IBM Tivoli and Cisco manual Project overview, Action Reference Part I Security compliance server

In the practice of IT security, it is possible to design an extremely secure, hardened system. However, this apex of maximum security will likely incur a cost of reduced system usability. Likewise it is possible to create a very user friendly, highly accessible network, but at a cost of reduced security. The IT Security Administrator must strive to strike a balance between these extremes. The introduction of a Network Admission Control system is a new technology for most, if not all, companies today. Armando Banking Brothers is no exception.

To implement the whole solution, ABBC has to designate the project, which will consist of three teams, each of them responsible for implementing one of the three parts presented below:

￿Compliance team primarily responsible for implementing the corporate security policy for desktops in Tivoli Security Compliance Manager. This team will maintain the security policy, run the compliance audits, and operate the Tivoli Security Compliance Manager server.

￿Network team responsible for configuration and maintenance of the Network Admission Control components enforcing the compliance to the security policy for the workstations connected to the ABBC’s corporate network. This team is also responsible for network design allowing the noncompliant workstation to access the resources necessary for remediation as well as for the guest network access required by partners and contractors.

￿Operations team responsible for user workstation configuration and user support. Part of their job is to maintain compliance of the user's workstations. They will facilitate this process by operating the remediation server that is already in use at ABBC: IBM Tivoli Configuration Manager. Enhanced, automated remediation capability provides a way to minimize user frustration, rising help-desk costs, and loss of user productivity.

Project overview

Table 4-1provides a high-level overview of the major ABBC project parts and project steps. Remember, ABBC is a hypothetical company. There are many more steps, substeps, and considerations in an actual deployment. IBM always recommends the procurement of qualified service consultants as well as utilization of the IBM Solution Assurance Review Process.

Table 4-1 High-level project overview

88Building a Network Access Control Solution with IBM Tivoli and Cisco Systems