SUBSCRIBE
Get what you need to know about information technology solutions to improve your agency.
subscribe now »
| » comment |  del.icio.us |
 digg this |
|
 reddit |
|
 rss feeds |
|
| RELATED | MOST POPULAR |
|
Dynamic Duo?
NIST and Army mesh virtualization and FDCC to enhance desktop optimization. The Hybrid Environment
In a hybrid environment of PCs and Macs, security is more important than ever. Almost One for All
If your security controls seem out of control, these steps can help you apply the new NIST guidance to find a way forward. Leading the Way on Health IT
Army researchers push for cutting-edge bedside technologies that can deliver real-time data and better clinical decision support. Going Virtual with Windows 7
Older apps that wouldn't work with Vista may run under Win7, thanks to its virtualized XP Mode. Hidden in Plain Sight
Take advantage of the TPM chip found in most systems to harden desktop and notebook security. Secure in the Wild
Secure flash drives add management challenges, but their portability and simplicity win satisfied users. Meet in the Middle
Capable CIOs must understand the agency's business mission while staying on top of current technology. Brief Byte
Telework and remote access need to be easy for users. These five tips will help your program take off. Securing Users in Hybrid Mac-PC Environments
In a hybrid environment where network resources and documents need to be constantly shared and exchanged between PC and Mac platforms, security is more important than ever. With the right combination of hardware, software and good old-fashioned IT policies and user education, you can keep both Macs and PCs on your network safe and secure. |
|
Compliance Management with NetIQ Secure Configuration Manager
Continuous monitoring with NetIQ's management console eases compliance headaches.
Whether you need to comply with regulations such as the Federal Desktop Core Configuration mandate or your agency’s internal policies, once your infrastructure moves beyond a handful of servers, managing compliance can be a challenge.
Out-of-the-box reporting in Microsoft Windows is limited to scripted output from Windows Management Instrumentation queries, parsing event logs at the command line, and Group Policy Resultant Set of Policy or Windows Server Update Services reports.
NetIQ Secure Configuration Manager (SCM) aims to simplify the process of gathering configuration and security-related data from systems and applications on your network, and compares the results with baseline settings, best practices, built-in policy templates or your own custom templates.
By generating a variety of reports, NetIQ’s management console can help you monitor changes in configuration and ensure that your systems remain compliant. SCM lets you report on user access rights and monitor security best practices, not only in Windows but also on Linux, Unix and IBM iSeries platforms.
Installing SCM
SCM can be installed on Windows 2000 Server or Windows Server 2003, and requires Microsoft SQL Server 2005 Standard or Express edition and the .NET Framework. The install process is a little archaic, similar to loading some Microsoft server products from a bygone era, but nevertheless, it is relatively quick and painless.
Once the management console is loaded for the first time, you’re presented with a list of common tasks to get you started (see Figure 1). Though the console resembles older versions, SCM is a mature product, and the intuitive interface is easy to navigate, once you understand the basic concepts.
Figure 1
Deploying Agents
The Deployment Wizard scans Active Directory to help you locate endpoints, which can be server operating systems or application servers, such as Internet Information Services, Oracle, Microsoft SQL and Sybase ASE. You can also add endpoints manually. The wizard ensures that all the required information, such as credentials to connect to remote machines, is present before deployment begins (see Figure 2). While primarily intended for servers, agents can be deployed to end-user systems, too.
Figure 2
- Security checks: Search for common configuration vulnerabilities, such as weak permissions or unnecessary admin accounts.
- Policy templates: Check whether an endpoint is compliant with a predefined policy such as Sarbanes-Oxley or a vendor best practice (see Figure 3).
- Baseline checks: Simplify change management using snapshots of endpoint configuration based on predefined criteria.
- Task suites: Run a collection of tasks, which are combinations of reports and actions that can identify and remediate common configuration errors.
Figure 3
Reporting and Risk
SCM uses a risk-scoring system that calculates the likelihood of an endpoint interrupting critical operations based on the number of vulnerabilities discovered and the importance of the system as determined by the security team:
Risk Score = Total Exposure + Importance Factor
After checks have been completed on designated endpoint systems, systems administrators can view detailed reports from the SCM’s report viewer (see Figure 4). Optionally, reports can be distributed to key personnel in a PDF format. Sysadmins can customize and schedule reports to run on a regular basis. Reports are either performed live by collecting data from endpoints or run against data stored in the database.
The most vulnerable systems are highlighted based on risk score, enabling sysadmins or executives to quickly pinpoint which systems need remedial action most urgently. Delta reports provide information about changes that have occurred since the last check, which is useful for change management. SCM also allows sysadmins to define exceptions, so if a system is out of compliance for a known reason (because of maintenance, for example), it can be excluded from reports.
Figure 4
Built-in Security Knowledge
SCM includes an extensive list of templates that provide security knowledge for all the major regulations currently in force, best practices, latest patch information from manufacturers and CVE (common vulnerabilities and exposures) security alerts. A wizard is used to update the built-in templates; once updated at the SCM console, the changes must be pushed to agents (see Figure 5).
Figure 5
Remediation
Task Sequences let sysadmins run reports and basic actions that can be used to remediate security issues across multiple endpoints. Although the included task actions are relatively basic, you can perform simple functions: add or remove users from security groups, stop or start system services and assign user rights (see Figure 6). If a vulnerability is identified in a common system service, a task action could be used to stop the service until a patch is available.
Figure 6
IT Takeaway
SCM provides a comprehensive, multiplatform solution that simplifies the compliance process and offers a system whereby IT departments can prove to auditors that there is a documented, automated and repeatable process in place. This may be accepted as proof that all systems are compliant based on satisfactory results from just one endpoint, resulting in considerable savings when external auditors check compliance across your network, a process that is billed per endpoint.
Even if compliance isn’t your main goal, SCM can help ensure that your infrastructure remains secure, improving uptime and availability for critical applications. You can also delegate privileges to the SCM console so that junior sysadmins have access only to features appropriate to their jobs. Although the Tasks feature in SCM is useful, for comprehensive process automation you should look to complement it with an additional tool.
Russell Smith is an independent consultant based in the United Kingdom who specializes in Microsoft systems management.
[ Related Articles ]
Home | Contact Us | About Us | Subscribe | Meet The Editors | Privacy | Site Map | Terms and Conditions
Copyright ©2010 CDW Corporation | 200 N. Milwaukee Avenue, Vernon Hills, IL 60061