Saturday, July 22, 2006

IBM Security Auditing Service

IBM Security Auditing Service Technology is an integral part of the WebSphere Application Server security mechanisms that assure the integrity of a secure computing environment. Enhancing the primary security functionality that ensures requestors have proper authentication and authorization to controlled resources, the security auditing feature provides a means to record those authentication and authorization events.WebSphere Application Server Version 6 offers a technology preview of the security auditing feature. The WebSphere Application Server is instrumented to generate security auditing records for certain security events. The security audit event generators include authentication, access control, and principal and credential mappings for Java 2 Platform, Enterprise Edition applications. Security auditing event records are useful in answering the following questions:
  • Which user at what time attempted to access a given resource?
  • Was the access attempt successful or did it fail?
Security auditing is not so much about protecting resources as it is about holding users accountable, providing verifiable evidence for non-repudiation, and enabling vulnerability analysis. The following 5 types of security events are auditable in WebSphere Application Server:
  1. AUTHN - Authentication eventent
  2. AUTHZ - Access control even
  3. MAPPING - J2EE connector architecture credential mapping event
  4. ACCESS - J2EE web resource access event
  5. LOGOUT - Terminate login session eventnt
Each of the above 5 events may be audited for any of the following outcomes
  1. SUCCESS - Request passed authentication and access control check
  2. DENIED - Request access was denied
  3. REDIRECT - Web request is redirected to the login page
  4. FAILURE - Security service provider failed while processing request
  5. INFO - Security service provider generated an informational message while processing request
  6. WARNING - Security service provider generated a warning message while processing request
  7. ERROR - Request generated an error condition
The security audit settings can be modified by going to Secure administration, applications, and infrastructure > Custom properties and modifying the "com.ibm.audit.auditSpecification" property to look like this:
J2EE=EVENT=EVENT-OUTCOME=enabled/disabled
Each event must be seperated by a ":". It will look like this:
J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled
More information can be obtained at WebSphere Application Server Information Center or by downloading the IBM Security Auditing Service Technology Preview.

1 comment:

Popular Posts