1. Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.

2. © March 9, 2004 Novell Inc. 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

3. © March 9, 2004 Novell Inc. 3 The one Net vision Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably. Novell Nsure ™ Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

4. © March 9, 2004 Novell Inc. 4 Presentation Overview Overview and Architecture Administration & Configuration Platform Agent Server Configuration Queries Reports Application Instrumentation Frozen Bubble Instrumentation Verification Signing and Chaining Events.

5. 5 Secure Logging Server Platform Agent Notification Service Logging Service Filter SMTP Flat File Driver Monitoring Applications Report Generator SNMP SYSLO G Storag e Java CVR … SQL Driver Crystal Reports Java API TCP/IP (TLS) Alerts/ Notifications JMS Event Adapter Oracle SQL Server MySQL File System [11:58:18] MyApp\ IMAP\ Authentication: Valid login for account “FMSmith" from 137.65.47.144 [11:58:18] MyApp \POP3\ Authentication: Valid login for account "pfeiffer" from 195.224.28.4 C API Application … Monitoring Service Disconnected Mode Cache Administrator Nsure Audit Overview & Architecture

6. © March 9, 2004 Novell Inc. 6 Administration & Configuration Miscellenous Utilities & Tools Platform Agent Configuration Application iManager (web application) is used to: Configure Secure Logging Server (SLS) Run Queries Create Reports LReport is used to: Run Queries Create Report

7. © March 9, 2004 Novell Inc. 7 Platform Agent Platform agent Collects events from instrumented applications Sends the events to the Logging Server Caches the event in case of communication failure Optionally signs the events for validation

8. © March 9, 2004 Novell Inc. 8 Platform Agent Configuration Tool

9. © March 9, 2004 Novell Inc. 9 Secure Logging Server (SLS) Receives the events from the platform agent Logs events to file or database Sends any relevant notifications

10. 10 iManager Nsure Audit Plugin

11. 11 LReport

12. © March 9, 2004 Novell Inc. 12 Application Instrumentation Include the LogEvent header file and library in the application source code If desired, contact Novell Developer Services to obtain a registered application ID and certificate for your product Create a log schema configuration (LSC) file to describe the events that your application will send Call the desired LogEvent functions from the appropriate locations in the application code Create the necessary objects in eDirectory for the Secure Logging Server to recognize the new application

13. © March 9, 2004 Novell Inc. 13 Log Schema Configuration (LSC) file Defines the different events, used to translate text Can be used with auditext to automatically generate the Application Object #^Frozen Bubble Instrumentation^FBFB^FBubbleInst^EN # #EventID,Description,Text1 Title,Text2 Title,Value1 Title,Value1 Type,Value2 #Title,Value2 Type,Group Title,Group Type,Data Title,Data Type,Display Schema FBFB,Frozen Bubble,Frozen Bubble Instrumentation,,,,,,,,,, FBFB0001,Game Started,,,,,Start Time,,,,,, FBFB0002,Level Started,,,Level,,Timestamp,,,,,, FBFB0003,Level Completed,,,Level,,Timestamp,,,,,, FBFB0004,Level Completion Time,,,Level,,Total Time,,,,,, FBFB0005,Premature Exit,,,Level,,Timestamp,,,,,, FBFB0006,Died,,,Level,,Life Number,,,,,, FBFB0007,Game Ended,,,Level,,Timestamp,,,,,, FBFB0008,Final Score and Time,Username,,Level,,Total Time,,,,,,

14. © March 9, 2004 Novell Inc. 14 Logevent Functions LogOpen – create the log handle, connect to the server LogEventDirect – send a log event with any of the available data fields LogClose – close the log handle LogEventText, LogEventNameValue, LogEventLong, LogEventRaw are macros that log events with only certain types of data Unicode interface is also available

15. © March 9, 2004 Novell Inc. 15 Instrumentation of Frozen Bubble

16. © March 9, 2004 Novell Inc. 16 Verification (Signing & Chaining)

18. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.