Chapter 2 - System Architecture of SECO PDF

Huawei Symantec Technologies Co., Ltd.
Chapter
Chapter
2
2
System Architecture of Secospace
Introduction
The Secospace TSM system is mainly composed of the
client-side agent software and the server-side
management system. The agent software is installed on
terminal hosts for monitoring the network, sampling and
reporting the assets, behaviors and network environments
of users in real time according to policy parameters
configured on the management system. Users are able to
make decisions by analyzing the log and reports of
terminal hosts.
ObjectiveSystem Architecture of
SECO
Objective
System Architecture of SECO

page 4
System Architecture
of Secospace
Utilities of Secospace
page 5
Representative Solution to the Secospace
TSM
Extranet
Intranet
VPN gateway
SC
SM
SAC
G
SA
Anti-virus server
Domain management
server Patch server
Pre-authentication domain
Internet
SA
SA
Post-authentication domain 1
Server of Service 1
Post-authentication domain 2
Server of Service 2
SRS
page 6
System Architecture of the Secospace
page 7
Function Model of the System
Make
policies

Implement
polices
Check the
execution
of policies
Modify for
further
auditing
P
D
C
A
page 8
Function Structure of the Secospace TSM
Secospace Suite
TSPM
RLM AAM EBA SPM
Authentication, Authorization, Account, and Audit (4A) Solution
Terminal Security Management (TSM) Solution
S
e
c
u
r
i
t
y

A
c
c
e
s
s

C
o
n
t
r
o
l
SAC
S
e
c
u
r
i
t
y

P
o
l
i
c
y

M
g
m
t
NRM
A
s
s
e
t

A
c
c
o
u
n
t

M
g
m
t
N
e
t
w
o
r
k

R
e
s
o
u
r
c
e

M
g
m
t
SDM
S
o
f
t
w
a
r
e

D
i
s
t
r
i
b
u
t
i
o
n

M
g
m
t
T
e
r
m
i
n
a
l

B
e
h
a
v
i
o
r

A
u
d
i
t
OUM
R
e
p
o
r
t

&

L
o
g

M
g
m
t
U
s
e
r

G
r
o
u
p

M
g
m
t
page 9
Utilities of Secospace
page 10
Utility Functions of Secospace TSM
Secospace
Security Policy
Management
Network
Resource
Management
Asset Account
Management
Patch
Management
Report and Log
Management
Security Access
Control
page 11
Security Access Control
Controls network accesses by terminals based on the identities of users
to ensure the intranet security.
Controls the access rights based on the service requirements of
different users to protect the core resources of service systems.
Provides diversified and flexible access control modes for different
scenarios.
page 12
Process of the Security Access Control
Access
allowed
Access
application
Security check
Recovery
Granting
rights
Access denied
Inform a
recovery
Authentication
SACG
SA
SRS
SC/SM
Scenario 1: An unauthorized user attempts
to access the network.
Scenario 2: An insecure user accesses the
network after recovery.
Scenario 3: A valid user accesses the
network.

Fail
Fail
Fail
Fail
Pass
Pass Pass
Pass
Pass
Pass
Pass
Pass
802.1X Switc
h
page 13
Utilities Involved in Security Access Control
Service
Controlled Child Domain
Controlled Domain
Uncontrolled Domain
Post-authentication Domain
Pre-authentication Domain
page 14
Assets Management
Basic information of assets
Assets port-in/port-out
Assets account binding
Assets reporting function
Automatic collecting of assets information
Statistical reports of assets
Other functions of assets
page 15
Assets Reporting Process
SACG
SA
SM/SC
Administrator
Binding Assets
Automatic Collecting
Assets Information
Generate
Assets Library
Query & make
statistics of assets
Assets
Change
Assets Change
List
Query assets
changes
Generate
Report
Enable the Assets
Management Function
Configuration

Step 1: The administrator enters the basic information of assets into the terminal mgmt server.
Step 2: Users bind an asset number and an account on the terminal agent to ensure that the
account is the management owner of the asset.
Step 3: The agent collects the hardware and software information from the terminal, like the hard
disk SN and OS.
Step 4: If the agent detects any difference of the assets from the original assets library, it will report
the change to the server.
Step 5: The administrator is able to query related assets change lists.
Assets Information
page 16
Software and Patch Management
Software distribution
Software uploading
Software delivery
Patch management
Patch delivery parameter management
Terminal patch information management
page 17
Software Distribution Process
of Secospace TSM
SA SA
SA
SA
SC SC SM
LDAP dual-system
Dual-system
Administrator
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
XXX
page 18
Patch Acquisition Process of the
Secospace TSM
SACG
SRS
SM/SC
Anti-virus server
Domain mgmt server
Pre-authentication domain
Post-authentication domain
Service Domain
Service system
Patch status reporting
Server communication
XXX
XXX
page 19
Security Policy Management
The system administrator is able to define a security policy template to
provide human-centered management of security policies for end users
and enhance the security level of enterprises.
The security policy is subcategorized as follows:
User operation monitoring
Application monitoring
Network monitoring
System check
Patch check
page 20
Process for Checking Security Policies
Remote management
of security policy
End user
System check policy
Reporting violations
System administrator
SM/SC
End user
Network policing policy
End user
User monitoring policy
Other check policies
Remote management
of reports and logs
page 21
Security Management Measures
Monitoring User Operations
Users copy information by screen
snapshots.
Users copy system resources or transfer
invalid information by using USB ports,
optical disks, or other storage devices.
Record the uses of USB ports and other
devices to control the use of storage devices.
Prohibit screen snapshots.
Issues related to user violations
Corresponding security management

measures
Users change or delete resources of system
files.
Control the type of specified files and allocate
the access rights of only read-only files.
page 22
Monitoring Applications
Invalid service is running on the user
host.
Invalid software is installed on the
user host.
Control the rights of users in installing
software and report violations in time.
Monitor the running status of system
services and report violations in time.
Issues related to invalid application
programs
Corresponding security measures

page 23
Monitoring the Network
Users access invalid IP addresses or sites.
Users are connected to the Extranet through
invalid accounts or devices.
Provide valid proxy accounts for users to
access the Internet, record IP addresses of
the network devices and the online time.
Monitor the destinations of users online
through access control methods, record the
related blacklist and white list.
Issues related to the network connection
and resources

Users install multiple network cards and
generate excessive network traffic.
Check the IP addresses and time of network
cards to monitor the network traffic
page 24
Checking the System
System registry and outdated user accounts
Vulnerabilities of invalid software and
shared folders of the OS.
No password is set for saving the computer
screen.
A terminal is infected with viruses, affecting
the overall intranet.
Check for anti-virus software, version of the
anti-virus software, version of the virus
engine, and update of the virus library.
Check to ensure that the names of installed
software products and the access rights of
shared folders are valid.
Check the screen saving.
Monitor malicious changes to the registry,
prompt users for outdated accounts.
Issues related to OSs Corresponding security measures

page 25
Checking Patches
OS vulnerabilities
Vulnerabilities of the Internet Explorer and
Windows Office
Database vulnerabilities
Check for the latest version of the Internet
Explorer and Windows Office, prompt users
to update the patches.
Check for the latest version of the database
and prompt users to update the patches.
Check for the latest patches of the OS and
prompt users to update the patches.
Issues related to OS patches

page 26
Security Policy Report
The system collects the asset information on a client side in real time by
delivering the security policy template to the end user and then sends
the asset information to the system administrator for statistics and audit.
The security policy report is subcategorized as follows:
Customizing report tasks
Personal report information
Customizing report tasks
Personal report information
User assets report
page 27
Summary
This chapter is summarized as follows:
The Secospace TSM has taken all aspects of the terminal security into
accounts by following the PDCA standard model.
The Secospace utility is composed of the following:
Security access control
Network resource management
Security policy management
Patch management
Assets account management

Chapter 2 - System Architecture of SECO PDF

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Chapter 2 - System Architecture of SECO PDF

Transféré par

Droits d'auteur :

Formats disponibles

Huawei Symantec Technologies Co., Ltd.

System Architecture of SECO

Corresponding security management

Vous aimerez peut-être aussi