Chapter 2. Tivoli Security Compliance Manager design and structure
2.1 Logical component architecture
2.1.5 Administration components
Compliance Manager walkthrough” on page 32 demonstrates how to use Security Compliance Manager’s administration console in order to perform the administration tasks.
The Security Compliance Manager server stores the data associated with the objects being managed in a centralized DB2 relational database. The server is the only Tivoli Security Compliance Manager component that directly accesses the database. Data can be extracted for system analysis, to generate status reports, and, as a preventative maintenance mechanism, to provide status and warning notifications.
Authentication
By default, authentication of users of the administration console and
administration utilities is handled by the Tivoli Security Compliance Manager server. User information is stored in the database with the password being stored in MD5 message-digest format. The server does not enforce any password rules or perform any password strength testing and no mechanism exists to recover a forgotten password. Security Compliance Manager provides the option to integrate with any authentication system by offering the authentication interface based on Java Authentication and Authorization Service (JAAS). 3.2.7,
“Integration with access control management systems” on page 66 describes the JAAS interface.
Securing the Security Compliance Manager server
The Security Compliance Manager server manages data, which can be an invaluable source of information for all kinds of intruders. The Security
Compliance Manager database contains a list of IT systems, IP addresses, user accounts, configuration options, and much more information, which can provide hints for potential starting points for attacks. Tivoli Security Compliance Manager provides the following features to secure the Security Compliance Manager server and its data:
Secured communication between server and administration console
The communication between server and administration console is secured by SSL. The administration console verifies the identity of the server based on the server certificate. If the server is contacted for the first time or the server’s certificate is renewed, then Security Compliance Manager displays the dialog window shown in Figure 2-7 on page 27. The Security Compliance Manager user may then contact the server administrator to verify that the certificate has changed before accepting the new certificate. This ensures that the Security Compliance Manager user is always talking to the correct Security
Figure 2-7 Warning that a new Security Compliance Manager server is accessed
Secured communication between server and client
The Security Compliance Manager client establishes communication links with the Security Compliance Manager server based on the server’s SSL certificate and IP address. Any other communication requests are denied. This ensures that only the authorized server is able to perform configuration requests like collector deployment or schedule changes. The server presents its SSL certificate during the first communication with the client (first contact trust). This certificate is used to verify the server’s unique identity and encrypts all traffic within the Tivoli Security Compliance Manager environment.
Protecting the database
The DB2 database contains valuable information about the IT infrastructure and known vulnerabilities. The node hosting Security Compliance Manager’s DB2 database system should be placed in a trusted security zone.
Additionally, access to the Security Compliance Manager database should be restricted to the absolute minimum.
Communications between Tivoli Security Compliance Manager components are secured using 128-bit Secure Sockets Layer (SSL) encryption. The cipher suites used are RSA_WITH_RC4_128_SHA, RSA_WITH_RC4_128_MD5, and RSA_WITH_3DES_EDE_CBC_SHA.
2.1.5 Administration components
Administrators and users use the administration components to centrally manage all the other components of the Security Compliance Manager infrastructure. The administration components consist of the Security Compliance Manager
administration console
and thecommand line interface
(CLI). The following sections describe the administration components.Administration console
The administration console is the graphical user interface (GUI) used to manage Tivoli Security Compliance Manager servers, clients, collectors, and keystores. The administration console also manages the data collected by the collectors, analyzes that data, and generates reports.
The administration console offers functions to perform the following tasks:
Manage individual client systems (register and unregister clients)
Manage client groups (add and remove groups, and add and remove systems to and from groups)
Manage collectors (install collectors, view status, set values for collector parameters, and customize schedules)
Manage users (add and remove users, and create and manage user groups and roles)
Manage proxy relays (define proxy relays and assign routing paths)
Manage database tables (create delta tables and set maximum data age)
Manage policies (create, import, and export policies, assign policies to client groups, schedule, run, and view snapshots
Manage reports (define reports and run reports)
Define and test SQL database queries
Manage the server (define authorization keys, view server activity, back up keystores, and manage the database connection)
Command line interface
The command line interface provides an alternative to the administration console and offers a subset of the functions available with the administration console. The command line interface enables the administrator to perform operations on a large number of objects or to automate operations with scripts or batch files. The command line tools are available on all supported platforms.
A detailed list of commands, command parameters, and their usage is provided in the IBM Tivoli Security Compliance Manager Version 5.1 Administration Guide, SC32-1594.