Image via Wikipedia

Alright Day 3 of Sentinel training was pretty good. We reviewed performing actions when a correlation rule is met on an event filter.  We also learned about “solution packs”.  A little bit about how they are structured, but mainly how to import, edit and redeloy them. We were shown the PCI DSS solution pack. I must say it was pretty comprehensive, which is sold for $30K by itself. We also were given a sales presentation breaking down the scope of Novell’s ISM (Identity and Security Management) products. It was explained to us that ISM is now one of Novell’s 3 focuses. Any supported products will fall under their main areas of focus. They also mentioned that they did very well this final quarter which is about to end for them. That’s really good news for Identity Management, especially at a time when the economy is not doing well. We also heard from some attendees in the training course that IBM is also doing very well. And of course IBM has its own Identity Management suite. So even more good news for Identity Management. The sales rep explained that Identity Management was initially seen as a sub-area of focus for IT departments and was not seen as being under security. But now Identity Management is seen more as being under security rather than traditional IT because of the specialization that goes into it.

continue reading "Novell Sentinel Training Day 3"

What a day! I have a headache, not because of the material or anything. Before I talk about what we did today I was thinking of sharing some usecases with you on where Sentinel would be highly beneficial to have. Imagine someone who is not an Administrator attempts to login as administrator, wouldn’t you want to know? If there were repeated login failures on a very important server or someone was trying to access a port which was designated for something important. Or Imagine an administrator assigns a non-administrator certain rights which are out of the oridnary you might want to know. An example that came up in class is: Someone who logs in at a Bank, withdraws or transfers a large amount of cash, and then changes their password. If a combination of such an event happened, imagine having a rule in place where an alert was triggered. All of these use cases were mentioned in the training so far.

Today we spent alot of time on writing correlation rules, learning the syntax (expressions and other things) which are unique to the sentinel product. We also spent a large ammount of time learning the administrative tools.

Due to my headache, Ill be more detailed in the next post.

Image by the-tml via Flickr

2 colleagues from Identropy and I started a training class for Novell’s Sentinel 6.  Which is mainly a reporting tool which is being billed as being government compliant for various industries i.e. PCI DSS. The training so far has revolved around being able to setup “Active Views” and “Incidents”. You can see a screenshot here in case you are wondering what it looks like. Sentinel runs on Windows Server (VMs are recommended to shops that just do linux) UPDATE: see tech specs and is written in Java. One of the key selling points is event tracking happens in “real time” (by real time, they mean in memory). There are filters that are applied against events before hitting the “message bus” and also before being stored in a database repository for historical purposes). These filters on events can be setup as incidents which can be assigned to responsible individuals to follow up on or can be escalated over time. An email can be kicked out when an incident takes place.

There are connectors which support LDAP and SOAP which have become available with Sentinel 6.1. javascript is also now supported, so you can write your own custom collectors. There is a list of collectors which have been written for Sentinel to connect to various sources. Sentinel takes sys logs and translates them to make the data more usable. Then an integrator would help write filters to look for events i.e. failed login attempts as administrator or root and right correlation rules to generate incidents.

There is definitely a learning curve here. Aside from the learning curve, It does seem that the most work that will need to go into implementing sentinel will be setting up the correlation rules and filters. The good news is Novell has “solution packs” that have preconfigured filters. They have a solution pack for PCI DSS for example. We were told that we could create solution packs of our own with the help of a solution builder and could deploy them across our clients. This would probably work when focusing a solution pack towards a specific industry. Aside from getting all of these correlation rules setup, there is some level of system administrator involvement that should be there to fully leverage its potential. This product will only be as good as the rules that are written and the ammount of attention a sys admin will give to looking for patterns of problematic events.

I will write more tomorrow

Image via CrunchBase

I wonder how virtualization will tie into Identity Management in the future? I believe Ash once said these virtual components and appliances may take on identities of their own.

At work, I was asked to setup a VMWare Server for testing. We decided to test out VMWare’s Hypervisor Esxi Server which we heard was now FREE.

So what’s a hypervisor? Think of it as an operating system which does nothing but run virtual machines. It directly utilizes the hardware resources of your server and does not run on top of an operating system. So the idea is to maximize performance of your VMs, and possibly being able to run more VMs on a server than before simultaneously.

Microsoft has their own hypervisor. I recently received an email about an event they are doing to push their virtualization products. VMWare is of course a major player and there are others as well.

So we were interested in VMWare’s hypervisor but our major concern was connectivity, both onsite and offsite.

continue reading "Review of VMWare’s free Hypervisor Esxi Server"

Image by Brice Bonneau via Flickr

About a month and a half ago I became an Idmc (Identity Management Consultant). Since I’m new to Identity Management/ Identity Access Management my new blog can serve as a good guide for newbs to better understand Identity by tagging along with me on my own journey.

When I tell people my job title, they at first think I’m trying to help Jason Bourne reclaim his lost identity. Well, my work revolves around managing users corporate identities (think login accounts).

So far I’ve been doing Identity Mapping work mainly as well as some odd jobs i.e. installing linux (yes I consider installing linux an odd job), testing out hypervisors, Migrating AD and of course going through training.  So In my blog I’ll mostly be sharing some technical tips on things I pick up along the way. I’ll also be unraveling the answers to questions about Identity Management that come up in my head.

This upcoming week I’ll be heading to Boston with my colleague Eric to be trained by Novell on their Sentinel product.  I will share my thoughts with you. But before that, here’s the list of posts I’m working on for this week.
continue reading "What the heck is Identity Management?"