Technical white paper
36
Table 1. Security controls
Information
Security – User
Access Reviews
All levels of user access shall be reviewed by management
at planned intervals and documented. For access violations
identified, remediation must follow documented access
control policies and procedures.
Information
Security – Incident
Management
Policies and procedures shall be established to triage
security related events and ensure timely and thorough
incident management.
Information
Security – Audit
Tools Access
Access to, and use of, audit tools that interact with the
organizations information systems shall be appropriately
segmented and restricted to prevent compromise and
misuse of log data.
Information
Security – Incident
Response Metrics
Mechanisms shall be put in place to monitor and quantify
the types, volumes, and costs of information security
incidents.
Security
Architecture – Audit
Logging / Intrusion
Detection
Audit logs recording privileged user access activities,
authorized and unauthorized access attempts, system
exceptions, and information security events shall be
retained, complying with applicable policies and regulations.
Audit logs shall be reviewed at least daily and file integrity
(host) and network intrusion detection (IDS) tools
implemented to help facilitate timely detection,
investigation by root cause analysis and response to
incidents. Physical and logical user access to audit logs shall
be restricted to authorized personnel.
Summary
In this document we have shown how to use HP ArcSight Logger and HP ArcSight ESM to enhance security for CloudSystem
Enterprise environments. Using HP ArcSight Logger as a central repository for security and event logging, organizations can
use HP ArcSight ESM to monitor and react to security related events. Monitoring both application and operating system
events provides organizations with a comprehensive view of the CloudSystem environment. We also discussed using the HP
ArcSight Logger to aggregate events and forward specific events to the HP ArcSight ESM for further analysis, investigation,
and action.
Appendix A: ASLinuxAudit.props
The ASLinuxAudit.props file in the Server Automation Package ArcSight-5.2.7.6474.0-Connector-
Linux-props.zip (Figure 26) used for automated deployment of the ArcSight smart connector for Linux audit logger is
shown below. This file was generated by running runagentsetup.sh –i recorderui to capture user input. This
Smart Connector installation response file is configured to send events to the ArcSight Logger with a Smart Connector
configured with the name “Smart”.
#
# Arcsight's Silent Properties File
#
# Please edit this file to set the desired values
#
# Automatically generated on Thu Jan 24 13:02:52 EST 2013
#
#
# InstallAnywhere Installer Properties:
#
INSTALLER_UI=SILENT
USER_INSTALL_DIR=/root/ArcSightSmartConnectors
ARCSIGHT_AGENTSETUP_PROPERTIES=/tmp/ASLinuxAudit.props
# =========================================================
# Panel 'containeroperation'
# =========================================================
(38 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels