IBM Tivoli and Cisco manual Posture collectors, Posture items and posture elements, 153

￿The user password settings on the client workstation have to be following the policy, which means that the password must be at least eight characters in length and it must be renewed at least every 90 days.

￿The appropriate operating system service pack level must be installed, which is Service Pack 4 for Windows 2000 and Service Pack 2 for Windows XP.

￿Appropriate hotfixes must be applied. As an example we use the KB896423 and KB893756 hotfixes.

￿The personal firewall must be running. We have used a ZoneAlarm personal firewall as the example. However, the rules can be easily modified to support other types as well.

In the sections below we describe the detailed processes of creating these policies. But first we want to introduce the posture collectors in more details.

6.2.1 Posture collectors

A posture collector collects compliance data the same way as a regular data collector. In most cases, one of the regular data collectors is included as part of the posture collector and the compliance data gathered is stored in the same database tables as the data collector. Posture collectors can be added to clients and client groups like regular collectors, and can run on an assigned schedule and return the collected data back to the Tivoli Security Compliance Manager server. Queries, reports, and policies can be defined and run to verify compliance using the data collected.

However, posture collectors differ from regular collectors in a number of substantial ways. First, posture collectors run automatically when the client is started or restarted. The information that is collected by the posture collectors is cached on the client system and can be used by the com.ibm.scm.nac.posture.PolicyCollector collector (or policy collector, for short) running on the client to make a security posture policy decision without contacting the Tivoli Security Compliance Manager server. The policy collector can run the posture collectors at any time to obtain the latest compliance data. Posture collectors also store posture information in an additional database table on the server, which indicates the security posture status of the client.

Posture items and posture elements

Every time a posture collector is run, a basic object called a posture item is created and cached. Each posture item consists of one or more posture elements that reflect the status of the data collection activity and the security posture checks performed by the posture collector. The PolicyCollector running on the client can directly access the posture items associated with the posture collectors and uses this information to make a security posture determination.