ClearPath OS 2200 Release 16.0 includes Apex 2.0, the second release of the administration tool introduced in Release 15. Apex is a Web application for managing the OS 2200 operating system.
In this blog, I’ll focus on one aspect of Apex – the reports it provides for defense in depth and compliance.
First let’s look at those terms.
Defense in depth means that the strategies and mechanisms the data center employs to protect its assets go beyond secure configurations, firewalls, and other first line of defense measures. They also include procedures and tools to verify that the outer defenses have not been breached, or to discover that something may have gone wrong because there are signs of a compromise or an attempted compromise.
Compliance includes following rules established by corporate security policies, governmental regulations, and industry standards.
Defense in Depth
A good defense in depth strategy includes monitoring for failed logon attempts, which could indicate an attempted attack. Without Apex, your process for monitoring could be similar to the following excerpt from an operations manual:
@LA,A
SELECT INTERVAL=(-8/000000:-1/240000)
PRINT REPORT=DUMP ENTRY=(810) FORMAT=(TEXT)
With Apex, your process is much simpler: run the Login Failures report, specifying the time and date span of interest. Apex delivers to your Web browser a report with a concise summary and details that you can sort by user-id, date/time, error type, or IP address.
Another part of your defense in depth strategy involves making sure that any changes in user security attributes are authorized. Apex includes a Modified Users report that shows the administrator which users have been modified, what the changes were, and who made the modifications. It even includes a before-and-after comparison of the changed attributes. Of course the report can’t tell you if the changes were authorized or not, but it provides essential data you can compare with change requests and other artifacts.
Compliance
Do you have a security policy similar to the Health Insurance Portability and Accountability Act (HIPAA) requirement that users change their passwords every 60 days or the following requirement from the Payment Card Industry Data Security Standard (PCI DSS)?
Without Apex, your process for verifying compliance with this policy could involve a tedious, error-prone search through a full user-id report:
With Apex, verifying compliance is as simple as examining the results of the Passwords report. This report goes beyond simply looking for users with expired passwords; it gives the administrator four views of users and their passwords:
Perhaps you need to comply with this similar requirement:
Without Apex, your process for verifying compliance with this policy could require you to look through a long report, scanning for the “days of inactivity” lines of the report and matching them with the corresponding user-ids.
With Apex, you run the Dormant Users report, which searches the security database for you, looking for user-ids that haven’t been used in the amount of time you specify. For more about this report, see the Verifying Security Policy Compliance post.
Summary
Apex reports based on system log data and user security records help you find events of special security significance, supporting a “defense in depth” strategy and facilitating compliance with policies, regulations, and standards. All Apex reports share design features that minimize the learning curve and boost productivity:
The reports highlighted above and several others were included in Apex 1.0. In Apex 2.0, which is part of ClearPath OS 2200 Release 16, more reports have been added and the older reports have been enhanced. Give them a try and see how they can help you streamline your security defense and compliance activities.
Tags- ClearPath OS 2200 OS 2200 Release 16 Security
PREVIOUS POST