IBM Tivoli and Cisco manual Automated remediation enablement, 357

8.1 Automated remediation enablement

To enable automated remediation, the remediation handler that is automatically installed on the client with the policy collector has to be properly configured. As

opposed to the first release of the remediation solution where an SSH protocol was used, this release of the IBM Integrated Security Solution for Cisco Networks relies on the HTTP protocol to download remediation packages from the remediation server. It also uses a pull method instead of a push method used with the previous release when the Tivoli Provisioning Manager was used for remediation. This change greatly enhances the scalability of the solution.

The remediation solution on the client consists of three parts:

￿Default remediation handler

￿Tivoli Configuration Manager remediation handler

￿Tivoli Configuration Manager standalone commands

The default remediation handler is a part of the com.ibm.scm.nac.posture.PolicyCollector and is responsible for presenting to

the end user the status of the posture check. When armed with the additional HTML pages as described in 8.3, “Creating remediation instructions for the users” on page 397, it can also provide an explanation of the current security policy as well as remediation instructions to the user.

The Tivoli Configuration Manager remediation handler is an additional Java class that is called when the user clicks the Fix Me button in the interface presented by the default remediation handler. This element is responsible for connecting to the Software Package Web Server and downloading the correct remediation

package. It is delivered to the client in the form of the Tivoli Security Compliance Manager collector named com.ibm.scm.nac.tcmremed.client.TCMRemed.

Next the Tivoli Configuration Manager commands are called to install the package on the local machine. Since the software package block (SPB) is a very flexible format it may include running any command on the system, changing the configuration files or Windows registry. The set of Tivoli Configuration Manager commands designed to handle SPB files is delivered to the client with the special TCMCLI policy described in “TCMCLI utility policy” on page 189.

Summarizing the above, the following conditions have to be met in order for an automated remediation to be available:

1.The Tivoli Security Compliance Manager client has to be assigned with two policies. One of them must include com.ibm.scm.nac.posture.PolicyCollector and com.ibm.scm.nac.tcmremed.client.TCMRemed collectors. The second must be the TCMCLI policy available for import in the IISSCN extension pack2