SQL Server 2005. I used
VMware Workstation 7
on the Lenovo mobile
workstation and Windows Server 2008 with
the Hyper-V role enabled
to host the virtual systems
that I used in my test
environment.
Based on information
NetIQ SCM 5. 8 gathered
from my monitored systems, I was able to generate a wide range of
reports. New in this version of SCM is a Web-based security and compliance dashboard that I
used to provide restricted
access to reports. This
is useful for IT managers who want to provide
access to security and
compliance data without
turning over the keys to
the kingdom.
For example, I was
able to provide reports
on a very small number
of servers to members
of an application group,
thus limiting the knowledge of important security vulnerabilities in my
test systems to a select
group of “need-to-know”
administrators.
The security and compliance dashboard is a significant
improvement in NetIQ SCM 5. 8.
However, competitive products also
have this feature.
Delivering in a timely fashion
The reporting tools—whether
delivered through the Web-based
dashboard or through the desktop application interface—proved
able to deliver critical configuration
information in a timely fashion.
Because the tool can gather large
amounts of configuration information, one of the chief tasks of IT
security managers will be to work
with business operations, auditors
and executives to fine-tune data
requests so that network resources
or system productivity isn’t compromised by requests for configuration
data.
Working with NetIQ support
personnel, I was able to navigate
reports and narrow
search results so that
I got a good overview
of my systems, while
also keeping a lid on
network bandwidth
consumption.
Because NetIQ SCM
5. 8 can report on more
than 100 different preconfigured templates
and reports based on
recommendations or
requirements from
NIST (National Institute of Standards and
Technology), Sarbanes-Oxley, HIPAA (Health
Insurance Portability
and Accountability
Act), GLB (
Gramm-Leach-Bliley Act) and a
host of other vulnerabil-ity- or security-oriented
groups and regulations,
it’s easy to go overboard
with reporting.
NetIQ SCM 5. 8 has
the ability to update
configuration gathering templates, which IT
managers should use
on at least a quarterly
basis. This will ensure
that the most current
types of data are being
collected for configuration reports.
One thing you should
keep in mind: Although named the
“autosync” feature, triggering the
update was a manual process. ;
Technical Director Cameron Sturdevant can be reached at csturdevant@
eweek.com.
NETIQ FROM PAGE 29
This story can be found
online at:
tinyurl.com/2fqgp5v
Out of the box, SCM 5. 8 provides a multitude of reporting templates
that use relevant configuration features to reveal the level of system
compliance.
IT managers will spend a significant amount of time tuning the
various modules of SCM 5. 8.
