TME 10 Security Management: A State-of-the-Art Security Management Product

Software Announcement
February 11, 1997
Announcement Letter Number: 297-026

Table of Contents:

• At a Glance
  
• DESCRIPTION
  
• PRODUCT POSITIONING
  
• EDUCATION SUPPORT
  
• SUPPLEMENTAL INFORMATION
  
• TECHNICAL INFORMATION
  
• ORDERING INFORMATION
  
• TERMS AND CONDITIONS
  
• CHARGES
  

TME 10 Security Management is the most comprehensive solution to proactive prevention of attacks on your systems. It also:

• Increases system integrity

• Facilitates the implementation of a comprehensive, consistent security policy

• Protects files to enable "application hardening"

• Produces complete audit trail

• Provides login restrictions

• Increases Internet security

• Requires no OS kernel modifications

• Protects the investment in native security products, like RACF, OS/390 Security Server, and the security features of Microsoft Windows NT

• Provides an easy to use -- consistent TME user interface

• Integrates with other TME 10 applications, including TME 10 User Administration, TME 10 Enterprise Console, and TME 10 Distributed Monitoring.

• Resolves UNIX issues:
  • Prevents abuse of root ID
  • Partitions root privileges

Overview

TME 10 Security Management enables consistent, comprehensive, and efficient security throughout the enterprise. TME 10 Security Management provides role-based administration of user access to resources, consistent administration of security policies, and improvements in audit. TME 10 Security Management works with TME 10 User Administration to bring automation and enforcement of policy to user security management using Tivoli's single action management. TME 10 Security Management initially supports AIX (R) and UNIX systems, Microsoft Windows NT, and OS/390 (TM) via the RACF (TM) component of the OS/390 Security Server.

Managing security for IT assets on mainframes, servers, and workstations is critical to the success and productivity of any enterprise. This complex and expensive task requires a detailed knowledge of all the security systems, a variety of skills, and an expensive support structure. These problems are compounded by use of large numbers of heterogeneous and distributed systems. The result is ineffective security, high administrative cost, poor service, and occasional security related delays in implementing new applications.

TME 10 Security Management working with TME 10 User Administration provides the most comprehensive solution to these problems. It provides a single administrative interface for managing security. Role-based administration is provided to simplify, automate and facilitate change management for user access to resources. Installation security policies can be easily and commonly entered even though the policies are implemented differently on different security systems. Central control of audit policy is provided as well as audit analysis routines. A single audit log is maintained for all administrator requests, this greatly simplifies analysis of administrator actions. Security controls can be centralized while security administration can be decentralized while maintaining enforcement of the installation's security controls.

To enable and simplify consistent security management across all supported systems, an operational security component called the Tivoli Access Control Facility (TACF), is provided for the UNIX systems. TACF provides comprehensive security functions that are consistent with RACF but tailored to UNIX systems. TACF addresses many of the security exposures of the UNIX systems that cause great concern to many installations. TME 10 Security Management manages TACF on UNIX in a fashion similar to the way it manages RACF on OS/390. In addition, TME 10 Security Management manages NT native security services.

Intended Customers

Customers will find exceptional value in TME 10 Security Management if they are operating a heterogeneous distributed network running UNIX and/or Microsoft Windows NT and they need protection against intrusion by vandals and other breaches of security. For those customers who also operate mainframes, this product links to MVS's RACF and the OS/390 Security Server.

Key Prerequisites

TME 10 Security Management is a software product that requires the TME framework and the operating systems and hardware that the TME framework requires. These operating systems include UNIX and NT. To manage the RACF component of the OS/390 Security Server, the following are required: OS/390 (and its hardware and software prerequisites), the OS/390 Security Server, and TME 10 GEM.

Planned Availability Date

June 27, 1997

------------------------------

This announcement is provided for your information only. For additional information, contact your IBM representative or call 800-IBM-4YOU.

DESCRIPTION

The primary goal of TME 10 Security Management is to provide a world-class, open solution to the problems of managing security in a heterogeneous enterprise. TME 10 Security Management provides leading edge new functions, such as role-based administration of user access to resources, automation, and great flexibility that enables installations to enact the security that they desire. TME 10 Security Management takes advantage of the services of the TME framework to simplify installation, operation, and customization.

Managing security in a heterogeneous, distributed environment has become very expensive and error prone, and it can impact user productivity and usage of new applications. Heterogeneous system security typically needs to be administered by specialists who are often in different departments and even locations. This makes it difficult to provide consistent security and delays responding to requests for administration on multiple systems. There is often a great deal of security work which may keep a number of people busy.

TME 10 Security Management addresses these problems. Now a single administrator can manage multiple systems via a common administrative interface. Enterprise-wide security policies can easily be established and implemented. Role-based administration brings powerful automation to administering user access to resources. For example, when a role is modified to add or subtract authorizations to resources, the authorities of all users associated with the role are updated automatically. This saves an enormous amount work. And, since this work is automated rather than manual, many errors will be avoided. TME 10 Security Management administers security and audit policies. TME 10 Security Management provides improved and more consistent security, and better responsiveness to end user requests, at reduced cost.

In a distributed environment there are also issues concerning the security of each system. Some of these issues are considered below.

Distributed Security Issues

Microsoft Windows NT provides some native security capabilities. The NT security model is unique, and brings with it scaleability issues. In addition, NT is only part of the distributed environment.

In UNIX security, "root" is the weakest link. Administrators, responsible for managing and securing UNIX environments, derive system privileges not for who they are, or their roles, but by knowing the "root" password. Ironically, any unauthorized user, who finds a way to become "root", gains the same unlimited powers as the administrators.

Previous UNIX security solutions (usually after-the-fact solutions) attempted to prevent unauthorized users from assuming the root id, but failed. There are just too many ways root privileges can be attained, and new ones are continually being discovered.

TME 10 Security Management

Curing the Problem, Not Just Hiding the Symptoms

TME 10 Security Management is a proactive security solution, allowing security and systems administrators to regain control over their systems. TACF protects information on UNIX and NT servers and enforces an active security policy, prohibiting unauthorized access to information assets and critical services. TACF revolutionizes UNIX security in particular by limiting root's power, and by providing comprehensive file protection and intrusion prevention.

UNIX Highlights

• Actively defends against attacks by abusive suid programs

  TACF UNIX prevents, in real time, attacks such as Trojan Horses or back doors. TACF intervenes before the execution of any privileged (suid/sgid) program and verifies that the program can be trusted and has not been tampered with in any way. If any suspicious change is detected, TACF prevents its execution, locks the untrusted program out and sends alarms immediately.

  The program cannot be executed until it can be trusted.

• Manages root capabilities

  UNIX's greatest security threat lies with the presence of its superuser, root, as an all-powerful user ID, accessible to several individuals in an organization. TACF/UNIX:

  • Supervises access to root
  • Defines and limits what root can do
  • Corrects the exposure of root 's unlimited powers
  • Shifts privileges to accountable individuals
  • Limits the damage that attackers can do through root access
• Delegates root responsibilities on a need-to-use basis

  Administrators and operators need privileged root access in order to perform their job functions. In the past this was achieved on an "all or nothing" basis by giving them root's password. TACF provides easy to apply rules to define "roles." These roles separate root's capabilities into subsets which outline the exact functionality required for each role.

  This capability increases individual accountability and reduces exposure.

• Protects files and sensitive data

  TACF protects access to sensitive information and files through a consistent Tivoli user interface, which creates Access Control Lists (ACLs). These ACLs provide flexibility in assigning users access authority with wide range of privileges.

Auditing Highlights: Increases audit logs accuracy, reliability and privacy

TME 10 Security Management lets administrators tailor the optimal audit trail to meet their needs. Administrators can select which events and resources they want to audit, as part of the security policy, and what to log: only successful access, only attempted violations, and login attempts (successes and failures). TME 10 Security Management complements its detailed logs with interactive auditing tools, letting auditors analyze the audit data easily and effectively.

In addition, TME 10 Security Management protects its own audit files from unauthorized modification, ensuring the reliability of the audit trail.

TME 10 User Administration Integration: The TME 10 User Administration product is focused on centralized administration of user's and their system and application specific representation in the form of accounts and user IDs. This includes user-centric security aspects such as password and login policy.

The TME 10 Security Management product is focused on centralized administration of secure access to system and application resources by one or more accessors, where an accessor can be either individual users (for example, a group of one) or groups of users. TME 10 Security manages groups, which are collections of users, roles, which define the capabilities needed for a given job function, and resources, to which roles provides specific access rights. Note that TME 10 Security groups will replace and provide enhanced function over the current Tivoli/Admin group profile function.

TME 10 Security Management does NOT prereq TME 10 User Administration. Instead, they are complementary, in that the sum of the two products provides greater function and integration than the individual products in the following areas:

• Group Member Selection

  TME 10 Security Management will allow selection of group members from one or more TME 10 User Administration profiles. When users are selected from TME 10 User Administration profiles, TME 10 Security Management will automatically update the corresponding user's group membership in the appropriate User Administration profile, thus synching all user-group membership manipulation.

• Automatic Default User Creation

  TME 10 Security Management will allow administrators to define new users when selecting TME 10 Security Management group membership.

Security authorization roles for TMRs and policy regions will be:

• Security Manager

  Assigns authority to administer security authorization roles, resource scoping attributes, and native security system administration utilities

• Security Admin

  Assigns full authority to administer access to enterprise resources; does not, by default, provide AUDITOR authority

• Security Auditor

  Assigns full authority to audit the use of system resources and the ability to control which security events get logged

• Security Operator

  Assigns authority to list all security resource data and perform security trace file management

• TACF Server Availability
• TACF Watchdog Server Availability
• TACF Audit Log Routing Server Availability
• Audit File Size
• Audit Log File Size
• Audit Log File Free Space

• Start TACF Servers
• Stop TACF Servers
• Configure TACF Audit Log File Adapter
• Configure NT Audit Log File Adapter
• Configure RACF Audit Log File Adapter
• TACF Audit Report Generator
• TACF Error Log Report
• NT Audit Report Generator
• NT Error Log Report
• RACF Audit Report Generator
• RACF Error Log Report
• TACF Database Maintenance
• Purge Unresolved References
• Check Database Consistency
• Generate Script with Database Contents
• Restore Trusted Program Data
• Create New Database
• TACF -- Extract Trusted Programs
• Synchronize TACF/UNIX Users and Groups
• TACF "root" Compliance Report
• TACF/UNIX Integrity Report
• TACF Runtime Statistics Report
• TACF Disable User

PRODUCT POSITIONING

TME 10 Security Management's purpose is to manage security within an enterprise more consistently, effectively, and efficiently. TME 10 Security Management does this by providing a common administrative interface, powerful functions and automation supporting security policy, audit, and role-based user administration. TME 10 Security Management typically does not provide operational security (the exception is TACF support for UNIX). It administers the security on the managed systems via their standard external interfaces.

TME 10 User Administration creates user accounts and connects users to groups on a variety of security systems. It provides a physical level administrative interface and basic administrative support. It administers security on the managed systems, and does not provide operational security functions. TME 10 Security Management provides a more logical level interface and brings a business orientation to the administration of user access to resources. These products work together to provide complete management of user security and access to resources as well as management of security policy and audit.

TME 10 Security Management manages the RACF component of the OS/390 Security Server via extensions to the OS/390 SAF interface.

TME 10 Security Management manages security on UNIX by administering TACF which is included in TME 10 Security Management. TACF provides operational security functions that enable UNIX security to be managed effectively and similarly to NT and OS/390 security.

TME 10 Security Management manages Windows NT security via standard NT interfaces.

DCE includes security function and maintains a security database. Administering DCE security is a candidate for future TME 10 Security Management support.

Single Sign-on products maintain a database of information about user IDs and user accounts. Administering user information for one or more single sign-on products is a candidate for future TME 10 Security Management support.

DSM/MVS (R) provides support for managing the creation of user IDs and managing user access to resources. Some of the DSM/MVS functions are provided by TME 10 User Administration. Other functions are provided by TME 10 Security Management. TME 10 Security Management working with TME 10 User Administration replaces DSM/MVS as IBM's strategic security management offering.

EDUCATION SUPPORT

Training is available, or will be made available in the future,

TME 10 Security Management provides a security management interface to the Resource Access Control Facility (RACF) V2 or the OS/390 Security Management Server. Some training is offered through IBM Education and Training and some through Tivoli Systems.

For current information on IBM Education and Training courses in the US, contact 800-IBM-TEACH. Outside the US, contact your local country IBM E&T contact. Worldwide information is also available on the IBM E&T home page at http://www.training.ibm.com on the Internet.

For current information on Tivoli Systems education, call 512-794-9070, or visit the Tivoli Systems home page at http://www.tivoli.com on the Internet.

Trademarks

 (TM) Trademark of International Business Machines Corporation in the
      United States or other countries or both.
 (R)  Registered trademark of International Business Machines
      Corporation in the United States or other countries or both.
      Microsoft and Windows are registered trademarks of Microsoft
      Corporation.
      UNIX is a registered trademark in the United States and other
      countries exclusively through X/Open Company Limited.
      Other trademarks and registered trademarks are the properties
      of their respective owners.

SUPPLEMENTAL INFORMATION

TECHNICAL INFORMATION

Specified Operating Environment

Hardware Requirements: TME 10 Security Management will operate on any of the following hardware platforms:

• IBM RS/6000 (TM) (including SP2 (R) and SMP systems)
• Sun SPARC systems
• Intel 486 or Pentium, or equivalent
• HP 9000 systems

• AIX (R) 3.2.5, 4.1, 4.2
• HP/UX 9.04, 9.05, 10.01, 10.10
• SunOS 4.1.3, 4.1.4
• Solaris 2.3, 2.4, 2.5
• Microsoft Windows NT 3.5, 3.5.1, 4.0

• AIX 3.2.5, 4.1, 4.2
• HP/UX 9.04, 9.05, 10.01, 10.10
• SunOS 4.1.3, 4.1.4
• Solaris 2.3, 2.4, 2.5
• Microsoft Windows NT 3.5, 3.5.1, 4.0
• OS/390, Release 3 (requires OS/390 Security Server and TME 10 Global Enterprise Manager)

Planning Information

Security, Auditability, and Control

TME 10 Security Management uses the security and auditability features of the UNIX and non-UNIX operating systems on which the TME 10 Framework operates.

User management is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

ORDERING INFORMATION

New Licensees

Orders for new licenses will be accepted at availability.

Shipment will begin on the planned availability date.

New users of TME 10 Security Management should specify:

         Type           Model

         5697           SEC

Basic License: To order a basic license, specify the program number and feature number 9001 for asset registration.

TME 10/Flex Pricing Features

                           10/Flex              10/Flex
                          Charge per           Charge per
                           Managed           Managed Client
Product                     Server     (Qty of 1)      (Qty of 250)
Number    Product Name     Feature      Feature          Feature

5697-SEC  TME 10 Security
           Mgt               0001         0002             0252

Select the desired optional Maintenance and Support offering:

TME 10/Flex Maintenance & Support Features

                                                Clients
                            Servers     Feature          Feature
Feature Name                Feature    (Qty of 1)      (Qty of 250)

Standard Maintenance
 & Support                  0003          0004             0254
Extended Maintenance
 & Support                  0005          0006             0256
Upgrade M&S from
 Standard to
 Extended                   0007          0008             0258

Specify the feature number of the desired distribution medium shown below.

Basic Machine-Readable Material: To order, select the feature number of the desired distribution medium:

Feature             Distribution
Number              Medium

5809                CD-ROM

Customization Options: Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specified on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.

                                                    Feature
Description                                         Number

Initial Shipments

Serial Number Only (suppresses shipment
  of media and documentation)                       3444

Ship Media Only (suppresses initial
  shipment of documentation)                        3470

Ship Documentation Only (suppresses
  initial shipment of media)                        3471

Update Shipments

Ship Media Updates Only (suppresses
  update shipment of documentation)                 3480

Ship Documentation Only (suppresses
  update shipment of media)                         3481

Suppress Updates (suppresses update
  shipment of media and documentation)              3482

Expedite Shipments

Local IBM Office Expedite
  (for IBM use only)                                3445

Customer Expedite Process Charge
  ($30 charge for each product)                     3446

Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Manufacturing Solutions (SMS) receives the order. SMS will then ship the order via overnight air transportation.

Unlicensed Documentation: A memo and one copy of the following publications are supplied automatically with the basic machine-readable material:

                                                  Order
Title                                             Number

TME 10 Security Management User's
 Guide                                            GC31-8475

Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.

TERMS AND CONDITIONS

Licensing: IBM Customer Agreement

Designated Machine: Not required

Variable Charges Apply: No

Location License Applies: No

Usage Restriction Applies: No

Educational Allowance: Yes, to qualified education customers.

Volume Discount: Not applicable

Version-To-Version Upgrade Credits Apply: No

Warranted: Yes

Licensed Program Materials Availability

• Restricted Materials of IBM: None
• Non-Restricted Source Materials: None
• Object Code Only (OCO): All

Program Services: Refer to the Standard Annual Maintenance and Support Option in the Charges section for details of Program Services support.

Support Center applies:  Yes

                         Access is available through
                         the IBM Support Center

Available Until:         12 months from the date of
                         installation

APAR Mailing Address:    Tivoli Systems
                         9442 Capital of Texas Highway
                         Austin, TX 78759
                         Attention: TME 10 Security
                          Management

CHARGES

10/Flex Pricing: With the introduction of the TME 10 products, IBM is also introducing a new and exciting method of pricing, called 10/Flex. 10/Flex charges, which are use-based, are designed to give the customer the ultimate in simplicity and selectivity, which is essential in a dynamic and growing distributed network environment. 10/Flex's important characteristics are:

• Installation Flexibility: Since the 10/Flex license is not tied to a specific machine serial number or to a machine type, the customer is free to move or copy the code to any machine in the network as conditions and workloads change, up to the limit of the features acquired.
• Simplicity and Predictability: Customers pay a flat use-based charge once per product at the initiation of the license. The customer may then install the components of the product as many times as needed, up to the limit of the number of features acquired, without additional charge or without notifying IBM. Security Management uses the customer's network size as the basis for computing 10/Flex charges.
• Easy Maintenance and Support Options: Product maintenance, help desk support, and follow-on releases are also simply priced as a percentage of the customer's license charge, with two easily understood options:
  1. Standard, which provides customer support during normal business hours;
  2. Extended, which provides support 24 hours per day, 7 days per week.

An example will illustrate the simplicity. Suppose a customer has a network of 10 servers and 500 clients, and desires to install Security Management support for all servers, but only for 300 of the clients. For the Security Management product, 5697-SEC, the total license charge would be 10 times the charge of per server of 5697-SEC, plus 300 times the charge per client of 5697-SEC.

Note: The TME 10 Framework, 5697-FRA, is a technical prerequisite for each server or client using this component. In this illustration, therefore, the charge for the TME 10 Framework would be 10 times the charge of per server of 5697-FRA, plus 300 times the charge per client of 5697-FRA. This charge is in addition to the charges for Security Management in the preceding paragraph.

Since the kind of machine on which the code runs, or its specific serial number, is NOT relevant, the customer has the flexibility to move the code among any system, up to the limit of the number of server and client features acquired for each product. If the customer acquires more features than there are servers and/or clients physically installed, the customer has room to expand the network without incurring additional charges.

Servers and clients are defined in the context of a distributed environment. A server is a computer whose principal purpose is to provide data and/or services to other computing systems. Some types of servers are database servers, application servers, file servers, print servers, communication servers, and Internet servers. A client is computer that uses the data or services from one or more servers. A computer is designated as either a server or a client, depending on its predominant use. Computers containing more than one processor (that is, multi-processing systems) are counted differently. One processor is counted as a server and the remaining processors are counted as clients. For example, an SP2 system containing 16 nodes is counted as one server and 15 clients.

Security Management and its components may be copied to additional machines, up to the limit of the features ordered, at no charge without notifying IBM. Charges apply only to the features ordered -- one per each managed server and managed client. Features may not be transferred among products. There are two ways to order products and their features:

1. A single copy of Security Management may be ordered and replicated as necessary. Sufficient features would be ordered on this license to support all managed servers and managed clients across all replicated copies of that product.
2. Multiple copies of Security Management may be ordered with each one including the appropriate number of features to support ONLY those servers and clients managed by that copy of the product.

                         10/Flex Charge        10/Flex Charge
                           Charge per        per Managed Client
Product                  Managed Server     (Qty of 1)   (Qty of 250)
Number   Product Name    Feat    Charge  Feat  Charge  Feat  Charge

5697-SEC TME 10 Security
          Mgr            0001    $2,000  0002  $75     0252  $18,750

Standard Annual Maintenance and Support Option: The following support will be provided at no charge for a period of 12 months after the first installation of the TME 10 product, and thereafter, if the customer subscribes to the Standard Annual Maintenance and Support Option:

• Corrections (PTFs) which fix substantial deviations of unmodified TME 10 products from the then current code, publications and/or informal documentation (that is, release notes and memos);
• Software Product Updates which are improvements, extensions, and other changes, which IBM, at its discretion, deems to be reasonable;
• Technical Support which provides support via telephone, fax, and e-mail during normal IBM business hours in the customer's locality from Monday through Friday, except local holidays, and which supplies workarounds for problems (where known), answers questions, and provides patches where they exist, and supplies to the customer a reasonable amount of assistance by mail or telephone in the event of difficulties in the use of, or the interpretation of results from, a TME 10 product.

                                        Standard Annual Support*
                             per Managed         per Managed Client
Product                         Server       (Qty of 1)  (Qty of 250)
Number    Product Name        Feat  Charge  Feat Charge Feat   Charge

5697-SEC  TME 10 Security Mgr 0003  $300    0004 $11    0254   $2,750

*     Included at no charge during the first year of the license.

Extended Annual Maintenance and Support Option: The Extended Annual Maintenance and Support Option includes and extends the maintenance services provided in Standard Annual Maintenance and Support Option to include Technical Support via telephone 7 days per week, 24 hours per day. When a customer is notified about the pending termination of the initial no charge maintenance period, the customer may choose to purchase this option for subsequent years. An MES must be entered by the local IBM office for Security Management's 10/Flex charges, using the corresponding feature codes shown below. After an MES is entered, the charges will automatically renew annually, unless canceled by the customer.

                                   Extended (7x24) Annual Support
                             per Managed         per Managed Client
Product                         Server       (Qty of 1)  (Qty of 250)
Number    Product Name        Feat  Charge  Feat Charge Feat   Charge

5697-SEC  TME 10 Security Mgr 0005  $400    0006 $15    0256   $3,750

Extended Annual Maintenance and Support Upgrade: The customer may choose to upgrade to the Extended Maintenance and Support Option during the 12 months of the license, or in subsequent years if the Standard Annual Maintenance and Support Option has previously been ordered. The upgrade 10/Flex charges and upgrade features codes are shown below. These charges may be entered on the initial order, or later via MES.

                                 Extended Annual Support Upgrade
                              per Managed        per Managed Client
Product                          Server      (Qty of 10) (Qty of 250)
Number    Product Name        Feat  Charge  Feat Charge Feat   Charge

5697-SEC  TME 10 Security Mgr 0007  $100    0008 $4     0258   $1,000

Trademarks

 (TM) Trademark of International Business Machines Corporation in the
      United States or other countries or both.
 (R)  Registered trademark of International Business Machines
      Corporation in the United States or other countries or both.
      Microsoft and Windows are registered trademarks of Microsoft
      Corporation.
      UNIX is a registered trademark in the United States and other
      countries exclusively through X/Open Company Limited.
      Other trademarks and registered trademarks are the properties
      of their respective owners.