Home Technologies Products & Prices Services User Guides Contact Us
home
device admin
audit (sox/cobit)
admission control (nac)
fault finding

 

About us...
extraxi offers world class products & consultancy in the field of enterprise AAA and data migration with a number of ex-cisco personnel who have helped secure some of the worlds largest fixed and wireless deployments

 
aaa-reports! support for Sarbanes Oxley/CobiT

 

Audit Primer
What is SOX/CobiT?
In response to the major accounting scandals of Enron, WorldCom, Tyco, and Global Crossing and their subsequent effect of billions of lost dollars on the US Economy, President Bush signed into law the Sarbanes-Oxley Act, "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws." 

Sarbanes-Oxley (SOX) introduces highly significant legislative changes to financial practice and corporate governance by requiring increased regulatory compliance and accountability of public companies and their financial health. The intent of this law is to reinforce corporate integrity and enhance investor confidence by requiring CEO certification of financial statements, mandating real-time disclosure of information important to investors, and establishing an oversight board for the accounting industry.

COBIT is the IT Governance Institute’s IT governance and control framework, most frequently used to help achieve Sarbanes-Oxley Act compliance, but also ensuring security and availability of IT assets in general

How does SOX & CobiT relate to AAA based network security?
From an IT security perspective, SOX is vague in many areas, especially as it relates to the specifics of, "how to comply," because SOX does not provide exact information security procedures or processes that companies will need to have in place for compliance. Nor does it recommend any specific IT solution for compliance. On the other hand, there are parts that are very specific and have a direct impact on IT budgets. For example, the law states that all business records, including electronic records and electronic messages, must be saved for "not less than five years." With this data-storage requirement it is clear that SOX has and will continue to have a noticeable effect on corporate IT departments.

In addition to the obvious and "between the lines" IT requirements, SOX mandates corporations to demonstrate sound financial controls governing their business processes and then test those controls quarterly. Of course, manually documenting and testing these controls is one way to do that, but the costs for labor and time would be considerable and present a procedural and logistical nightmare. It just makes sense that companies would look to automate as much of the process with software and hardware platforms to quickly address their dilemma.

A typical AAA server such as Cisco Secure ACS may contain three main network security policies:

  • Network end-user/identity access control (VPN, Wifi, VLAN etc)
  • Network administrator user access control (typically TACACS+ Device Administration)
  • AAA Server administrator access control (ie config changes on the AAA server itself)

In addition to the raw policy data "locked up" inside the ACS database the mass of accounting, authentication, administration event and failure logs hold a wealth of valuable data. From the viewpoint of good governance its critical to be able to:

  • Validate the policies in place are actually working with no unforeseen consequences
  • Easily spot exceptions and violations of policy
  • Instigate a forensic analysis of the logs to find out what really happened.
how aaa-reports! supports SOX/CobiT

Documentation & security policy validation

Most aaa server products have little or no ability to document their configuration. This often leaves systems administrators taking screen dumps of GUI screens.

aaa-reports! can directly import database information from Cisco Secure ACS in order to generate reports, for example:

NEW! TACACS+ Device Admin (TDA) reports. These document everything from the ACS Network Config to Shared Device Command Sets (DCS), Network Access Restrictions (NARs) and how they are used. See  aaa-reports! for TDA for more information.
which device administrators have access to any given device (or set of devices)
what privilege level is allowed to each admin group
what account restrictions are in place - such as password expiration, address filters etc
what controls are enforced for each type of network access eg wireless, vpn, dial etc
view the ACS users in the query builder, filter, sort, query and export!

policy audit

Having documented and validated the deployed policies it is essential put in place a sufficient audit plan to continually assess their effectiveness. 

aaa-reports! aids this process with a new set of enhanced TDA reports:

What groups/users have access to specific devices (or device groups)
What commands are authorised by groups/user on specific devices (or device groups)
What users have policy that overrides their group settings
What policy items are defined but not actually being used
Much more...

Also with exception reports:

out-of-hours usage
excessive failed authentications
network access restriction (NAR) failures
device admin command authorization failures
excessive numbers of session, throughput and/or duration

In addition to simply looking for exceptions, aaa-reports! includes an ever increasing set of "canned" reports to drill down into network activity:

have required configuration updates been successfully deployed to all access devices, if not which
if a device was mis-configured, who was responsible, what did they do and when
who had a given ip address on the network at a specific time
how are specific network services being utilized
many more..

Finally, aaa-reports! offers advanced features such as

Consolidation of multiple log files into a single database with built-in data archiving
Powerful search tools for building complex multi-parameter queries using a simple point and click interface - no programming or knowledge of SQL required
 

Whats New?

ACS 5 Support

aaa-reports! enterprise v1.2

csvsync v3.0

web reports v1.0

Free Trial

Download the fully functional 60 day trial

Download the aaa-reports! datasheet (PDF)

Download the Audit Reports white paper. Find out how aaa-reports! can help you with audit compliance (PDF)

Need a hand writing a purchase justification? Click here for our management overview of aaa-reports!

Tips 'n' Tricks

Check out our new tips blog.. 

Upgrades FAQ

Q&A for free upgrade eligibility

Technologies

TACACS+ Device Admin (TDA)

Sarbanes Oxley (SOX) Compliance

Network Admission Control (NAC)

 

 

         
Home | Contact
Cisco, Cisco Systems, the Cisco Systems logo, and the Cisco Arrow logo are registered trademarks or trademarks of Cisco Systems Inc and/or is its affiliates in the US and certain other countries. Other trademarks are the property of their respective owners.

Copyright 2006-2012 Extraxi Ltd.  All rights reserved