Software Product Description ___________________________________________________________________ PRODUCT NAME: POLYCENTER Security Reporting Facility SPD 26.N2.03 for OpenVMS, Version 2.1 DESCRIPTION In previous versions of POLYCENTER[TM] Security products, the name DECinspect was used instead of POLYCENTER Security. POLYCENTER Security Reporting Facility is a security reporting tool that collects and manages security compliance and security event information sent from the following software tools: o POLYCENTER Security Compliance Manager for AIX[R] (SPD 46.11.xx) o POLYCENTER Security Compliance Manager for HP-UX[R] (SPD 46.12.xx) o POLYCENTER Security Compliance Manager for OpenVMS[TM] (SPD 26.N1.xx) o POLYCENTER Security Compliance Manager for ULTRIX[TM] (SPD 41.26.xx) o POLYCENTER Security Compliance Manager for SunOS[R] (SPD 41.25.xx) o POLYCENTER Security Compliance Manager for Solaris[R] 2 (SPD 55.87.00) o POLYCENTER Security Compliance Manager for DEC OSF/1[R] AXP[TM] (SPD 55.86.00) o POLYCENTER Security Intrusion Detector for OpenVMS (SPD 41.27.xx) POLYCENTER Security Reporting Facility software runs on one or more nodes to support centralized collection and management of security compliance data from nodes running POLYCENTER Security Compliance Manager and security events data from nodes running POLYCENTER Security Intrusion Detector. DIGITAL March 1994 AE-PGC6D-TE POLYCENTER Security Compliance Manager software, a compliance manage- ment tool, runs on AIX, HP-UX, OpenVMS, ULTRIX, Solaris 2, DEC OSF/1 AXP, and SunOS nodes in a customer's network and periodically eval- uates compliance with a baseline security policy defined for that node's operating system. Optionally, POLYCENTER Security Compliance Manager forwards the compliance data to the POLYCENTER Security Reporting Facility node. POLYCENTER Security Intrusion Detector software, an intrusion detec- tion tool, runs on OpenVMS , SunOS and ULTRIX nodes in a customer's network and notifies security managers about security events occurring on the node. Optionally, POLYCENTER Security Intrusion Detector for OpenVMS sends the data to the POLYCENTER Security Reporting Facility node, where the designated POLYCENTER Security Reporting Facility adminstrator is notified about these events. With these tools, the security manager can implement and maintain a security policy for nodes running the AIX, HP-UX, OpenVMS, ULTRIX, Solaris 2, DEC OSF/1 AXP, or SunOS operating systems. While POLYCENTER Security Compliance Manager can be used alone in small distributed systems, the centralized management capabilities of POLY- CENTER Security Reporting Facility can be very helpful in managing a large number of nodes or a set of nodes on a dispersed network. If centralized management is desired, the customer will establish one or more POLYCENTER Security Reporting Facility installations on the network. Typically, POLYCENTER Security Reporting Facility installa- tions are set up to support the organizational reporting structure (for example, one POLYCENTER Security Reporting Facility node for each organizational management domain). POLYCENTER Security Reporting Facility software performs integrity checks to prevent unauthorized modification of tokens transmitted from POLY- CENTER Security Compliance Manager and POLYCENTER Security Intrusion Detector installations. Once the system is configured, the POLYCENTER Security Reporting Facility software collects the tokens and automatically stores the data in a relational database. 2 The database stores the following security compliance data: o Node name o Network address o Cluster name o Summary status of POLYCENTER Security Compliance Manager test collection results o Detailed status of POLYCENTER Security Compliance Manager test collection results o Status of policy file in use o POLYCENTER Security Compliance Manager policy file information o Operating system o Operating system version o POLYCENTER Security Compliance Manager version o Inspection date o Received date The POLYCENTER Security Reporting Facility software stores the compliance data so designated users can access current as well as historical data to manage the security compliance of nodes on the network. The database stores the following security event data: o Node name o Network address o Target entity o Source entity o Alarm time o Received time o Failure type 3 o Failure limit o Security contact information - Name - Location - Electronic mail address - Phone-1 - Phone-2 The POLYCENTER Security Reporting Facility software stores the security event data sent by POLYCENTER Security Intrusion Detector. Designated users can access current as well as historical data to monitor the security events occurring on OpenVMS nodes in the network. The security manager can use the POLYCENTER Security Reporting Facility software to: o Display the security status of any AIX, HP-UX, OpenVMS, ULTRIX, Solaris 2, DEC OSF/1 AXP, or SunOS node within the management domain of a particular POLYCENTER Security Reporting Facility installation. o Automatically notify system managers and group managers about the compliance status of their node or cluster via electronic mail. o Automatically notify system managers and group managers about missing compliance status information via electronic mail. o Produce reports about the compliance status of nodes or groups. o Produce reports about missing compliance status information. o Produce reports about implementation trends of the POLYCENTER Security Compliance Manager product on different platforms. o Display and produce reports from information in the POLYCENTER Security Reporting Facility database. 4 o Forward tokens to another POLYCENTER Security Reporting Facility installation automatically in a reporting structure consistent with the customer's organizational structure. o Store and access data about the manager responsible for a node or a group of nodes. o Store and access data about valid policy files used by the nodes running POLYCENTER Security Compliance Manager software. POLYCEN- TER Security Compliance Manager policy files contain the settings established by the security manager consistent with the organiza- tion's baseline security policy. POLYCENTER Security Reporting Facility works with POLYCENTER Security Compliance Manager to perform integrity checks to protect against unauthorized modification of POLYCENTER Security Compliance Manager policy files. o Schedule tasks, such as producing reports or forwarding tokens, to run automatically. The security managers can also write their own programs to extract data from other sources for storage in the POLYCENTER Security Reporting Facility database as well as produce other reports using any of the following Digital software products: RDO and SQL utilities of DEC Rdb for OpenVMS (SPD 25.59.xx) DEC Rdb for OpenVMS precompilers (SPD 25.59.xx) DEC DATATRIEVE (SPD 25.44.xx) DEC RALLY (SPD 27.03.xx) VAX TEAMDATA (SPD 27.02.xx) DECdecision (SPD 25.62.xx) SOFTWARE REQUIREMENTS For Systems Using Terminals (No DECwindows Interface): OpenVMS Operating System DEC Rdb for OpenVMS Run-Time Option (SPD 25.59.xx) DEC RALLY Run-Time Option (SPD 27.03.xx) For Workstations Running VWS: 5 OpenVMS Operating System OpenVMS Workstation Software DEC Rdb for OpenVMS Run-Time Option (SPD 25.59.xx) DEC RALLY Run-Time Option (SPD 27.03.xx) For Workstations Running DECwindows (No DECwindows interface, use DECterm): OpenVMS Operating System (and necessary components of OpenVMS DECwin- dows) DEC Rdb/OpenVMS Run-Time Option (SPD 25.59.xx) DEC RALLY Run-Time Option (SPD 27.03.xx) Refer to the System Support Addendum (SSA 26.N2.02-x) for availability and required versions of prerequisite/optional software. ORDERING INFORMATION Software Licenses: QL-GKMA9-** Software Media: QA-GKMAA-** Software Documentation: QA-GKMAA-GZ Software Product Services: QT-GKMA*-** * Denotes variant fields. For additional information on available licenses, services, and media, refer to the appropriate price book. SOFTWARE LICENSING This software is furnished under the licensing provisions of Digital's Standard Terms and Conditions. For more information about Digital's licensing terms and policies, contact your local Digital office. Possession, use, or copying of the software described in this publi- cation is authorised only pursuant to a valid written licence from Digital or an authorised sublicensor. License Management Facility Support This layered product supports the OpenVMS License Management Facility. 6 License units for this product are allocated on an Unlimited System Use basis. For more information on the License Management Facility, refer to the OpenVMS Operating System Software Product Description (SPD 25.01.xx) or the License Management Facility manual of the OpenVMS Operating System documentation set. SOFTWARE PRODUCT SERVICES A variety of service options are available from Digital. For more information, contact your local Digital office. In addition to standard SPS remedial services, consulting services for assistance in planning, designing, and implementing a custom security analysis and reporting system with the POLYCENTER Security Compliance Manager and POLYCENTER Security Reporting Facility tools are also available. For more information, contact your local Digital office. SOFTWARE WARRANTY As with any security product, POLYCENTER Security Reporting Facility software should be considered part of an overall security plan. Customers are encouraged to follow industry-recognized security practices and not rely on any single security product or service to provide complete protection. Warranty for this software product is provided by Digital with the purchase of a license for the product as defined in the Software Warranty Addendum of this SPD. [R] AIX is a registered trademark of International Business Machines Corporation. [R] HP-UX is a registered trademark of Hewlett-Packard Company. [R] OSF and OSF/1 are registered trademarks of the Open Software Foundation Inc. 7 [TM] Solaris and SunOS are trademarks of Sun Microsystems Inc. [TM] The DIGITAL logo, AXP, DEC, DEC DATATRIEVE, DEC RALLY, Digital, OpenVMS, POLYCENTER, ULTRIX, VAX TEAMDATA and VMS are trademarks of Digital Equipment Corporation. All other trademarks and registered trademarks are the property of their respective holders. ©1992, 1994 Digital Equipment Corporation. All rights reserved. 8