Secure your network with OmniGuard/ESM

AXENT Technologies' OmniGuard/ESM (Enterprise Security Manager) 4.4 is a multi-platform security monitoring system that includes support for Windows NT. OmniGuard/ESM is extremely useful in a single-server environment but is downright invaluable in a multiserver environment that includes NT Server, UNIX, OpenVMS, and Novell IntranetWare.

OmniGuard/ESM lets a network manager verify that security policies are in place. For example, your corporate security policy may require that passwords are at least six characters long. Checking for this policy is simple for a single-server environment but tedious for larger networks. OmniGuard/ESM can easily perform this check in a multiserver environment. But this feature is just one of OminiGuard/ESM's functions.

You can configure OmniGuard/ESM so that security policymakers and security policy implementers are not the same people. This capability lets a security manager create a policy and see reports on the network's status, but not change any of the security elements in NT (or any other operating systems). Network managers can see policy reports but not change the security policy. However, they can change the security elements within NT.

Usernames and passwords are one aspect of security that OmniGuard/ESM checks. The software can check password durability, which includes password length and matches with common words. You can also include a set of company-specific words so that users don't have passwords that match project names. OmniGuard/ESM checks file attributes, directory attributes, system auditing settings, and even system startup files. Platform-specific checks, such as email checks for UNIX and NetWare, are also available.

OmniGuard/ESM uses client/server architecture. A client, or OmniGuard/ ESM agent, runs on a PC where security will be checked. The server is where OmniGuard/ESM maintains and manages the results of the security checks. Security managers can access the server to make changes and run reports. Network managers can also run reports.

Although using OmniGuard/ESM does not guarantee a secure network, it does let you identify potential security problems. The software recommends changes and provides both text and graphical reports that are easy to understand.

Installation
Installing OmniGuard/ESM was quick and simple. The program installed both the NT OmniGuard/ESM agent and the NT OmniGuard/ESM server. The OmniGuard/ESM CD-ROM contains software for agents and servers for each platform supported. The OmniGuard/ESM server installation process requires a special license key, which incorporates licensing details such as the number of supported agents.

Installing OmniGuard/ESM on a second NT server and an IntranetWare server required agent installation only. The software uses TCP/IP as the transport between agents and server. TCP/IP support was already in place, so the software needed no additional configuration for network operation. You can also use IPX with IntranetWare environments.

Installation for both the NT Server agent and server was identical. The IntranetWare agent installation was slightly different, because the agent is a NetWare loadable module (NLM). The IntranetWare agent required a registration step for the NT OmniGuard/ESM server to recognize it. Agents are always running, but they perform checks only on server requests.

You can manage large, distributed networks by interfacing multiple Managers to centralized Super Managers. I implemented a single Manager environment. Super Managers let you forward security information to a central location.

OmniGuard/ESM lets you group agents into domains. The domains are often configured to match the NT domains, but this is not a strict requirement. Instead, the OmniGuard/ESM domains can match the security requirements. For example, high-security areas can map to one OmniGuard/ESM domain and low-security areas can map to another domain.

Next, OmniGuard/ESM defines users. The software requires a single user account but most environments will have multiple user accounts with varying degrees of control. For example, the security manager, who is usually the OmniGuard/ESM installer, can create policies and run and examine reports. Network managers can run and examine reports and must also have accounts that let them change security on appropriate PCs.

After installation, it is a good idea to run an immediate security check involving all agents, as shown in Screen 1. This check tests the communications support and determines the current security setup for the network. The time required for a security check depends on the number and complexity of the agent PCs. Security checks operate in tandem on each agent, and the entire operation is complete in less than an hour.

Operation
OmniGuard/ESM provides two interfaces to an OmniGuard/ESM server. One interface employs a command line interface and the other interface uses a GUI. The OmniGuard/ESM documentation covers command line interface commands, and online Help is available for both interfaces. The command line interface is useful because its implementation spans server platforms. It can also be used to automate reporting through scripting.

The 32-bit Windows OmniGuard/ESM management application is where most security managers and network managers will work. It provides access policies, policy checking schedules, and reporting. You can run the management application from any Windows 95 or NT workstation, not just a PC that is running the OmniGuard/ESM server.

The management application lets you create reports and save them for later comparisons with new results. You can print the reports or view them on screen. As you run new reports, you can see improvements in security performance. OmniGuard/ESM includes a search function to let you quickly pinpoint problems in large reports.

Network managers usually have the responsibility of correcting problems. In most cases, OmniGuard/ESM can help fix problems after it identifies them if you click the Correct push-button in the Security Report dialog box (as shown in Screen 2). Typically, OmniGuard/ESM presents a dialog box with actions, such as changing a password or permission, to fix the problem. The software logs these corrections, and an undo function lets you reverse a correction. In some instances, OmniGuard/ESM can only recommend changes. Network managers must then use NT tools to make the necessary changes.

A Good Investment
OmniGuard/ESM proved to be an excellent tool that found a number of flaws in our multivendor (NT Server and Novell IntranetWare) environment. The overall operation was very simple--even users who were not well-versed in its intricacies could use it.

A few areas need polishing, however. For example, the policy report summary uses color-coded names for status indicators, but it does not use these colors in the report. It does, however, use them for graphed results. Another minor point is that some of the windows did not make optimum use of the screen real estate with an enlarged window.

OmniGuard/ESM works with other AXENT products such as OmniGuard/ITA (Intruder Alert) and OmniGuard/EAC (Enterprise Access Control) for Win95. The latter provides access security for Win95 that is more advanced than NT's security.

OmniGuard/ESM is well worth the investment of time and money if you need to protect your data and your network. It does not guarantee security, but it does make checking security manageable.

OmniGuard/ESM 4.4
Contact: AXENT Technologies * 800-298-2620
Web: http://www.axent.com