chapter 2_system architecture of seco.pdf

8/10/2019 Chapter 2_System Architecture of SECO.pdf

1/28

Huawei Symantec Technologies Co., Ltd.

ChapterChapter 22System Architecture of SecospaceSystem Architecture of Secospace


2/28


Introduction

The Secospace TSM system is mainly composed of the

client-side agent software and the server-side

management system. The agent software is installed on

terminal hosts for monitoring the network, sampling and

reporting the assets, behaviors and network environments

of users in real time according to policy parameters

configured on the management system. Users are able to

make decisions by analyzing the log and reports of

terminal hosts.


3/28


ObjectiveSystem Architecture ofSECO

Objective

System Architecture of SECO


4/28

page 4Huawei Symantec Technologies Co., Ltd.

System Architecture of Secospace

System Architecture

of Secospace

Utilities of Secospace


5/28


Representative Solution to the Secospace

TSM

Extranet

Intranet

VPN gateway

SC SM

SAC

G

SA

Anti-virus server

Domain management

server Patch server

Pre-authentication domain

Internet

SA

SA

Post-authentication domain 1

Server of Service 1

Post-authentication domain 2

Server of Service 2SRS


6/28


System Architecture of the Secospace


7/28


Function Model of the System

Make

policies

Implement

polices

Check the

execution

of policies

Modify for

further

auditing

P D

CA


8/28


Function Structure of the Secospace TSM

Secospace Suite

TSPMRLMAAM EBASPM

Authentication, Authorization, Account, and Audit (4A) Solution

Terminal Security Management (TSM) Solution

SecurityAccessControl

SACSecurit

yPolicyMgmt

NRMAssetA

ccountMgmt

NetworkResourceMgmt

SDMSoftware

DistributionMgmt

TerminalBehaviorAudit

OUMReport

&LogMgmt

UserGroupMgmt


9/28




Utilities of Secospace


10/28


Utility Functions of Secospace TSM

Secospace Security PolicyManagement

Network

Resource

Management

Asset Account

ManagementPatch

Management

Report and Log

Management

Security Access

Control


11/28


Security Access Control

Controls network accesses by terminals based on the identities of users

to ensure the intranet security.

Controls the access rights based on the service requirements of

different users to protect the core resources of service systems.

Provides diversified and flexible access control modes for different

scenarios.


12/28


Process of the Security Access Control

Access

allowed

Access

application

Security check

Recovery

Granting

rights

Access deniedInform a

recovery

Authentication

SACG

SA

SRS

SC/SM

Scenario 1: An unauthorized user attempts

to access the network.

Scenario 2: An insecure user accesses the

network after recovery.

Scenario 3: A valid user accesses the

network.

FailFail FailFail

PassPass PassPass

PassPass PassPass

802.1X Switch


13/28


Utilities Involved in Security Access Control

Service

Controlled Child Domain

Controlled Domain

Uncontrolled Domain

Post-authentication Domain

Pre-authentication Domain


14/28


Assets Management

Basic information of assets

Assets port-in/port-out

Assets account binding

Assets reporting function

Automatic collecting of assets information

Statistical reports of assets

Other functions of assets


15/28


Assets Reporting Process

SACG

SA

SM/SC

Administrator

Binding Assets

Automatic Collecting

Assets Information

Generate

Assets Library

Query & make

statistics of assets

Assets

Change

Assets Change

List

Query assets

changes

Generate

Report

Enable the Assets

Management Function

Configuration

Step 1: The administrator enters the basic information of assets into the terminal mgmt server.

Step 2: Users bind an asset number and an account on the terminal agent to ensure that the

account is the management owner of the asset.

Step 3: The agent collects the hardware and software information from the terminal, like the hard

disk SN and OS.

Step 4: If the agent detects any difference of the assets from the original assets library, it will report

the change to the server.Step 5: The administrator is able to query related assets change lists.

Assets Information


16/28


Software and Patch Management

Software distribution

Software uploading

Software delivery

Patch management

Patch delivery parameter management

Terminal patch information management


17/28


Software Distribution Process

of Secospace TSM

SA SASA SA

SC SCSM

LDAP dual-system

Dual-system

Administrator

XXXXXX

XXXXXXXXX

XXXXXX

XXX

XXXXXX


18/28


Patch Acquisition Process of the

Secospace TSM

SACG

SRS SM/SC

Anti-virus server

Domain mgmt server

Pre-authentication domain

Post-authentication domain

Service Domain

Service system

Patch status reporting

Server communication

XXXXXX


19/28


Security Policy Management

The system administrator is able to define a security policy template to

provide human-centered management of security policies for end users

and enhance the security level of enterprises.

The security policy is subcategorized as follows:

User operation monitoring Application monitoring

Network monitoring

System check

Patch check


20/28


Process for Checking Security Policies

Remote management

of security policy

End user

System check policy

Reporting violations

System administrator SM/SCEnd user

Network policing policy


End user

User monitoring policy


Other check policies

Remote management

of reports and logs


21/28


Security Management Measures

Monitoring User Operations

Users copy information by screen

snapshots.

Users copy system resources or transfer

invalid information by using USB ports,

optical disks, or other storage devices.

Record the uses of USB ports and otherdevices to control the use of storage devices.

Prohibit screen snapshots.

Issues related to user violations

Corresponding security management

measures

Users change or delete resources of system

files.

Control the type of specified files and allocate

the access rights of only read-only files.


22/28



Monitoring Applications

Invalid service is running on the user

host.

Invalid software is installed on the

user host.

Control the rights of users in installing

software and report violations in time.

Monitor the running status of system

services and report violations in time.

Issues related to invalid application

programsCorresponding security measures


23/28



Monitoring the Network

Users access invalid IP addresses or sites.

Users are connected to the Extranet through

invalid accounts or devices.

Provide valid proxy accounts for users to

access the Internet, record IP addresses of

the network devices and the online time.

Monitor the destinations of users online

through access control methods, record the

related blacklist and white list.

Issues related to the network connection

and resources

Corresponding security measures

Users install multiple network cards and

generate excessive network traffic.

Check the IP addresses and time of network

cards to monitor the network traffic


24/28



Checking the System

System registry and outdated user accounts

Vulnerabilities of invalid software and

shared folders of the OS.

No password is set for saving the computer

screen.

A terminal is infected with viruses, affecting

the overall intranet.

Check for anti-virus software, version of the

anti-virus software, version of the virus

engine, and update of the virus library.

Check to ensure that the names of installed

software products and the access rights of

shared folders are valid.

Check the screen saving.

Monitor malicious changes to the registry,

prompt users for outdated accounts.

Issues related to OSs Corresponding security measures


25/28



Checking Patches

OS vulnerabilities

Vulnerabilities of the Internet Explorer and

Windows Office

Database vulnerabilities

Check for the latest version of the Internet

Explorer and Windows Office, prompt users

to update the patches.

Check for the latest version of the database

and prompt users to update the patches.

Check for the latest patches of the OS and

prompt users to update the patches.

Issues related to OS patches

Corresponding security measures


26/28


Security Policy Report

The system collects the asset information on a client side in real time by

delivering the security policy template to the end user and then sends

the asset information to the system administrator for statistics and audit.

The security policy report is subcategorized as follows:

Customizing report tasks Personal report information

Customizing report tasks

Personal report information

User assets report


27/28


Summary

This chapter is summarized as follows:

The Secospace TSM has taken all aspects of the terminal security into

accounts by following the PDCA standard model.

The Secospace utility is composed of the following:

Security access control

Network resource management

Security policy management

Patch management

Assets account management


28/28


chapter 2_system architecture of seco.pdf

Documents