Front coverDeployment Guide Series:IBM Tivoli SecurityCompliance ManagerBusiness context and legal compliancediscussionBes...
International Technical Support OrganizationDeployment Guide Series: IBM Tivoli SecurityCompliance ManagerAugust 2005     ...
Note: Before using this information and the product it supports, read the information in “Notices” on page vii.First Editi...
Contents                     Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
3.2.8 Integration with Tivoli Risk Manager . . . . . . . . . . . . . . . . . . . . . . . . . 68                     3.3 Bu...
6.2.4 Report development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160                      ...
vi   Deployment Guide Series: IBM Tivoli Security Compliance Manager
NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, servi...
TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other...
Preface                 The process that ensures that the security policies and standards of a company                 are...
Figure 1 From left: Dieter, Axel, and Hendrik               Axel Buecker is a Certified Consulting Software IT Specialist ...
Dieter Riexinger is a Certified IT Security Architect in IBM Germany. He holds a        degree in Computer Science from th...
Mail your comments to:                      IBM Corporation, International Technical Support Organization                 ...
Part 1Part       1     Architecture                 and design                 In this part, we discuss the overall busine...
2   Deployment Guide Series: IBM Tivoli Security Compliance Manager
1    Chapter 1.   Business context for                 security compliance                 management                 In t...
1.1 Introduction to compliance management               The process that ensures that the security, regulatory, and operat...
1.2 Why compliance management?        Most businesses today heavily rely on their IT systems, and damage incurred to      ...
Being compliant versus being in control                If you have ever been audited (or audited someone), you probably kn...
Organizational and process checkpoints   There is a particular need for separation of duties, for example, when the   empl...
significant impact on the requirements on an IT security compliance                  management solution, such as the admi...
1.4 General challenges        Now, even if the goal for security compliance is clear, defined by precise policies        a...
As a consequence, the compliance management solution must allow for fine                  grained access control definitio...
2    Chapter 2.   Tivoli Security Compliance                 Manager design and                 structure                 ...
2.1 Logical component architecture               The logical components of IBM Tivoli Security Compliance Manager may be  ...
Compliance Report                                                       Components                                        ...
The data collection components are:                  Client                  Collector                  Proxy relay       ...
same schedule and parameters, to every client that is a member of the clientgroup or a member of any nested group. Similar...
Client type   Description                DHCP push     A DHCP push client has a dynamic IP address that permits           ...
client (first contact trust). This certificate is used to verify the server’s unique   identity and to encrypt all traffic...
1                                            3                        ITSCM Client             ITSCM                      ...
Unsigned collectors                                                        collector                                      ...
ITSCM Server                                   ITSCM Client                               com.ibm.jac.server.JAC          ...
Security Compliance Manager policyA Security Compliance Manager policy consists of one or more specially writtenSQL querie...
Security Compliance Manager snapshot               A snapshot provides the compliance status of all client systems that ar...
subdirectory doc. Additional information can be found athttp://www.businessobjects.com/products/platform/enterprise.asp.  ...
Security Compliance Manager provides the following operational report               templates (the latest additions and do...
Figure 2-6 Example for operational report: Client Violations2.1.4 Security Compliance Manager server          The server i...
access the Security Compliance Manager server functions using the               administration tools. 2.1.5, “Administrati...
Figure 2-7 Warning that a new Security Compliance Manager server is accessed   Secured communication between server and cl...
2.1.5 Administration components               Administrators and users use the administration components to centrally mana...
A detailed list of commands, command parameters, and their usage is provided          in the IBM Tivoli Security Complianc...
Between server and pull clients                  Communication with a pull client is initiated by the Security Compliance ...
2.2.2 Deployment on physical nodes          Security Compliance Manager supports different operating systems and          ...
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Deployment guide series ibm tivoli security compliance manager sg246450
Upcoming SlideShare
Loading in …5
×

Deployment guide series ibm tivoli security compliance manager sg246450

2,125 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,125
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Deployment guide series ibm tivoli security compliance manager sg246450

  1. 1. Front coverDeployment Guide Series:IBM Tivoli SecurityCompliance ManagerBusiness context and legal compliancediscussionBest practices in a bankingcustomer scenarioComplete deploymentguide with hands-on Axel Buecker Hendrik H. Fulda Dieter Riexingeribm.com/redbooks
  2. 2. International Technical Support OrganizationDeployment Guide Series: IBM Tivoli SecurityCompliance ManagerAugust 2005 SG24-6450-00
  3. 3. Note: Before using this information and the product it supports, read the information in “Notices” on page vii.First Edition (August 2005)This edition applies to Version 5, Release 1, Modification 0 of IBM Tivoli Security ComplianceManager (product number 5724-F82).© Copyright International Business Machines Corporation 2005. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corp.
  4. 4. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiPart 1. Architecture and design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 1. Business context for security compliance management . . . . . 3 1.1 Introduction to compliance management . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Why compliance management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3 Determining the how: influencing factors . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.4 General challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.5 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chapter 2. Tivoli Security Compliance Manager design and structure . . 11 2.1 Logical component architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.1 Data collection components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.2 Compliance evaluation components . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.1.3 Compliance report components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.1.4 Security Compliance Manager server . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1.5 Administration components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.2 Physical component architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 2.2.1 Communication port usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 2.2.2 Deployment on physical nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.3 Security Compliance Manager walkthrough . . . . . . . . . . . . . . . . . . . . . . . 32 Chapter 3. Architecting a Security Compliance Management solution . . 49 3.1 Solution architectures, design, and methodologies. . . . . . . . . . . . . . . . . . 51 3.2 Design process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.2.1 Typical context of Security Compliance Manager solutions . . . . . . . 51 3.2.2 Phased project approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.2.3 Placing components in network zones . . . . . . . . . . . . . . . . . . . . . . . 57 3.2.4 Deployment of Security Compliance Manager clients. . . . . . . . . . . . 60 3.2.5 Delegated administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.2.6 Implementation of Security Compliance Manager policies . . . . . . . . 65 3.2.7 Integration with access control management systems . . . . . . . . . . . 66© Copyright IBM Corp. 2005. All rights reserved. iii
  5. 5. 3.2.8 Integration with Tivoli Risk Manager . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.3 Business processes and compliance management . . . . . . . . . . . . . . . . . 69 3.3.1 A generic security compliance management business process . . . . 69 3.3.2 Security Compliance Manager business process support . . . . . . . . 71 3.3.3 Automated security compliance management . . . . . . . . . . . . . . . . . 77Part 2. Customer environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Chapter 4. Armando Brothers Banking Corp.. . . . . . . . . . . . . . . . . . . . . . . 83 4.1 Company profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 4.2 Current IT architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.2.1 Existing security infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.2.2 Existing middleware infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.3 Current security policies and standards . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.4 Emerging problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 4.5 Strategic objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 4.6 Critical success factors for strategy implementation . . . . . . . . . . . . . . . . . 89 4.7 Resulting business requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 4.8 Requirements on project execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 4.9 ROI study and results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Chapter 5. Security Compliance Manager design . . . . . . . . . . . . . . . . . . . 95 5.1 Functional requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 5.1.1 Phase I: Establishing a baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.1.2 Phase II: Extend coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 5.2 Design objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 5.2.1 General and infrastructure objectives . . . . . . . . . . . . . . . . . . . . . . . 100 5.2.2 Platform specific security concepts . . . . . . . . . . . . . . . . . . . . . . . . . 101 5.3 Implementation architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 5.3.1 Physical components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 5.3.2 User roles and responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.4 Project organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Chapter 6. Technical implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 6.1 Deployment phase I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 6.1.1 Planning and installing the server . . . . . . . . . . . . . . . . . . . . . . . . . . 117 6.1.2 DB2 maintenance tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 6.1.3 Deploying clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 6.1.4 Installing the reporting server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 6.1.5 Configuring operational reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 6.2 Deployment phase II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 6.2.1 Tivoli Access Manager integration . . . . . . . . . . . . . . . . . . . . . . . . . 146 6.2.2 Tivoli Risk Manager integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 6.2.3 Collector development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151iv Deployment Guide Series: IBM Tivoli Security Compliance Manager
  6. 6. 6.2.4 Report development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 6.3 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Part 3. Appendixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Appendix A. Developing a custom collector . . . . . . . . . . . . . . . . . . . . . . 173 Required method getReleaseNumber() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Required method getCompatibleOS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Required method getDescription() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Required method getParameters(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Required method getTables(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Required method executeV2() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Appendix B. Introducing the Security Vulnerability Index . . . . . . . . . . . 179 So what is the IBM Global Services Vulnerability Index? . . . . . . . . . . . . . . . . 180 How does it work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Appendix C. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 How to use the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Contents v
  7. 7. vi Deployment Guide Series: IBM Tivoli Security Compliance Manager
  8. 8. NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the usersresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where such provisionsare inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDESTHIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM maymake improvements and/or changes in the product(s) and/or the program(s) described in this publication atany time without notice.Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirmthe accuracy of performance, compatibility or any other claims related to non-IBM products. Questions onthe capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrates programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which thesample programs are written. These examples have not been thoroughly tested under all conditions. IBM,therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment to IBM for the purposes ofdeveloping, using, marketing, or distributing application programs conforming to IBMs applicationprogramming interfaces.© Copyright IBM Corp. 2005. All rights reserved. vii
  9. 9. TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both: AIX 5L™ Eserver® Tivoli Enterprise™ AIX® IBM® Tivoli Enterprise Console® DB2 Universal Database™ ibm.com® Tivoli® DB2® Redbooks™ Eserver® Redbooks (logo) ™The following terms are trademarks of other companies:Crystal Reports, and Crystal Enterprise are trademarks or registered trademarks of Business Objects SA orits affiliated companies in the United States and other countriesJava, JDBC, JVM, Solaris, Sun, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. inthe United States, other countries, or both.Excel, Microsoft, Natural, Windows NT, Windows, and the Windows logo are trademarks of MicrosoftCorporation in the United States, other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Other company, product, and service names may be trademarks or service marks of others.viii Deployment Guide Series: IBM Tivoli Security Compliance Manager
  10. 10. Preface The process that ensures that the security policies and standards of a company are adhered to is called compliance management. It requires the ability to report on the current compliance status of the security controls of any installed system and to react to any observed deviations. Most businesses today heavily rely on their IT systems, and damage incurred to their critical systems through downtime can force a company out of business. It is a good business practice to minimize the risk to IT systems in proportion to their importance to the business. The factors that influence how much compliance you need can be based on economical, technological, regulatory, or legal reasons. This IBM® Redbook discusses the business context for security compliance management. It introduces the logical and physical components of Tivoli®’s solution offering. We explain the planning steps and describe how to deploy IBM Tivoli Security Compliance Manager (ITSCM) Version 5.1 in a banking environment and how to integrate it with IBM Tivoli Access Manager and IBM Tivoli Risk Manager.The team that wrote this redbook This redbook was produced by a team of specialists from around the world working at the International Technical Support Organization, Austin Center.© Copyright IBM Corp. 2005. All rights reserved. ix
  11. 11. Figure 1 From left: Dieter, Axel, and Hendrik Axel Buecker is a Certified Consulting Software IT Specialist at the International Technical Support Organization, Austin Center. He writes extensively and teaches IBM classes worldwide on areas of Software Security Architecture and Network Computing Technologies. He holds a degree in Computer Science from the University of Bremen, Germany. He has 18 years of experience in a variety of areas related to Workstation and Systems Management, Network Computing, and e-business Solutions. Before joining the ITSO in March 2000, Axel worked for IBM in Germany as a Senior IT Specialist in Software Security Architecture. Hendrik H. Fulda is a certified IT Strategy Consultant and currently holds a position as Managing Consultant in IBM Strategic Outsourcing. Having performed several engagements identifying information security risks and applying processes and technology to improve security, Hendrik has a strong background in Information Security and Security Architecture. He has published on the topic of e-business security and is a frequent speaker at industry conferences around Europe. Hendrik is a teacher of the IBM Method for Architecting Secure Solutions and holds an ISACA.org credential as a Certified Information Security Manager. Hendrik joined IBM in 1998 and lives in Hamburg, Germany.x Deployment Guide Series: IBM Tivoli Security Compliance Manager
  12. 12. Dieter Riexinger is a Certified IT Security Architect in IBM Germany. He holds a degree in Computer Science from the University of Mannheim, Germany. He has more than 13 years of experience mainly in Networking and IT Security disciplines. His areas of expertise include User Management, IBM Tivoli Access Manager, and IBM Tivoli Security Compliance Manager. Dieter has managed various design and architecture engagements for complex IT infrastructures. Thanks to the following people for their contributions to this project: Wade Wallace International Technical Support Organization, Austin Center Mike Garrison, Tom Ballard, Lakshmi Thiruvengada, James Galvin, John Giammanco IBM USBecome a published author Join us for a two- to six-week residency program! Help write an IBM Redbook dealing with specific products or solutions, while getting hands-on experience with leading-edge technologies. Youll team with IBM technical professionals, Business Partners, and customers. Your efforts will help increase product acceptance and customer satisfaction. As a bonus, youll develop a network of contacts in IBM development labs, and increase your productivity and marketability. Discover more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.htmlComments welcome Your comments are important to us! We want our Redbooks™ to be as helpful as possible. Send us your comments about this or other Redbooks in one of the following ways: Use the online Contact us review redbook form found at: ibm.com/redbooks Send your comments in an e-mail to: redbook@us.ibm.com Preface xi
  13. 13. Mail your comments to: IBM Corporation, International Technical Support Organization Dept. JN9B Building 003 Internal Zip 2834 11400 Burnet Road Austin, Texas 78758-3493xii Deployment Guide Series: IBM Tivoli Security Compliance Manager
  14. 14. Part 1Part 1 Architecture and design In this part, we discuss the overall business context of the IBM Tivoli Security Compliance Manager. We then describe how to technically architect the overall solution into an existing environment, and introduce the logical and physical components.© Copyright IBM Corp. 2005. All rights reserved. 1
  15. 15. 2 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  16. 16. 1 Chapter 1. Business context for security compliance management In this chapter, we discuss the business context for security compliance management of IT systems. After a short definition of security compliance management, we describe the factors that influence why and how compliance management should be conducted in a given business context. Further, we explain the general business requirements for a security compliance management solution.© Copyright IBM Corp. 2005. All rights reserved. 3
  17. 17. 1.1 Introduction to compliance management The process that ensures that the security, regulatory, and operational policies of a company are adhered to is called compliance management. It requires the ability to report on the current compliance status of security controls of any installed system and to react to any observed deviations. Security controls exist on a technical, process, and organizational level: An organizational level security control can be a concept like separation of duties, for example, ensuring that someone changing something is not the same person controlling the business need and proper execution of the change. This type of security control may require an organizational setup where those two employees report to different managers. A process level security control can be a concept like the four eyes principle, where a specific authorization requires two signatures (or passwords) to be presented before a transaction can be completed. As a result, this process step would always require two employees to be available for execution. A simple technical security control can be a required length for a password or specific permissions that are defined for accessing an operating system resource or business data. Operating systems and applications provide configuration settings that allow the administrator to specify minimum password lengths so that the system itself will enforce this control. A more complex technical security control can be the requirement to run an anti-virus service (with up to date virus definition files, of course!) on a computer system or a correctly configured portfilter. While it can be hard to have process level or organizational level security controls checked automatically (by a computer), technical security controls can be automatically monitored, as this only requires collecting configuration parameters (for example, minimum password length) and comparing these with predefined desired values. IT security compliance management is about ensuring that the defined settings (in a security policy or standard) are implemented correctly and consistently on all the installed IT systems. Because in practice there can be reasons why a specific configuration setting cannot be enforced in the desired way on a number of systems of each type (usually due to an application either explicitly requiring the parameter to be set differently or because it is simply not working otherwise) a significant part of compliance management is handling exceptions to the defined security policy or standard.4 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  18. 18. 1.2 Why compliance management? Most businesses today heavily rely on their IT systems, and damage incurred to their critical systems through downtime can force a company out of business. It is a good business practice to minimize the risk to IT systems in proportion to their importance to the business. Through regulation (for example, Basel II1 in the banking sector), the excellence of risk management for IT systems, which is part of the operational risk complex, even has an impact on the competitive advantage of banks because it can affect the interest rates a bank can offer its customers. Because the configuration of security relevant settings in an operating system has a direct impact on the resilience of the system against attacks, viruses, worms, or computer criminals, ensuring that these settings are always at the desired level directly lowers the risk to the system. No large enterprise (and, often, not even small enterprises), in order to protect their business investment, would publicly admit that they fell victim to a virus or worm incident, although even with relatively high level of security measures in place no one can be absolutely safe. And because these incidents cannot (and therefore should not!) be ruled out, you should present as little a target as reasonably possible. Reasonably here being relative to the values to protect and the amount of threats in the environment. Note: In some places, companies are legally required to publicly disclose all incidents. Further, checking the security controls of managed systems ensures that a system does not degrade in its security controls posture due to changes on the system after it has been installed. For example, changes made while resolving a problem, while installing or upgrading a new application or middleware, or due to an attacker changing the configuration to hide his tracks or to compromise the system. 1 Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework, June 2004 (more information can be found at http://www.bis.org/publ/bcbs107.htm.) Chapter 1. Business context for security compliance management 5
  19. 19. Being compliant versus being in control If you have ever been audited (or audited someone), you probably know that there is a difference between being: In compliance: All your systems and processes are operated and delivered according to the security policies and standards (and you have evidence for that). In control: You know what is in compliance and what is not, you know why, and you have a plan of action. Now, what is more important? Being in control is. Because you could be in compliance by accident. Further, if you are compliant, but not in control, chances are high that you will not stay compliant for very long. If you are in control, you will end up being compliant eventually. Or at least you will have it on record why you are not compliant. And if you are not compliant and not in control, gaining control should be your primary goal.1.3 Determining the how: influencing factors While having security compliance management in place is generally a good security practice, there are several factors that influence if and how compliance management is implemented in a specific environment. Let us take a look at the main dimensions of compliance management. Frequency of checks How often is a compliance check being done? This does not only define how often the configuration data is collected from the systems, but also the frequency in which system administrators are called upon to fix or investigate identified deviations. Number and selection of controls Which and how many controls are checked? Are only operating system level controls checked or are application level controls checked as well? Which operating systems, middleware, and business applications need to be supported? Follow up time frame How fast do you have to fix reported deviations in the security configuration?6 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  20. 20. Organizational and process checkpoints There is a particular need for separation of duties, for example, when the employee checking the configuration must not be the administrator of the system, and for process requirements, especially in the area of exception management and escalation if deviations are encountered or not corrected in time.The factors that define how much compliance management, as defined by thedimensions above, has to be done are influenced by the threats in the externalenvironment of a company. Let us summarize the external environment factors. Economy In which industry is the business operating? Is corporate espionage an issue? Does the company use outsourcing services? How dependent is the business on its IT systems? Regulatory/legal compliance In which countries and in which industry is the business operating? Which regulatory requirements exist that have an influence on required operational risk and the level of IT security? What level of scrutiny is executed by the regulators? It is useful to keep in mind that an IT security compliance management system can provide a lot of evidence for executed control. Technology The main reason why IT security compliance management is a good security practice today and should even be considered a mandatory task when using IT systems at all is that businesses usually cannot afford successful attacks against their IT infrastructure. The threats against IT systems have become so advanced that one does not even have to have enemies to become subject to an attack, because many attacks are done automatically by worms and viruses. Even if critical systems are not directly compromised, a single infected system in a company network will negatively affect other systems and incur costs for the clean up.Next, let us look at the internal environment factors of a company. Business and IT processes The value and amount of (business) information processed defines the level of security the processing system requires. And because security is always about the weakest link, related infrastructure systems need to be protected reasonably too. Organization The size and setup of the organization, for example, defines the speed of the reaction to deviations from the desired security level. Further, it will have a Chapter 1. Business context for security compliance management 7
  21. 21. significant impact on the requirements on an IT security compliance management solution, such as the administration approach. Technology/existing IT environment Obviously, the existing IT environment defines the scope of the operating system, middleware, and business applications that need to be supported by any IT security compliance management solution. In mature businesses, these influencing factors have shaped the existing security policies and standards as well as work practices or procedures: Security Policy Non platform specific or high level security requirements Security Standards Platform specific controls (for example, configuration settings) Practices/Procedures Platform specific or non-specific descriptions on how to implement the security controls, for example, process steps, required documentation templates, and so on Further, these may have resulted in the IT department defining or creating the following tools to consistently implement the given standards and practices: Standard image/build Pre-configured installation image of an operating system with the correct settings applied. Checklists Configuration or system activation checklists for configuration settings or tasks that cannot be predefined using an image. Checklists usually exist for all sorts of IT assets, from physical servers and clients with their respective operating system builds, to applications and complex environment configurations.8 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  22. 22. 1.4 General challenges Now, even if the goal for security compliance is clear, defined by precise policies and standards (which often do not exist or are worded in broad, technically vague terms), the task of compliance management of a larger number of systems bears the following major challenges in addition to the requirements resulting from the factors discussed above. Maintenance of compliance over time Even in a stable environment, systems are constantly changed because patches must be applied, updates must be installed or additional packages require a change in configuration of the underlying operating environment. Complex environments Few businesses can claim that their environment is homogenous and centralized. Heterogeneous, geographically distributed systems in large numbers is the norm, with not only systems from multiple vendors, but also running several different versions of operating systems at the same time.1.5 Conclusion As a result of the influencing factors discussed above, a security compliance management solution must provide a flexible framework that can be configured and customized to the specific business in question. However, requirements for compliance management often result in functional or non-functional requirements for the technical solution and for the processes and organization behind the solution. Let us look at a few examples. A high frequency of compliance checks reduces the window of opportunity for a potential attack/incident because the time frame that a vulnerability exists because of a control deviation is reduced. If the solution and the process to notify the system administrator is not automated properly, a lot of effort may be wasted in checking the reports that are generated in fast order. A centrally maintained system for gathering and processing the compliance data lowers the cost of maintenance when compared to a distributed system. However, it should be ensured that (the distributed) system administrators have direct access to the data of their systems to easily control the status of their system, for example, after a change. The need to request the information from a central team would be a burden on the central team and discourage the system administrator from proactive checks. Chapter 1. Business context for security compliance management 9
  23. 23. As a consequence, the compliance management solution must allow for fine grained access control definitions so that system administrators are limited to the data on their systems only. While the ability to collect data on as many controls on as many platforms as possible sounds like the number one priority for a compliance management system, it should not be underestimated how important the reporting capabilities can be, especially if reports on the compliance status are required for legal/regulatory and audit purposes. Perhaps most important, it is necessary to realize that business as usual for compliance management systems is the management of exceptions from the defined standards (for example, because of conflicts with applications). Therefore, effective and efficient exception management should be on the top of the list of requirements for a compliance management solution. At the end of the day, security is about the weakest link and, because of this, it is more important to have a consistent (if small) set of security controls in place on all the operated systems in a company, controlled through a reliable process in a reasonable time frame, than monitoring a hundred controls on a few systems in headquarters whenever someone feels like it.10 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  24. 24. 2 Chapter 2. Tivoli Security Compliance Manager design and structure IBM Tivoli Security Compliance Manager is IBM’s security policy compliance management product that acts as an early warning system by identifying security vulnerabilities and security policy violations for small, medium, and large businesses. Tivoli Security Compliance Manager helps organizations define consistent security policies and monitor compliance of these defined security policies. This chapter provides you with an understanding of the following topics: The high level logical component architecture for IBM Tivoli Security Compliance Manager The physical component architecture A complete Tivoli Security Compliance Manager walkthrough, from client registration to re-establishing compliance of a managed system.© Copyright IBM Corp. 2005. All rights reserved. 11
  25. 25. 2.1 Logical component architecture The logical components of IBM Tivoli Security Compliance Manager may be grouped in five different areas of responsibility, with the Security Compliance Manager server being the central component, as depicted in Figure 2-1 on page 13. The areas are: Data collection components that build a framework for collecting security relevant configuration data from connected systems, such as operating systems, middleware components, applications, and so on. Administration components consisting of a graphical user interface and a command line interface are used to manage the Security Compliance Manager components. Compliance reporting components deliver different kinds of configurable reports for audit purposes and correcting deviations. Compliance evaluation components consisting of Security Compliance Manager snapshots and policies verify security compliance centrally. Both components are stored and maintained in the central database in order to ease the process of policy maintenance. The Security Compliance Manager server is the central component of a Security Compliance Manager infrastructure. Among the responsibilities of the server are: – Manages when the security compliance data is collected and which clients collect what kind of data using the data collection components. – Determines what security compliance data is collected, and how to interpret the data using the compliance management components. – Stores the security compliance data received from the clients and provides the available data to users through the administration console and administration commands. – Provides security violation details as a basis for the compliance report components. The following sections describe the components of the five layers in more detail.12 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  26. 26. Compliance Report Components ITSCM ITSCM Report Operational Report ITSCM Admin GUI ITSCM Snapshots Administration Components ITSCM ITSCM ITSCM Compliance Evaluation Server Server Database Components ITSCM ITSCM Admin CLI Policies ITSCM Client ITSCM ITSCM Proxy ITSCM ITSCM Collector Collector Collector ITSCM Client ITSCM ITSCM Collector Windows Registry Collector Configuration Router File Executable Firewall Data Collection Components Figure 2-1 IBM Tivoli Security Compliance Manager logical component architecture2.1.1 Data collection components The data collection components are mainly responsible for collecting compliance data according to a schedule provided by the Security Compliance Manager server. One of the data collection components (the client) needs to be initially deployed to the systems that are to be monitored, either manually or by any other established means of software distribution in your environment. From that moment on, all components are centrally maintained using the Security Compliance Manager server management functions. Chapter 2. Tivoli Security Compliance Manager design and structure 13
  27. 27. The data collection components are: Client Collector Proxy relay Security Compliance Manager client The client is Java™ language-based software that runs on systems to be monitored for security compliance. By default, the client runs as a daemon with root authority on UNIX® systems, or as a service under the local system account on Microsoft® Windows® systems. The client provides the runtime environment for collectors deployed to the system and handles communication with the server. The type of client determines how communications are initiated between the server and the client. There are two types of clients: a push client and a pull client. A push client can establish a Secure Sockets Layer (SSL) connection to the server and send data. A pull client must wait until the server establishes a persistent SSL connection with the client before data can be sent. Defining a client as a push client, which is the default, permits communication with the server to be established by either the client or the server. In some network environments, however, inbound connections to the server are not permitted. In these cases, defining the client as a pull client forces the server to initiate the communication with the client. Pull clients are generally needed when the server is located behind a firewall. “Client-server communication” on page 15 provides a detailed description of the concept of push/pull clients. Security Compliance Manager clients and client groups A client group is a container used to group one or more clients together. Clients can be members of one or more client groups. A client group itself can be a member of one or more client groups, though care should be used when nesting groups because of the way inheritance works, which is described in “Group inheritance” on page 14. A client must be a member of a client group in order for a policy to be applied to the client. A policy can be assigned only to a client group. Individual collectors can be assigned to both clients and client groups. Objects added to a client group are inherited by all members of the group. The client group concept supports organizing large numbers of clients into categories representing operating system types, security policies, physical location, business objectives, or any other logical grouping. You can manage the control of groups using client group access permissions. Each user can be assigned specific permissions to control and manage specific client groups. Group inheritance Adding policies and collectors to client groups is a powerful feature because of group inheritance. Every client that is a member of the client group, or a member of a subgroup of the client group, inherits the collectors and policies added to the group. Adding a collector to a client group adds a collector instance, with the14 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  28. 28. same schedule and parameters, to every client that is a member of the clientgroup or a member of any nested group. Similarly, adding a policy to a clientgroup adds collector instances for every collector used in the policy to everyclient that is a member of the client group or a member of any nested group. Theschedule and parameters for each collector instance are set in the policy and thesame values are used for each client. You can take advantage of this collectorinheritance by adding policies and individual collectors to a small set of groups,rather than adding them to large numbers of individual clients. Inheritancepermits a large number of clients to run the same set of collectors using thesame parameters at the same scheduled times. When a policy or a collector isremoved from a client group, all related collector instances and any collecteddata are removed from all the clients in the client group and all the clients in anynested subgroups. Similarly, removing a client from a client group results in thecollector instances, and any collected data that was collected as a result of apolicy or collector added at the group level, to be removed as well.Client-server communicationClients can be categorized into one of three types. Table 2-1 describes the clienttypes.Table 2-1 Security Compliance Manager client types Client type Description Push client The push client permits communication with the server to be initiated by either the client or the server. Usually, the push client establishes an SSL connection to the server and sends data or asks for updates. The server only establishes a connection if an administrator forces an action to be performed on the client using the administration tools. Push is the default method to connect clients, as it requires less resources on the server. Pull client A pull client must wait until the server establishes a persistent SSL connection with the client before data can be sent. There are two situations requiring pull clients: The pull method allows clients to connect to a server, which is located behind a firewall that denies incoming connections. Clients located behind a Security Compliance Manager proxy relay need to be configured as pull clients. The pull mode operation uses more resources on the server. Chapter 2. Tivoli Security Compliance Manager design and structure 15
  29. 29. Client type Description DHCP push A DHCP push client has a dynamic IP address that permits client communication with the server to be initiated by either the client or the server. This option is used for systems that frequently change their host name or IP address. The general communication for the DHCP push client works just like the regular push client; the difference is the DHCP push client establishes the SSL connection. After a connection between the client and the server has been made, either can send data to the other. Clients contact the server at periodic intervals called a heartbeat, which is every 10 minutes by default, to check for updates. During this heartbeat, the client receives any new or updated collectors from the server, along with any new or updated collector schedules and parameters. The client component software itself can be sent by the server and the client updates itself and restarts. This client/server heartbeat can be initiated from the administration console using the soft reset request function, bringing a client into sync without explicitly waiting for the heartbeat. Data gathered by the collectors that have run on the client is queued for delivery to the server on a more frequent basis, which is every minute, by default. Each client is uniquely identified to the server using a client identification (CLI_ID) number. Securing the Security Compliance Manager client The client is designed to provide a maximum level of security. It provides the following security features: Temper resistance The Security Compliance Manager client is designed as a self-contained component. Each client contains its own Java Virtual Machine (JVM™). For all operating system platforms other than HP-UX and NetWare, the JVM is automatically installed under the Security Compliance Manager clients base install directory. The JVM for HP-UX has to be added after the Security Compliance Manager installation. Access to the client files requires root access rights on the system in order to prevent misuse. This is extremely important if the client is installed on critical systems like firewalls. Secure communication The client establishes communication links with the Security Compliance Manager server based on the server’s SSL certificate and IP address. Any other communication requests are denied. This assures that only the authorized Security Compliance Manager server is able to perform configuration requests like collector deployment or schedule changes. The server presents its SSL certificate during the first communication with the16 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  30. 30. client (first contact trust). This certificate is used to verify the server’s unique identity and to encrypt all traffic within the Tivoli Security Compliance Manager environment.CollectorA collector is a Java language-based software module, packaged as a JavaArchive (JAR) file, that collects specific information from a client system. Acollector is designed to have a short execution time and to be non-invasive. Thecollector may use different methods for collecting data depending on thecompliance data to be gathered: Reading the content of one or more files on the client system. Running an operating system command or utility and examining the output. Running an executable program packaged as part of the collector JAR file and examining the output. Reading information from the registry on Microsoft Windows systems. Remotely logging in to another system and gather data. This method allows you to collect security compliance data from systems that do not support Java applications.Figure 2-2 on page 18 depicts the concept of Security Compliance Managercollectors. The first time a collector is deployed to a client, the JAR file for thecollector is sent from the server to the client, along with the collector scheduleand any associated parameters (1). Multiple instances of a collector can bedeployed to a client. Subsequent instances of the collector share the same JARfile, but run on their own schedule and with their own parameters. Each instanceof a collector is uniquely identified by a collector instance number(INSTANCE_ID). According to its schedule, the collector starts to read securitycompliance data from its corresponding data source, for example, the WindowsRegistry (2). Data collected by each collector instance is queued by the clientand delivered to the server on a periodic basis, by default every minute (3).Delivery of collected data is determined by two configurable settings in theclient.pref file: flush.interval (the default is 60 seconds) and flush.threshold (thedefault is 100 messages).The collected data is not stored on disk, but kept in memory until the connectionto the server is established. The server stores the information received from theclient into one or more tables in the database. The data in the database table isuniquely identified by the client identification number (CLI_ID) and the collectorinstance number (INSTANCE_ID) (4). When a collector instance is removedfrom a client, any data associated with that instance of the collector is removedfrom the database tables by the server. Chapter 2. Tivoli Security Compliance Manager design and structure 17
  31. 31. 1 3 ITSCM Client ITSCM Server win.any.local_group.jar 4 2 ITSCM Database Windows Registry CLI_ID INSTANCE_ID LOCAL_GROUP USERID LOGDATE 1219 27 Administrators Axel 2004-09-27 18:44:17.0 1219 27 Guests Hendrik 2004-09-27 18:44:17.0 1219 27 Guests Dieter 2004-09-27 18:44:17.0 Figure 2-2 Security compliance data stored in collector-specific database tables Securing the collector system The Security Compliance Manager collector system provides security features to prevent unauthorized manipulation of deployed collectors and the deployment of collectors that are not appropriate for a particular environment. Figure 2-3 on page 19 shows the signatures that are requested by a Security Compliance Manager client before it accepts any collectors: IBM (origin) certificate (IBM) The IBM collector certificate is included with Security Compliance Manager. This certificate is used by both the client and the server to verify that collectors were provided as part of an official IBM product. The IBM private key is not supplied with the product. This behavior is configurable in the Security tab of the Security Compliance Manager administration console. The IBM certificate prevents unauthorized third-party or malicious collectors from being used. Alternatively, you can use your own certificate for signing collectors. Collector authorization certificate The authorization root certificate is generated at installation time and protected by the server password. It is used to create authorization certificates (AC). Authorization certificates are used to digitally sign collectors that can be registered on the server. The authorization certificate allows constraints to be placed on the administrators by restricting the collectors they can load to a known set of collectors. Clients use certificates created with the authorization root certificate to verify that the collectors they receive were sent from the server. This certificate limits the collectors that an administrator can load to a designated subset and prevents the administrator from using IBM signed collectors that are not appropriate for a particular deployment.18 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  32. 32. Unsigned collectors collector Collectors signed with IBM certificate denied IBM collector ITSCM Client Collectors signed with IBM and authorization certificates accepted IBM collector ACFigure 2-3 Required collector certificateProxy relayThe IBM Tivoli Security Compliance Manager proxy relay provides a solution forthe scenario of a server separated from destination clients by one or moreintermediary networks because of firewall policies or address space concerns.The goal of the proxy relay is to permit the server to successfully connect to andcommunicate with each destination client system.Figure 2-4 on page 20 illustrates that any Security Compliance Manager clientmay be used as a proxy relay if a special collector calledcom.ibm.jac.server.JACProxy.jar is added to the Security Compliance Managerclient using the Security Compliance Manager administration tools. The proxyrelay collector permits a client to act as an intermediary, or proxy, between theserver and a number of clients behind a firewall. The collector does not collectdata in the usual sense, but does gather statistics on the clients using the proxyrelay and the amount of data being transferred. Chapter 2. Tivoli Security Compliance Manager design and structure 19
  33. 33. ITSCM Server ITSCM Client com.ibm.jac.server.JAC Proxy.jar ITSCM Client win.any.local_group.jar Windows Registry Figure 2-4 Security Compliance Manager client configured as proxy relay Securing the proxy relay system The proxy collector is a special collector that permits a client to act as an intermediary between the server and other clients. This function is useful in situations where direct communication between the server and clients might be impossible due to firewall policies or address space issues. Because the proxy relay can also be used to bypass a site’s security, the proxy relay must possess a method to prevent abuse. The proxy relay enforces a security policy through the use of configurable Access Control Lists (ACLs). An Access Control List is a security method that uses a set of rules to determine which resources can be accessed by whom and from where. The proxy relay uses two ACLs, one to regulate incoming traffic, and one to regulate outgoing traffic. Each of these ACLs consists of a list of IP addresses and ports. Details on how to configure ACLs for proxy relay communication can be found in Chapter 15, “Installing and using proxy relays”, in the IBM Tivoli Security Compliance Manager Version 5.1 Administration Guide, SC32-1594.2.1.2 Compliance evaluation components Security Compliance Manager compliance evaluation components extract the data collected, analyze the data for non-compliance, and provide the input for reports in order to reveal adherence to internal and industry-standard security policies.20 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  34. 34. Security Compliance Manager policyA Security Compliance Manager policy consists of one or more specially writtenSQL queries that are used to reveal compliance or violation of system securityrequirements. The combined results of all the queries in the policy indicate thelevel of adherence to the security policy. Policies can be applied to one or moreclient groups. Each SQL query in a policy is called a compliance query. Acompliance query extracts, from one or more collector tables, data specificallycollected for the compliance query, analyzes that data, and then returns the listof clients that are in violation of that specific security requirement. A compliancequery is created to return a list of violations. The results of all the compliancequeries associated with a policy can be used to provide a picture, or snapshot, ofthe level of compliance for all clients in a client group. The results of thecompliance queries directly depend on the data extracted from the collectortables. When a policy is added to a client group, all the collectors required by thepolicy are added to the client group and inherited by all the member clients andclient groups. The clients must run these collectors and return the data back tothe server before the policy can produce meaningful snapshot reports. A policyconsists of: One or more compliance queries One or more collectors that might have parameters and a default schedule associated with them A schedule for when a snapshot should be taken and sent to a set of e-mail addressesPolicies are created using the Policies page of the administration console. After apolicy has been created, it can be exported to a special binary file called a policybundle. The policy bundle contains everything needed to re-create the policy: thecompliance queries, the collectors, including their authorization keys, the defaultcollector schedules, and any collector parameters. The maximum data sizeassociated with the collector tables is saved also. The policy bundle does notcontain information regarding the snapshot schedule. Importing a policy bundleon the same or a different server results in the collectors being installed with theirdefault schedules and parameters, only if the collectors are not already installed,and the compliance queries are made available. Also note that more recentversions of collectors that might already be present on a server are not replacedby collectors bundled with the policy. Before a policy can be used, the collectorsassociated with the policy might need to be signed with one or moreauthorization keys. All the collectors must be registered. To authorize thecollectors, if necessary, use the Collectors page of the administration console, orthe scmsignpolicycollectors command. To register the collectors associatedwith a policy, use the Collectors page or the scmregisterpolicycollectorscommand. Chapter 2. Tivoli Security Compliance Manager design and structure 21
  35. 35. Security Compliance Manager snapshot A snapshot provides the compliance status of all client systems that are associated with a policy. Security Compliance Manager creates a snapshot by running all the compliance queries in a policy against all clients associated with the policy. The snapshot content consists of the output of the SQL compliance queries. Security Compliance Manager saves the results of a snapshot in the Security Compliance Manager database for further processing. Users may view the snapshot results using the Security Compliance Manager administration tool, or send the results to one or more e-mail addresses. Security Compliance Manager snapshot administrators can create snapshots on a scheduled basis, or can produce snapshots on demand using the administrative utilities. Archiving the results of snapshots on a regular basis can be used to show compliance with both internal security requirements, as well as industry-standard or governmental security and privacy requirements, over a period of time.2.1.3 Compliance report components Security Compliance Manager compliance report components provide the report capabilities that help reveal adherence to internal and industry-standard security policies. There are three types of reports provided by Security Compliance Manager. 1. Using the Reports Panel in the admin GUI, you can schedule queries and generate reports. 2. You can create snapshot reports (from scheduled snapshots). 3. You can use Crystal Reports (which include operational reports and historical reports). Security Compliance Manager report Tivoli Security Compliance Manager provides a reporting capability in the administration console. Each report contains the result of a single snapshot and lists the violations and the corresponding client details, as depicted in Figure 2-20 on page 48. A Security Compliance Manager administrator can schedule a report to run on a periodic basis and configure Security Compliance Manager to automatically send the results to specified e-mail addresses. Security Compliance Manager operational reports Security Compliance Manager provides operational reports for security compliance reporting. Operational reports require Crystal Enterprise, a server-based infrastructure for report delivery. Figure 2-5 on page 23 depicts the process of report creation and which Crystal products are involved. The Crystal Enterprise administration guide is included with the installation media in the22 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  36. 36. subdirectory doc. Additional information can be found athttp://www.businessobjects.com/products/platform/enterprise.asp. report development publishing reports Design Crystal Crystal Web GUI Reports Enterprise Interface Report save import ReportDeveloper report report User templates templates Operational Report Operational operational Report report templateFigure 2-5 Security Compliance Manager report development using Crystal productsBusiness Objects, the company that created Crystal Reports and CrystalEnterprise, offers different product suites. According to Business Objects, thebaseline product is Crystal Reports, which is associated with reportdevelopment. The report developer uses Crystal Reports for creating databaseconnections, selecting database records, and designing new reports. The reportscan then be saved to file as report templates and imported into CrystalEnterprise. Crystal Enterprise consists of multiple server components thatprovide the ability to schedule the creation of reports, to manage users and usergroups, to configure security settings, and to organize reports using reportfolders. Crystal Enterprise publishes the reports using a Web interface. Note: If you do not have a Crystal Enterprise server in your environment you can also use a regular HTTP server to publish the results, such as the IBM HTTP Server. Chapter 2. Tivoli Security Compliance Manager design and structure 23
  37. 37. Security Compliance Manager provides the following operational report templates (the latest additions and documentation on reports can be found in the IBM Tivoli Security Compliance Manager Version 5.1 — Fix Pack 5.1.0-TIV-SCM-FP0009 — February 18, 2005 — Operational Reports Reference): 1. Administrative Activity Displays a history of the administration activities that were performed by users. 2. Changes to Roles and Permissions Displays a history of changes to the definitions for roles and permissions. 3. Client Group Membership Displays information about client groups and their members. 4. Client Violations Displays the policies and their latest snapshots. This report includes the details for all the violations associated with a client. Figure 2-6 on page 25 shows an example report. 5. Collector Run Information Displays information about previous runs of collectors. 6. Compliant and Non-compliant Systems Displays the systems that are compliant with the defined security policy as well as systems that are not in compliance. 7. Policy Import Time Displays the names and descriptions of all the policies that have been imported. 8. Policy Violations Trends Displays the violation information associated with all the policies. 9. Roles and Permissions Information This report displays information about the roles and permissions that are assigned to users. 10.Snapshot Creation Completion Displays the times that each snapshot associated with the policies were created. 11.User Group Membership This report displays information about user groups and their members.24 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  38. 38. Figure 2-6 Example for operational report: Client Violations2.1.4 Security Compliance Manager server The server is Java language-based software that centrally manages all data associated with Tivoli Security Compliance Manager. By default, the server runs as a daemon with root authority on UNIX systems and as a service running as the local system account on Microsoft Windows systems. The Security Compliance Manager server is the central component of a Security Compliance Manager infrastructure and manages compliance report components, compliance evaluation components, and data collection components. The Security Compliance Manager administrators and users Chapter 2. Tivoli Security Compliance Manager design and structure 25
  39. 39. access the Security Compliance Manager server functions using the administration tools. 2.1.5, “Administration components” on page 28 describes the administration tools and the server functions in detail. 2.3, “Security Compliance Manager walkthrough” on page 32 demonstrates how to use Security Compliance Manager’s administration console in order to perform the administration tasks. The Security Compliance Manager server stores the data associated with the objects being managed in a centralized DB2 relational database. The server is the only Tivoli Security Compliance Manager component that directly accesses the database. Data can be extracted for system analysis, to generate status reports, and, as a preventative maintenance mechanism, to provide status and warning notifications. Authentication By default, authentication of users of the administration console and administration utilities is handled by the Tivoli Security Compliance Manager server. User information is stored in the database with the password being stored in MD5 message-digest format. The server does not enforce any password rules or perform any password strength testing and no mechanism exists to recover a forgotten password. Security Compliance Manager provides the option to integrate with any authentication system by offering the authentication interface based on Java Authentication and Authorization Service (JAAS). 3.2.7, “Integration with access control management systems” on page 66 describes the JAAS interface. Securing the Security Compliance Manager server The Security Compliance Manager server manages data, which can be an invaluable source of information for all kinds of intruders. The Security Compliance Manager database contains a list of IT systems, IP addresses, user accounts, configuration options, and much more information, which can provide hints for potential starting points for attacks. Tivoli Security Compliance Manager provides the following features to secure the Security Compliance Manager server and its data: Secured communication between server and administration console The communication between server and administration console is secured by SSL. The administration console verifies the identity of the server based on the server certificate. If the server is contacted for the first time or the server’s certificate is renewed, then Security Compliance Manager displays the dialog window shown in Figure 2-7 on page 27. The Security Compliance Manager user may then contact the server administrator to verify that the certificate has changed before accepting the new certificate. This ensures that the Security Compliance Manager user is always talking to the correct Security Compliance Manager server instance.26 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  40. 40. Figure 2-7 Warning that a new Security Compliance Manager server is accessed Secured communication between server and client The Security Compliance Manager client establishes communication links with the Security Compliance Manager server based on the server’s SSL certificate and IP address. Any other communication requests are denied. This ensures that only the authorized server is able to perform configuration requests like collector deployment or schedule changes. The server presents its SSL certificate during the first communication with the client (first contact trust). This certificate is used to verify the server’s unique identity and encrypts all traffic within the Tivoli Security Compliance Manager environment. Protecting the database The DB2 database contains valuable information about the IT infrastructure and known vulnerabilities. The node hosting Security Compliance Manager’s DB2 database system should be placed in a trusted security zone. Additionally, access to the Security Compliance Manager database should be restricted to the absolute minimum.Communications between Tivoli Security Compliance Manager components aresecured using 128-bit Secure Sockets Layer (SSL) encryption. The cipher suitesused are RSA_WITH_RC4_128_SHA, RSA_WITH_RC4_128_MD5, andRSA_WITH_3DES_EDE_CBC_SHA. Chapter 2. Tivoli Security Compliance Manager design and structure 27
  41. 41. 2.1.5 Administration components Administrators and users use the administration components to centrally manage all the other components of the Security Compliance Manager infrastructure. The administration components consist of the Security Compliance Manager administration console and the command line interface (CLI). The following sections describe the administration components. Administration console The administration console is the graphical user interface (GUI) used to manage Tivoli Security Compliance Manager servers, clients, collectors, and keystores. The administration console also manages the data collected by the collectors, analyzes that data, and generates reports. The administration console offers functions to perform the following tasks: Manage individual client systems (register and unregister clients) Manage client groups (add and remove groups, and add and remove systems to and from groups) Manage collectors (install collectors, view status, set values for collector parameters, and customize schedules) Manage users (add and remove users, and create and manage user groups and roles) Manage proxy relays (define proxy relays and assign routing paths) Manage database tables (create delta tables and set maximum data age) Manage policies (create, import, and export policies, assign policies to client groups, schedule, run, and view snapshots Manage reports (define reports and run reports) Define and test SQL database queries Manage the server (define authorization keys, view server activity, back up keystores, and manage the database connection) Command line interface The command line interface provides an alternative to the administration console and offers a subset of the functions available with the administration console. The command line interface enables the administrator to perform operations on a large number of objects or to automate operations with scripts or batch files. The command line tools are available on all supported platforms.28 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  42. 42. A detailed list of commands, command parameters, and their usage is provided in the IBM Tivoli Security Compliance Manager Version 5.1 Administration Guide, SC32-1594.2.2 Physical component architecture In our discussion of Security Compliance Manager’s logical component architecture above, we have focused primarily on the logical relationships among software components, and not necessarily on the specific system configurations upon which they are installed. In this section, we introduce the physical aspects of Security Compliance Manager’s components and provide guidelines on how to deploy the software components on physical nodes.2.2.1 Communication port usage Our description of Security Compliance Manager’s logical components shows the server as the central component of a Security Compliance Manager infrastructure. The server communicates with all other components using different protocols. Figure 2-8 on page 30 depicts the default port usage for Security Compliance Manager server’s communication links. The direction of the arrows in the diagram indicate the initiator of the communication. The different types of communication links are: From administration tools to server Communications between the administration console or command line interface and the server is based on Remote Method Invocation (RMI). The following ports are used: – Administration utility to server: 1955 (RMI-Naming) Between server and push clients The communication can be initiated in two different ways: – Client to server using port 1951: Communications between the push client and server is established, if the client wants to transfer collected data to the server. This connection is set up as required and released after the data transfer. – Server to client using port 1950: This connection is optional. It is set up only if an administrator executes commands that require communication with the client, for example, if the administrator requests direct execution of a collector. If firewall rules forbid this communication, the functionality of the push client is not affected. Chapter 2. Tivoli Security Compliance Manager design and structure 29
  43. 43. Between server and pull clients Communication with a pull client is initiated by the Security Compliance Manager server. The default port for this communication is 1950. This connection is permanent. Between server and proxy relay Communication with a proxy relay is initiated by the server using the default port 1960 on the proxy relay. This connection is permanent regardless of whether the proxy relay is configured as a push or pull client. If configured as a push client, the relay must be connected directly to the server. Between proxy relay and pull clients Communication with a pull client is initiated by the server. The default port for this communication is 1950. This connection is permanent. The proxy relay can only connect to pull clients. ITSCM ITSCM ITSCM Admin GUI Admin CLI Operational Report 1955 RMI Naming 1951 1952 logcmd JLOG port ITSCM PUSH Clients ITSCM Database Server ITSCM Server 1950 1950 1960 1950 1950 1960 Client port Client port Proxy port Client port Client port Proxy port 1953 logcmd 1953 logcmd 1953 logcmd 1953 logcmd JLOG port JLOG port JLOG port JLOG port ITSCM PUSH Client ITSCM PUSH Client (Proxy) ITSCM PULL Client ITSCM PULL Client (Proxy) 1950 1950 1960 1950 1950 1960 Client port Client port Proxy port Client port Client port Proxy port 1953 logcmd 1953 logcmd 1953 logcmd 1953 logcmd JLOG port JLOG port JLOG port JLOG port ITSCM PULL Client ITSCM PULL Client (Proxy) ITSCM PULL Client ITSCM PULL Client (Proxy) permanent connection temporary connection (required) temporary connection (optional) Figure 2-8 Communication port usage30 Deployment Guide Series: IBM Tivoli Security Compliance Manager
  44. 44. 2.2.2 Deployment on physical nodes Security Compliance Manager supports different operating systems and configuration options for its server and proxy relay deployment. The following section describes the deployment options and provides some hints for the selection of nodes. Deployment of Security Compliance Manager server IBM recommends that you install the Security Compliance Manager server on a system with a high processor speed and ample disk space. The system that contains the server should be solely dedicated to that task. This configuration allows the system to be tuned and optimized for running Security Compliance Manager. This configuration also keeps the server from having to compete with other applications for system resources. The database server serves as the repository for all Security Compliance Manager data. The database server can be deployed on the same system as the Security Compliance Manager server; however, for better performance, the database server should be installed on a separate system. For even better performance, the database server can be installed on a multi-processor machine. The IBM Tivoli Security Compliance Manager Version 5.1 Deployment and Tuning Guide1 provides a formula and examples that describe the throughput calculation for the Security Compliance Manager server hardware: Throughput requirement = Number of clients * Number of collectors * Collector message size / Frequency of data collection The components of the formula are defined as follows: Number of clients The total number of clients connected to the Security Compliance Manager server. Number of collectors The average number of collectors deployed on a single client. Collector message size The average size of the message sent from the data collector to the server. This size should be determined in a test environment or during a pilot phase. 1 The IBM Tivoli Security Compliance Manager Version 5.1 Deployment and Tuning Guide is available as a part of the IBM Tivoli Security Compliance Manager 5.1 Utilities at http://www-1.ibm.com/support/docview.wss?rs=2004&context=SSVHZU&dc=D400&uid=swg24007082& loc=en_US&cs=utf-8&lang=en. Chapter 2. Tivoli Security Compliance Manager design and structure 31

×