iRecorder Reference Guide for SiteMinder Web Access Manager › eTrust Audit Overview › About Improving Security and Network Communications

About Improving Security and Network Communications

In today’s security-conscious environment, the eTrust Audit system encounters security-related obstacles as enterprises try to deploy it across large networks. The flexible implementation possibilities available with eTrust Audit let you install the Client components on various systems. For example, you might install recorders on remote systems and the rest of the Client components on a centralized server that routes events from a number of recorders. If any of these recorders are outside your firewall, you might experience some of the following problems:

• The RPC protocol is rarely permitted across firewalls because it uses dynamic TCP/UDP ports. RPC also lacks the secure communications standards that other protocols, such as TCP or HTTPS provide.

  eTrust Audit uses RPC to send events to the Router, deliver policies from the Policy Manager, and forward events to Collector and Security Monitor (OCRA). If any of these components are deployed across a firewall, the system may fail due to the firewall blocking RPC traffic. One solution is to use fixed TCP ports and open these ports on the firewall. However, the question of data protection against network spoofing or tampering remains open.

• Guaranteed delivery is enforced in OCRA but not in SAPI, thus running the risk of losing original events.
• Secure delivery through encryption is assured with OCRA but not with SAPI, which is the route taken by the events from the Recorder to the Router. This problem becomes critical when the Recorder is separate from the Router, where most often the Recorder is located outside the intranet and is thus unguarded against spoofing.
• There is no provision to ensure events are not tampered with during their journey from the Recorder to the Router.