Simplify Management of IT Security and Compliance with IBM PowerSC in Cloud and Virtualized Environments

Simplify Management of IT Security and Compliance with IBM PowerSC in Cloud and Virtualized Environments

by Dino Quintero, Faraz Ahmad, Stephen Dominguez, David Pontes, Cesar Rodriguez
Released September 2019
Publisher(s): IBM Redbooks
ISBN: 9780738457970

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This IBM® Redbooks® publication provides a security and compliance solution that is optimized for virtualized environments on IBM Power Systems™ servers, running IBM PowerVM® and IBM AIX®. Security control and compliance are some of the key components that are needed to defend the virtualized data center and cloud infrastructure against ever evolving new threats. The IBM business-driven approach to enterprise security that is used with solutions, such as IBM PowerSC™, makes IBM the premier security vendor in the market today.

The book explores, tests, and documents scenarios using IBM PowerSC that leverage IBM Power Systems servers architecture and software solutions from IBM to help defend the virtualized data center and cloud infrastructure against ever evolving new threats.

This publication helps IT and Security managers, architects, and consultants to strengthen their security and compliance posture in a virtualized environment running IBM PowerVM.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. IT security and Compliance Management
    1. 1.1 Business context for IT security
    2. 1.2 Influential factors for IT security
      1. 1.2.1 Business factors that influence security
      2. 1.2.2 IT factors that influence security
    3. 1.3 IBM Security Framework
    4. 1.4 IBM Security Blueprint
    5. 1.5 Security and Compliance Management
      1. 1.5.1 Audit reports
    6. 1.6 Summary
  5. Chapter 2. IBM PowerSC GUI Server
    1. 2.1 Component architecture
    2. 2.2 Installing IBM PowerSC GUI server
      1. 2.2.1 AIX
      2. 2.2.2 Red Hat Enterprise Linux
      3. 2.2.3 SUSE Linux Enterprise Server
    3. 2.3 GUI administration
      1. 2.3.1 Endpoint administration
      2. 2.3.2 Manage users and groups
      3. 2.3.3 PowerSC GUI login
    4. 2.4 Installing the UIAgent
      1. 2.4.1 Installing UIAgent on AIX
      2. 2.4.2 Installing UIAgent on RHEL
    5. 2.5 Endpoint administration
      1. 2.5.1 Generate keystore
      2. 2.5.2 Security certificate expiration dates
      3. 2.5.3 IBM PowerVC integration
    6. 2.6 Managing groups in IBM PowerSC GUI
      1. 2.6.1 Creating groups
      2. 2.6.2 Renaming groups
      3. 2.6.3 Editing groups
      4. 2.6.4 Cloning groups
      5. 2.6.5 Deleting a group
    7. 2.7 IBM PowerSC GUI server features
      1. 2.7.1 Home tab
      2. 2.7.2 Compliance tab
      3. 2.7.3 Security tab
      4. 2.7.4 Reports tab
      5. 2.7.5 Profile Editor tab
  6. Chapter 3. Compliance automation
    1. 3.1 IBM PowerSC compliance automation overview
      1. 3.1.1 Business challenge
      2. 3.1.2 Security and compliance automation concepts
    2. 3.2 Installation
      1. 3.2.1 Operating system prerequisites
    3. 3.3 Profiles
      1. 3.3.1 Payment Card Industry Data Security Standard (PCI) v3
      2. 3.3.2 General Data Protection Regulation
      3. 3.3.3 Test scenarios with GDPR and PCIv3
    4. 3.4 Applying a profile
      1. 3.4.1 Using the GUI
    5. 3.5 Checking compliance
      1. 3.5.1 Checking against applied profile
      2. 3.5.2 Simulate option
    6. 3.6 UNDO
    7. 3.7 Custom profile
    8. 3.8 Importing custom profiles not created with IBM PowerSC
    9. 3.9 Applying the PCIv3 profile to an AIX LPAR
      1. 3.9.1 Simulate first
  7. Chapter 4. Real-Time File Integrity Monitoring
    1. 4.1 PowerSC Real-Time Compliance
      1. 4.1.1 Detailed implementation
      2. 4.1.2 Deployment considerations
      3. 4.1.3 Installation
      4. 4.1.4 Configuration steps
      5. 4.1.5 RTC configuration files
      6. 4.1.6 Adding a new file to RTC file monitoring list
      7. 4.1.7 Local logging
      8. 4.1.8 SNMP traps
      9. 4.1.9 RTC debug mode
    2. 4.2 AIX Trusted Execution
      1. 4.2.1 Components of Trusted Execution
      2. 4.2.2 Trusted Execution modes
      3. 4.2.3 Trusted Execution integration with PowerSC GUI
      4. 4.2.4 System integrity check with PowerSC GUI
      5. 4.2.5 Online Check with PowerSC GUI
      6. 4.2.6 TSD customization with PowerSC GUI
      7. 4.2.7 Best practice to enable TE in online mode
      8. 4.2.8 Updating an application that is integrated with TE
    3. 4.3 Linux auditd
      1. 4.3.1 Prerequisites
      2. 4.3.2 Configuration
      3. 4.3.3 Add file for monitoring
      4. 4.3.4 View FIM alerts
    4. 4.4 FIM reporting with PowerSC GUI
      1. 4.4.1 Dashboard view of FIM events
      2. 4.4.2 Reporting of FIM events
  8. Chapter 5. PowerSC Trusted Network Connect and Patch Management v1.2.0.0
    1. 5.1 Introduction
    2. 5.2 Component architecture
    3. 5.3 Simplifying management of security and compliance by using TNC
    4. 5.4 Deployment considerations
      1. 5.4.1 Disk and memory requirements
      2. 5.4.2 Requirements to install software
      3. 5.4.3 Host installation matrix for TNC components
      4. 5.4.4 Syslog configuration
    5. 5.5 Installing TNCPM
      1. 5.5.1 Networking requirements for TNCPM internet connections
      2. 5.5.2 Configuring the TNCPM
      3. 5.5.3 Configuring the Trusted Network Connect Server
      4. 5.5.4 Configuring the Trusted Network Connect Client
      5. 5.5.5 Configuring Trusted Network Connect Server email
    6. 5.6 Working with Trusted Network Connect and Patch Management
      1. 5.6.1 Verifying the Trusted Network Connect Client
      2. 5.6.2 Viewing the Trusted Network Connect Server logs
      3. 5.6.3 Viewing the verification results of the TTNCCs
      4. 5.6.4 Updating the Trusted Network Connect Client
      5. 5.6.5 Updating and verifying by using PowerSC GUI 1.2.0.0
      6. 5.6.6 New TNC functions provided in PowerSC GUI 1.2.0.1
      7. 5.6.7 Update logs
    7. 5.7 Troubleshooting
      1. 5.7.1 Check syslog
      2. 5.7.2 Verify your configuration files
      3. 5.7.3 Update operation fails while AIX Trusted Execution is enabled
      4. 5.7.4 Refreshing the daemons to correct anomalies
      5. 5.7.5 Enabling TNCS verbose logging
      6. 5.7.6 More information
  9. Chapter 6. Trusted Logging
    1. 6.1 Component architecture
      1. 6.1.1 Built on virtual SCSI foundations
      2. 6.1.2 Virtual Log devices
      3. 6.1.3 Virtual logs
      4. 6.1.4 Virtual log directory and file structure
      5. 6.1.5 Virtual log repositories
      6. 6.1.6 Shared storage pools
    2. 6.2 Deployment considerations
      1. 6.2.1 Deploying Trusted Logging on a dedicated Virtual I/O Server
      2. 6.2.2 Securing the Virtual I/O Server
      3. 6.2.3 Local virtual logs or shared storage pools
      4. 6.2.4 Where to store local virtual logs
    3. 6.3 Detailed implementation
      1. 6.3.1 Virtual log target devices
      2. 6.3.2 Virtual log devices
      3. 6.3.3 Messages that are written to the state files
      4. 6.3.4 Multipath presentation on the client LPAR
      5. 6.3.5 Workload partitions
      6. 6.3.6 Performance
    4. 6.4 Installation
      1. 6.4.1 Installing the Client LPAR component
      2. 6.4.2 Verifying the version of the Virtual I/O Server
    5. 6.5 Working with Trusted Logging
      1. 6.5.1 Changing the local virtual log repository file system
      2. 6.5.2 Creating a virtual log on a single Virtual I/O Server
      3. 6.5.3 Accessing virtual log data on the Virtual I/O Server
      4. 6.5.4 Configuring shared storage pools
      5. 6.5.5 Demonstrating multipath failover
      6. 6.5.6 Configuring AIX auditing to use a virtual log
      7. 6.5.7 Configuring syslog to use a virtual log
      8. 6.5.8 Backing up Trusted Logging data on the Virtual I/O Server
      9. 6.5.9 Deleting virtual logs and virtual log target devices
    6. 6.6 Troubleshooting
    7. 6.7 Conclusion
  10. Chapter 7. Trusted Boot
    1. 7.1 Overview
    2. 7.2 Component architecture
      1. 7.2.1 Trusted Boot technical overview
    3. 7.3 Detailed implementation
    4. 7.4 Installation
      1. 7.4.1 Installing the collector
      2. 7.4.2 Installing the verifier
    5. 7.5 Working with Trusted Boot
      1. 7.5.1 Configuring SSH
      2. 7.5.2 Enabling Virtual Trusted Platform Module (vTPM)
      3. 7.5.3 Enrolling a system
      4. 7.5.4 Attesting a system
      5. 7.5.5 Attesting multiple systems
      6. 7.5.6 Simulating a failure
    6. 7.6 Troubleshooting
      1. 7.6.1 Common problems
      2. 7.6.2 Diagnosis
    7. 7.7 Conclusion
  11. Chapter 8. Trusted Firewall
    1. 8.1 Component architecture
      1. 8.1.1 Firewall technologies
      2. 8.1.2 Deny and permit
      3. 8.1.3 Packet filtering rules
      4. 8.1.4 Security policies
    2. 8.2 Detailed implementation
    3. 8.3 Deployment considerations
    4. 8.4 Installation
      1. 8.4.1 Trusted Firewall installation
      2. 8.4.2 Verifying the Trusted Firewall installation
    5. 8.5 Working with Trusted Firewall
      1. 8.5.1 Configuring the Secure Virtual Machine
      2. 8.5.2 Configuring the filter rules
      3. 8.5.3 Removing Trusted Firewall
    6. 8.6 Troubleshooting Trusted Firewall
    7. 8.7 Conclusion
  12. Appendix A. Trusted Firewall addendum
    1. ICMP codes
    2. ICMPv6 codes
  13. Related publications
    1. IBM Redbooks
    2. Online resources
    3. Help from IBM
  14. Back cover

Product information

  • Title: Simplify Management of IT Security and Compliance with IBM PowerSC in Cloud and Virtualized Environments
  • Author(s): Dino Quintero, Faraz Ahmad, Stephen Dominguez, David Pontes, Cesar Rodriguez
  • Release date: September 2019
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738457970