidents and collect evidence? To help organizations address these concerns, Huawei Technologies Co., Ltd. (Huawei for short) launches a comprehensive log management and security audit system, namely, Secoway elog. Footmark Record Session Log Management The elog system collects, parses, and stores session logs (NAT logs) generated by firewalls, routers, and switches. It accurately traces the NAT process to provide evidence for investigation. Behavior Exposure Network Behavior Audit and Management The Secoway elog system collects live statistics and displays reports on various traffic such as basic traffic, application-specific traffic, interface-specific traffic, and P2P traffic. The Secoway elog system provides reports also on UTM features such as IPS, mail filtering, AV, URL filtering, and IM monitoring and blocking. User Behavior Audit and Management The Secoway elog system analyzes the bypass probe device on application-layer protocols such as FTP, Telnet, and HTTP. According to analysis results, the Secoway elog system monitors high-risk operations and alerts administrators to take immediate actions against suspicious behaviors. The Secoway elog system audits operations for the DB2, Oracle, Informix, Sybase, and SQL server databases to provide visibility into current database operations and ensure data security. Centralized Management Unified Log Management Platform The Secoway elog system logs the following devices: Huawei s security devices, routers, switches, and BRAS devices. Other vendors security and network devices. Hosts, databases, and Web servers. Standard syslog devices. The Secoway elog system collects, categorizes, and stores all logs in a reliable and large-capacity disk array. HUAWEI TECHNOLOGIES CO., LTD.

Intelligent Security User-centric Alarm Management The administrator can configure alarm policies if desired. The Secoway elog system automatically informs the administrator in different ways when an event matches alarm policies. The administrator can learn live alarm statistics on the entire network or a specific device to gain visibility into the network security posture. Flexible Network Deployment Its distributed architecture allows the Secoway elog system to smoothly upgraded from the centralized mode to the distributed mode without affecting the current network structure. High Security and Reliability The Secoway elog system has the following reliability features: Supports HTTPS access to ensure data security. Uses the buffer mechanism to avoid data loss in the case of network failures. Provides highly reliable storage and management of massive logs, covering log compression, log backup to tape drives, and quick disaster recovery. Application Scenarios Collecting Evidence NAT/PAT Tracing Enterprise, Hotel, Home, Public Place NAT Secoway elog Binary log Eudemon BRAS NE40/80 Gateway Due to limited IP, for most enterprises, the gateway is used to perform NAT or PAT. Security events often occur on the internal or external network through the gateway. Thus, evidence can be colleted by recording NAT or PAT information.

Behavior Control Virus intrusion and spreading External intrusion attacks Secoway elog log Eudemon Enterprise DB FTP, Telnet, and HTTP access FTP/TeInet Probe log IM software such as MSN, Yahoo File sharing such as the email, FTP P2P software that are used to watch films or surfing online, play games, or visit entertainment sites The Eudemon logs the virus and attack events and attempts to visit prohibited Web sites or use prohibited applications such as P2P. The elog system can collect the loge, alert the administrators, and provide reports. The bypass probe device can analyze the mirrored traffic and log the operations made to databases, operating systems, or other resources through FTP, Telnet, and HTTP. The elog system collects the logs and can intuitively display the statistics. Global Log Management External network Secoway elog Iog Firewall and UTM Enterprise Lack of the unified log management center Little knowledge of attack defense status Difficulty in assessing the effects of security devices Web server OS Database Switch Router VPN BRAS IDS and IPS DPI Massive logs are not analyzed High-speed and massive flow logs cannot be managed Limited types of reports Through customization-based development, the logs of all devices, databases, servers, and hosts are analyzed and managed for data protection. Logs are audited based on the preset security policies and alarm policies. Law compliance requirements such as Ministry of Public Security Decree No. 82 and SOX are met.

Product Specifications Feature Function Description Log management Audit event management Log audit Behavior log analysis Firewall log analysis Firewall UTM analysis Log collection Log categorization and storage Log search Policy association Session association Regulatory compliance report Log search and analysis Log analysis Traffic report Log report IPS The Secoway elog system can collect logs in a complex network environment such as dual-system hot backup of the Eudemon firewalls. It collects the logs of various devices in syslog, SNMP trap, OPSEC, FTP/SFTP, WMI, and JDBC modes without using any agents. The Secoway elog system: Categorizes logs by content. Logs can also be divided into online logs, dump logs, and backup logs by storage time. Encrypts and performs integrity check on log files. The Secoway elog system: Provides device-specific search conditions and displays the results. Supports background search. Search conditions can be saved in a template for future use. Exports search results into.txt,.cvs, or.xls files to facilitate distribution and offline viewing. The Secoway elog system supports user-defined audit policies and alarm methods. The Secoway elog system associates user operations. Specifically, it associates the operations performed between the logins and logouts of a user as a session. The Secoway elog system provides diversified reports on user access, user logins and logouts, login failures, administrative operations, password change and expiration, audit policy change, and directory access. The Secoway elog system supports the ability to search for logs by protocol, time range, source IP address segment, destination IP address segment, user name, operation type, operation object, or keyword, and generates search reports. Firewall logs can be searched for by time range, log level, log type, or keyword. The Secoway elog system provides the refined search for various logs such as NAT logs. The Secoway elog system can generate reports on the following traffic: Live traffic Basic traffic Application-specific traffic Interface-specific traffic P2P traffic P2P CLASS traffic P2P user traffic rankings The Secoway elog system can generate the following log reports: Log trend Attack defense Packet filtering ACL triggering rule rankings Packet filtering protocol rankings Content filtering destination IP address rankings Content filtering source IP address rankings The Secoway elog system can generate the following IPS reports: Attack behavior rankings Attack event rankings Attack event trends and attack event rankings You can search for intrusion prevention details by device, time, alarm level, protocol, operation, source IP address, or keyword.

Feature Function Description SIG log analysis Alarm management System management Mail filtering IM monitoring AV URL filtering Real-time monitoring of resource usage SIG log analysis Alarm responding and monitoring Alarm search Alarm report Device management User right management Syslog System information monitoring The Secoway elog system can generate the following mail filtering reports: Rankings of source IP addresses that send most emails Email quantity trends You can search for email audit logs by device, time, filtering type, email protocol, destination IP address, source IP address, or keyword. The Secoway elog system can generate reports and logs on the use of the IM software. The Secoway elog system can generate the following AV reports: Ranking of the most frequently detected viruses Ranking of the most infected file types Anti-virus breakdowns Reports showing users who have sent files infected with viruses Reports showing virus distribution periods The Secoway elog system can generate the following URL filtering reports: Rankings of the source IP addresses that send most Web site requests Rankings of the most frequently visited sites Rankings of the most frequently visited Web URLs Web visit quantity trends You can monitor the current CPU, memory, and disk space usage of the SIG back-end servers. You can view the logs of the SIG resource usage and the following reports on the SIG back-end server: CPU usage reports Memory usage reports Disk usage reports The Secoway elog system can alert administrators by email, text message (a GSM modem is required), sound and light (an alarm box is required), sound (an audible box is required), or related programs. You can use the console to monitor current alarms by device, alarm level, or alarm type. You can search for alarms by device, time range, alarm level, alarm type, or keyword. The search results are available in.txt,.cvs, or.xls files. You can view the following alarm analysis reports: Alarm quantity trend analysis Device alarm quantity rankings The Secoway elog system manages up to 1000 devices and supports device import and export in batches. The Secoway elog system defines three roles, namely, administrator, operator, and auditor. The administrators can define operators and allocate them the rights of managing different devices. The Secoway elog system automatically records device failures and major status changes, so that the administrator can learn about the operating status of each device. The administrator can: View the license status. View current information on the key resources (CPU, memory, disk space, and current log amount). Monitor all user sessions and log users off.

Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-110019999-20110805-C-1.0 www.huawei.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information