www.novell.com

NetVision’s PolicyManagement Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization

NetVision’s PolicyManagement Suite: Security for eDirectory™, the NetWare® File System, Auditing, Enforcement, and Synchronization

Jim AllredVice President of MarketingNetVision, Inc.jallred@netvision.com

Todd LawsonPresident and CTONetVision, Inc.tlawson@netvision.com

Novell Security Solutions Partner

• NetVision’s Policy Management Suite—security for Novell eDirectory™, NetWare® OS/file system

Real-time monitoring, auditing and enforcement Automate policy enforcement Detect security breaches in real-time Trigger action to reverse the change, disable

the user account, and stop the perpetrator Automate the granting and revoking of access

rights

Novell Security Solutions Partner (cont.)

• NetVision has a seven-year history of delivering solutions in Directory Management/Integration and Security

Currently serves over 500 customers from Fortune 1000 to government and education

NetVision recognized early on that security solutions are not secure at all unless they are directory-based and directory-enabled

Focus on the authentication and authorization heart of the enterprise—the directory—to safeguard digital assets

Benefits of NetVision’s Policy Management Suite

• Eliminates gaps in traditional Intrusion Detection System (IDS)

• Leverages the directory to centralize and streamline management of enterprise security

• Delivers real-time monitoring, real-time reporting, and proactive security policy enforcement

Benefits of NetVision’s Policy Management Suite (cont.)

• A turnkey solution which is non-intrusive, easy to implement, and cost effective

• Addresses core needs right out of the box and is fully customizable and extensible

• By filtering out non-critical events or activities, it produces real-time auditing that doesn’t overload network traffic

Benefits of NetVision’s Policy Management Suite (cont.)

• Fortifies authentication and authorization through password strengthening and password synchronization across diverse platforms and systems

• Automates granting and revoking of access privileges and resources (provisioning)

• Lowers cost of security management through automated policy enforcement

Directory-Enabled Intrusion Detection

• FBI/CSI 2000 Computer Crime & Security Survey showed 90% of survey respondents had security breaches in last 12 months, even though 40% of them had IDS systems in place

• 70% had experienced network security breaches that led to theft of confidential information, financial fraud, or sabotage

90 70

10

40

0

20

40

60

80

100

All Breaches Damaging Breaches No Breaches IDS Systems

Three-Tiered Intrusion Detection—Host-Based IDS

• Collect and analyze system logs and events originating on host computers like web servers or application servers

• Watch for known security violations that take place

• Focus on internal attacks, which still make up over half of business networks’ security breaches

Host-based IDS

Network-based Network-based IDSIDS

Directory-basedDirectory-basedIDSIDS

Three-Tiered Intrusion Detection—Network-Based IDS

• Analyze data packets that travel across the network and compare them to known attack signatures

• Detect attempted security breaches that originate outside the firewall

• Two-tiered approach (host and network) has been viewed as solid, but both solution classes have inherent weaknesses

Host-based Host-based IDSIDS

Network-based Network-based IDSIDS

Directory-basedDirectory-basedIDSIDS

Three-Tiered Intrusion Detection—Directory-Based IDS

• Burton Group indicates: OS resource managers (host-

based solutions) can’t impose enterprise-wide policies over resources

Perimeter products (network base solutions) have no concept of user identities, permissions, or profiles

These gaps have created the demand for a new breed or additional layer in IDS

Host-based Host-based IDSIDS

Network-based Network-based IDSIDS

Directory-basedDirectory-basedIDSIDS

The Directory-Enabled Control Layer

• The need for a third IDS level: “Unlike the OS resource manager, the Control

Layer can implement centrally defined security policies in a consistent manner across multiple platforms. Unlike the perimeter layer, the Control Layer is aware of user identities, user roles and privileges, and fine-grained application functions.”

The Burton Group Network Strategy Report:

Directory Landscape 2002

The Directory-Enabled Control Layer

• The need for a third IDS level—the directory-enabled control layer

Directory-based IDS solutions allow centrally defined security policies that are aware of user identities, roles, and privileges

NetVision leads the charge in the new IDS security layer-delivers the first directory enabled IDS solution with the NetVision Policy Management Suite

SANS Institute on IDS Solutions

“The intrusion detection community will continue to move away from the simple signature-based systems that are so prevalent. Rule-and profile-base intrusion detection will start to become more dominant”

Eugene Schultz, SANS NewsBites January 2002

Secure Audit Trail Technology

• Policy Management Suite securely automates the routine collection of audit data

• Tracks and reports directory, data, and server activity

• Tells who instigated the actions, what the actions were, when the actions occurred, and where the actions took place

• Filtering and reporting occurs in real-time; does not tax network resources with burden of large log files and constant polling

Secure Audit Trail Technology (cont.)

• Secure Audit Trail technology produces filtered events

Some solutions yield an unwieldy amount of excess data and logs, creating a disincentive to do auditing

NetVision’s solution restricts reporting to information that is pertinent to specific security concerns

Delivers only critical event data—a manageable amount to review and securely store

Secure Audit Trail Technology (cont.)

• Variety of reporting methods Ensures that security information remains secure Can be encrypted and sent to an ODBC database Can be sent to a secure web site Audit logs can be sent to and stored on any LDIF

directory Reports and alerts can be sent via e-mail or pager to

security managers Audit data can be captured in SNMP traps for secure

integration with other network management systems

Authorization and Provisioning

• Automates and streamlines the provisioning of new hires and the revocation of network access rights as part of the termination process

• Manages the entire life cycle of user/group management by:

Updating users new rights and revoking previous rights when moving user from one group to another

When account is added to or removed from a particular group, rights can be automatically granted or revoked from all other applicable groups

Authorization and Provisioning (cont.)

• Account additions, modifications, deletions (rights, access) in one system (directory) are automatically updated in other applicable systems (directories)

• Performs true cross-platform (bi-directional) synchronization across:

eDirectory, Active Directory, NT, iPlanet, Exchange, Notes, GroupWise®

• Provides automated Provisioning right out of the box• Open architecture can be extended to additional

systems

Password Synchronization

• Simplifies users access to multiple platforms and systems

• Eliminates multiple authentication points• Decreases user inconvenience and help desk

requirements• Increases security by eliminating multiple

passwords and user names• Flexible naming rules resolve differing user names

a user might have on different systems (John_doe and jdoe)

Password Management

• Automates enforcement of password policies

• Prevents weak, easily-hacked passwords• Policies enforce minimum length, inclusion

of special characters, and scheduled password resets

Policy-Based Security Enforcement

• Rather than simply monitoring, auditing, and reporting, the NetVision solution leverages custom policies to automatically respond to and act against potential security threats—to prevent rather than just report

• Provides tools to create and define security policies for unique needs

• Provides standard settings for common threats• Customize Visual Basic scripts to execute when

predetermined conditions occur• As far-reaching and creative as you want

Proactive Actions

• User accounts automatically terminated when users engage in questionable activities or gain inappropriate rights

• Blocks attempts to change a directory object’s ACL list

• Prevents certain file types from being stored on network servers ( .MPEG, .JPEG, .GIF, .MP3s)

Flexible Policy Execution Provides Both Power and Flexibility

• Inherent filtering capabilities can set thresholds

• Determine when activity moves from innocent to suspicious, to outright malicious

• Block user access only after a set number of failed login attempts

• Audit but don’t initiate alerts for actions below threshold

Solution Components

• Global Event Services (GES) Efficiently gathers data from all areas of the

network Event-driven service Tracks all changes (events) to eDirectory,

NetWare, and the file system in real-time• Who• What• Where• When

Policy Management Suite

• Fully integrated tools• Patented technology providing real-time:

Directory integration Cross-platform policy enforcement Advanced auditing and reporting

Product Demonstration

• NetVision Policy Management Suite