OmniGuard/ESM 4.4

Secure your network with OmniGuard/ESM

AXENT Technologies' OmniGuard/ESM (Enterprise Security Manager) 4.4 is amulti-platform security monitoring system that includes support forWindows NT. OmniGuard/ESM is extremely useful in a single-server environment but is downright invaluable in a multiserver environment that includes NT Server, UNIX, OpenVMS, and Novell IntranetWare.

OmniGuard/ESM lets a network manager verify that security policies are inplace. For example, your corporate security policy may require thatpasswords are at least six characters long. Checking for this policy is simplefor a single-server environment but tedious for larger networks. OmniGuard/ESMcan easily perform this check in a multiserver environment. But this feature isjust one of OminiGuard/ESM's functions.

You can configure OmniGuard/ESM so that security policymakers and securitypolicy implementers are not the same people. This capability lets a securitymanager create a policy and see reports on the network's status, but not changeany of the security elements in NT (or any other operating systems). Networkmanagers can see policy reports but not change the security policy. However,they can change the security elements within NT.

Usernames and passwords are one aspect of security that OmniGuard/ESMchecks. The software can check password durability, which includes passwordlength and matches with common words. You can also include a set ofcompany-specific words so that users don't have passwords that match projectnames. OmniGuard/ESM checks file attributes, directory attributes, systemauditing settings, and even system startup files. Platform-specific checks, suchas email checks for UNIX and NetWare, are also available.

OmniGuard/ESM uses client/server architecture. A client, or OmniGuard/ESM agent, runs on a PC where security will be checked. The server is whereOmniGuard/ESM maintains and manages the results of the security checks. Securitymanagers can access the server to make changes and run reports. Network managerscan also run reports.

Although using OmniGuard/ESM does not guarantee a secure network, itdoes let you identify potential security problems. The software recommendschanges and provides both text and graphical reports that are easy tounderstand.

Installation
Installing OmniGuard/ESM was quick and simple. The program installed boththe NT OmniGuard/ESM agent and the NT OmniGuard/ESM server. The OmniGuard/ESMCD-ROM contains software for agents and servers for each platform supported. TheOmniGuard/ESM server installation process requires a special license key,which incorporates licensing details such as the number of supported agents.

Installing OmniGuard/ESM on a second NT server and an IntranetWare serverrequired agent installation only. The software uses TCP/IP as the transportbetween agents and server. TCP/IP support was already in place, so the softwareneeded no additional configuration for network operation. You can also use IPXwith IntranetWare environments.

Installation for both the NT Server agent and server was identical. TheIntranetWare agent installation was slightly different, because the agent is aNetWare loadable module (NLM). The IntranetWare agent required a registrationstep for the NT OmniGuard/ESM server to recognize it. Agents are always running,but they perform checks only on server requests.

You can manage large, distributed networks by interfacing multiple Managersto centralized Super Managers. I implemented a single Manager environment. SuperManagers let you forward security information to a central location.

OmniGuard/ESM lets you group agents into domains. The domains are oftenconfigured to match the NT domains, but this is not a strict requirement.Instead, the OmniGuard/ESM domains can match the security requirements. Forexample, high-security areas can map to one OmniGuard/ESM domain andlow-security areas can map to another domain.

Next, OmniGuard/ESM defines users. The software requires a single useraccount but most environments will have multiple user accounts with varyingdegrees of control. For example, the security manager, who is usually theOmniGuard/ESM installer, can create policies and run and examine reports.Network managers can run and examine reports and must also have accounts thatlet them change security on appropriate PCs.

After installation, it is a good idea to run an immediate security checkinvolving all agents, as shown in Screen 1. This check tests the communicationssupport and determines the current security setup for the network. The timerequired for a security check depends on the number and complexity of the agentPCs. Security checks operate in tandem on each agent, and the entire operationis complete in less than an hour.

Operation
OmniGuard/ESM provides two interfaces to an OmniGuard/ESM server. Oneinterface employs a command line interface and the other interface uses a GUI.The OmniGuard/ESM documentation covers command line interface commands, andonline Help is available for both interfaces. The command line interface isuseful because its implementation spans server platforms. It can also be used toautomate reporting through scripting.

The 32-bit Windows OmniGuard/ESM management application is where mostsecurity managers and network managers will work. It provides access policies,policy checking schedules, and reporting. You can run the management applicationfrom any Windows 95 or NT workstation, not just a PC that is running theOmniGuard/ESM server.

The management application lets you create reports and save them for latercomparisons with new results. You can print the reports or view them on screen.As you run new reports, you can see improvements in security performance.OmniGuard/ESM includes a search function to let you quickly pinpoint problems inlarge reports.

Network managers usually have the responsibility of correcting problems. Inmost cases, OmniGuard/ESM can help fix problems after it identifies them if youclick the Correct push-button in the Security Report dialog box (as shown inScreen 2). Typically, OmniGuard/ESM presents a dialog box with actions,such as changing a password or permission, to fix the problem. The software logsthese corrections, and an undo function lets you reverse a correction. In someinstances, OmniGuard/ESM can only recommend changes. Network managers mustthen use NT tools to make the necessary changes.

A Good Investment
OmniGuard/ESM proved to be an excellent tool that found a number of flaws inour multivendor (NT Server and Novell IntranetWare) environment. The overalloperation was very simple--even users who were not well-versed in itsintricacies could use it.

A few areas need polishing, however. For example, the policy report summaryuses color-coded names for status indicators, but it does not use these colorsin the report. It does, however, use them for graphed results. Another minorpoint is that some of the windows did not make optimum use of the screen realestate with an enlarged window.

OmniGuard/ESM works with other AXENT products such as OmniGuard/ITA(Intruder Alert) and OmniGuard/EAC (Enterprise Access Control) for Win95.The latter provides access security for Win95 that is more advanced than NT'ssecurity.

OmniGuard/ESM is well worth the investment of time and money if you need toprotect your data and your network. It does not guarantee security, but it doesmake checking security manageable.