VOS Auditor

The complete security and auditing solution for Stratus/VOS meeting the latest PCI requirements.

The VOS-Auditor Suite
Access Control Manager
Security Alert Manager
VOS Command Shells

 PCI/Security Implementation
Power Point Presentation
VOS-Auditor in a nutshell
Interactive user sessions
Protecting confidential data
Registration Database Management
System Events
Secure, encrypted sessions
24x7 Monitoring
System audit & security questionnaire

VOS-Auditor in a nutshell
A three-layered solution
Configuration - definitions of all regulated data files, monitored objects, files, directories and user' access profiles.
24x7 Monitoring - real-time monitoring of configured objects, with automated responses, blocks, and dynamic alarms.
Reporting - periodic or on-demand security and auditing reports of all security-related events.
Interactive sessions and user activities
V-Auditor allows security officers to match any user to a set of allowed activities and unique access privileges.
V-Auditor eliminates the constant guess-work and effort of keeping user's privileges manageable.
V-Auditor manages developers and system-administrators without affecting their day-to-day activities.
V-Auditor guarantees secure environments while using fewer resources.
Access to sensitive data files and directories
V-Auditor maintains access rights in a single, centralized configuration for the entire system.
V-Auditor scans system objects, automatically enforces standard configuration and reports unauthorized changes.
V-Auditor allows security officers to easily promote, demote or remove all user's privileges from the system.
V-Auditor eliminates the risk of unauthorized access to sensitive confidential corporate data.
Managing the risk of privileged commands & VOS' analyze_system interface
V-Auditor's Privileged Command Center allow only limited access to selected privileged commands and analyze_system requests on a per-user basis.
V-Auditor allows security officers to define all personnel as non-privileged users without affecting their day-to-day activities.
V-Auditor provides per-command, per-user controls as opposed to the all-or-nothing limitation of the operating system.
V-Auditor maintains a complete audit-trail of all privileged commands and analyze_system requests.
Reports and distribution
User Registration Report. Sample
User Sessions, and Command Execution Report. Sample
Consolidated Security Incident Report. Sample
File Integrity Report.
Automated distribution of reports to security personnel via E-Mail.

Interactive user sessions
Privileged Command Processor All registered users are defined as non-privileged users while V-Auditor executes and manages all privileged-command and analyze_system activities.
Secure Command Shells V-Auditor features a menu-based and VOS-like secure and audited sessions for all users including developers, operators and system administrators.
Security Levels & Restrictions A user, or group of users can easily be given different security-levels, promoted, demoted or removed from the system.
Time-based restrictions V-Auditor can automatically and dynamically change privileges based on the time of day and other predefined criteria. For example, it can block certain activities during the night shift and allow other activities during other times.
Audit trails V-Auditor reports all user' session information -- time of entry, activities, and time of exit. Extensive criteria, allows selection of specific users, groups and specific timeframes. Special reports outline all privileged-user activities including analyze_system requests. Security events and attempts to gain unauthorized access are highlighted.
Registration database V-Auditor can distribute detailed reports outlining all currently-registered users with special highlighting of privileged users via e-mail, either periodically or on demand.

Protecting confidential data
Centralized database of access privileges V-Auditor features a centralized system-wide database designed to control access to confidential databases and system directories. Thousands of objects and users are easily maintained.
Enforcement V-Auditor scans the entire system at predefined schedules and automatically enforces access-right standards as set up be the security officer.
File integrity reports V-Auditor reports any unauthorized changes made to any of the system directories or confidential files.
Making changes Making changes to a user's access profile can be done once. V-Auditor does the rest - it scans the entire system and applies the changes across the potential thousands of files or system directories.
Removing users On demand, V-Auditor scans the entire system and removes all access right previously given to a given user or group of users. This assures that no ex-employee has any access rights left behind on the system.
Using templates and scripts V-Auditor features simple, easy to use templates and scripts that are used to rebuild the security database from scratch, or to quickly apply it to a different Stratus module.

Registration Database Management
New alternative to registration_admin New screen-driven interface to the VOS User Registration Database offers more control over the all-or-nothing limitation of registration_admin.pm.
Managing registration V-Auditor uses new intuitive commands:
add_registered_user, delete_registered_user, update_registered_user, list_registered_users, pending_changes, apply_registration_changes, discard_registration_changes.
Audit V-Auditor records every addition, deletion and changes made to the registration database.
Using scripts All registration management functions can be automated by using scripts. Using scripts not only saves time -- scripts enhance control and reduce the risk of human error.
Enhanced security:
The 2-phased approach
All changes are recorded to a temporary database (phase-I) which allows the security officer, at a later time, to apply the pending changes or discard them (phase-II).
Alarms Any change made to the registration is treated as a security event. A message is posted to the operator console, which part if its 24x7 monitoring (see below).

System Events
Processes Process creation, termination, and priority changes.
System administration Selected administration and configuration activities including login_admin, logout_admin, disk_maintenance activities, time/zone changes and more.
File system File, link, and directory creation, deletion, renaming, truncation, index-definition changes.
Miscellaneous access controls Execute-in-kernel program invocations, file system, process, and system access violations.

Secure, encrypted sessions
SSH1/SSH2 protection V-Auditor features Secure-CRT-for-Stratus terminal emulation software. Secure-CRT provides extra security and encryption of remote access, file transfer, and data tunneling sing the open Secure Shell protocol.
Industry standards encryption AES, Twofish, Blowfish, 3DES, RC4, and DES ciphers.

Registration report V-Auditor reports all registered users with special highlighting of privileged users. The report includes information on password expiration and terminated accounts.
Interactive sessions The Short Session Report outlines login/logout and session duration summaries while the more detailed format, outlines all commands that were executed during the reported sessions.
Security incident report V-Auditor reports all security incidents and unauthorized attempts to access a system object including the user-name, time of day and detailed description of the event.
File integrity report V-Auditor provides a detailed report outlining all potentially unauthorized changes that were made to the file system (ACL/DCL).
Criteria The security officer can choose a range of dates, and specify user(es) and the type of incidents he wishes to include in the audit reports..
Report distribution V-Auditor creates HTML web-enabled reports and distributes them via Email to any number of security officers for review.

24x7 Monitoring
Real-time alerting V-Auditor sends alert messages to selected terminals.
Automated responses V-Auditor automatically reacts to any unauthorized attempt to access one of the monitored objects based on predefined scripts. For example, V-Auditor can automatically log intruders out of the system - all hands-free.
Security consoles V-Auditor posts all security related events as they occur on the central security console. These special consoles can be in the operations area or part of the security officer monitoring screens.
Email - Alert Notifications V-Auditor sends Email notifications on security related events to selected security personnel based on the severity of the event.
Hands-off operations V-Auditor is designed to run 24x7 without any human intervention. V-Auditor dynamically manages all aspects of system security, triggers, and detection and handling of security events.
Fail-safe operation V-Auditor can not be shut down or bypassed even by experienced programmers or system administrators. It is controlled and maintained by the security officer.