Filter
Top Products
Chapter 8. Remediation subsystem implementation 357
8.1 Automated remediation enablement
To enable automated remediation, the remediation handler that is automatically
installed on the client with the
policy collector has to be properly configured. As
opposed to the first release of the remediation solution where an SSH protocol
was used, this release of the IBM Integrated Security Solution for Cisco
Networks relies on the HTTP protocol to download remediation packages from
the remediation server. It also uses a pull method instead of a push method used
with the previous release when the Tivoli Provisioning Manager was used for
remediation. This change greatly enhances the scalability of the solution.
The remediation solution on the client consists of three parts:
Default remediation handler
Tivoli Configuration Manager remediation handler
Tivoli Configuration Manager standalone commands
The default remediation handler is a part of the
com.ibm.scm.nac.posture.PolicyCollector and is responsible for presenting to
the end user the status of the posture check. When armed with the additional
HTML pages as described in 8.3, “Creating remediation instructions for the
users” on page 397, it can also provide an explanation of the current security
policy as well as remediation instructions to the user.
The Tivoli Configuration Manager remediation handler is an additional Java class
that is called when the user clicks the Fix Me button in the interface presented by
the default remediation handler. This element is responsible for connecting to the
Software Package Web Server and downloading the correct remediation
package. It is delivered to the client in the form of the Tivoli Security Compliance
Manager collector named
com.ibm.scm.nac.tcmremed.client.TCMRemed.
Next the Tivoli Configuration Manager commands are called to install the
package on the local machine. Since the software package block (SPB) is a very
flexible format it may include running any command on the system, changing the
configuration files or Windows registry. The set of Tivoli Configuration Manager
commands designed to handle SPB files is delivered to the client with the special
TCMCLI policy described in “TCMCLI utility policy” on page 189.
Summarizing the above, the following conditions have to be met in order for an
automated remediation to be available:
1. The Tivoli Security Compliance Manager client has to be assigned with two
policies. One of them must include
com.ibm.scm.nac.posture.PolicyCollector
and
com.ibm.scm.nac.tcmremed.client.TCMRemed collectors. The second
must be the TCMCLI policy available for import in the
IISSCN extension pack2