> developer > success
Blue Lance, Inc.
LT Auditor+*
British Telecom deploys LT Auditor+ to manage internal auditing across platforms.
Reader Rating    from ratings rate this article
View a Printer Friendly Version of this Page Send this page to a friend

“LT Auditor+ enabled us to address the requirements of our internal auditors and consequently comply with our corporate security policy.”

Mike Hopkins
Senior Technical Specialist
British Telecom

background
BT (http://www.bt.com) is one of Europe’s leading providers of telecommunications services. Its principal activities include local, national and international telecommunications services, broadband and Internet products and services, and IT solutions. BT serves over 20 million business and residential customers with over 29 million exchange lines, as well as providing network services to other licensed operators.

BT Group plc is the holding company for an integrated group of businesses providing voice and data services in the UK and elsewhere in Europe. British Telecommunications plc, a wholly-owned subsidiary of BT Group, holds virtually all businesses and assets of the BT group, principally of three lines of business:

  • BT Retail, serving businesses and residential customers and including BT Openworld, one of the UK’s leading ISPs.
  • BT Wholesale, providing network services and solutions within the UK, including ADSL, conveyance, transit, bulk delivery of private circuits, frame relay and ISDN connections.
  • BT Global Services, BT’s managed services and solutions provider, serving multi-site organizations worldwide. Its core target market is the top 10,000 global multi-site organizations with European operations.
Other businesses within the BT group include BT Exact, an internationally renowned center of excellence in IT and networking technologies. It is also BT’s technology and research and development business.

BT is also one of Europe’s largest users of Novell’s NetWare® operating system and NDS®/eDirectory™ software. BT also has a significant deployment of Microsoft* Windows NT* and Windows* 2000 servers as well as other proprietary mainframe and mid range systems. The organization employs in excess of 100,000 people and within the Novell environment they have a similar number of user accounts.

situation before Blue Lance solution
Organizations have become increasingly focused on securing their internal IT systems and networks from external penetration, yet surveys consistently show that security breaches often occur within an organization’s internal network and operations. Consequently, auditors and security managers now place a higher priority on securing their internal networks. This is typically achieved through measures such as assessment, monitoring, reporting, alerting and enforcement. Deployment considerations are important so as not to compromise operational capability and to minimize management and administration overhead.

During 2001, BT’s internal audit determined that further measures were needed in order to meet the demands of their security policy. This is an ongoing process of review to ensure the organization is continually vigilant to possible threats and risks as their internal systems, procedures and operations change in line with the global business climate. The rapid deployment of network access throughout the vast organizational structure meant that the need to be able to account for users’ activity across the enterprise was becoming more important. With a complex and varied network infrastructure, it was inevitable that there would be many users who had administrator rights, access to server consoles and, potentially, access to sensitive and confidential data. Auditing user activity is not necessarily viewed as a way to catch culprits, what it does ensure is that cases of human error and other incidents can be identified with appropriate action taken promptly. BT identified a number of requirements with both audit, technical and operational considerations in mind; it was not possible to address these by standard operating system functionality within the Novell or Microsoft platforms:

Audit requirements

  • A clear accountable audit trail of user activity
  • Tracking security changes such as changes to user passwords and users’ rights
  • Monitoring of attempted intrusion: failed login attempts & intruder lockout
  • Auditing auditors’ use of the software

    Functional/technical requirements

  • Cross platform Novell and Microsoft server-based auditing
  • Centralized configuration and reporting
  • Highly scalable

    Operational requirements

  • Easy deployment and ongoing configuration
  • No server downtime or service interruption
  • Tamper proof with no disruption to the auditing process
    • situation after Blue Lance solution
    After surveying the market for available software solutions, one of the products chosen for further investigation was a product called LT Auditor+, developed by Blue Lance and distributed by Altman Technologies Ltd, a UK-based software house specializing in network and security management solutions. The initial investigation confirmed that LT Auditor+ matched BT’s specification of requirements. A formal evaluation was undertaken with regular consultation between BT’s technical staff, Blue Lance development and support personnel, and Altman Technologies technical services team. BT needed to address a number of security issues that their auditors had identified including intruder detection issues and tracking of security changes. LT Auditor+ was able to meet these requirements using the powerful filtering and exception reporting capabilities available.

    At the conclusion of their evaluation, BT procured an enterprise license for the LT Auditor+ software. In addition to addressing BT’s broad functional specification, there were a number of key issues that helped make LT Auditor+ the chosen solution. Firstly, the centralized configuration and reporting capability which would aid a speedy deployment and minimize ongoing maintenance and management resource. This subsequently proved to be a key benefit as BT completed their initial deployment of LT Auditor+ three months ahead of their deadline. Another key issue was scalability – during test, this had also been more than satisfactory and the live roll-out confirmed that LT Auditor+ was indeed highly scalable with the first stage of implementation covering approximately 350 servers.

    Another major consideration for BT was the issue of supplier and distributor relationships. BT’s policy is to "buy into" a company’s product based on current technology but they also place great importance on the stability of the supplier, the service and responsiveness as well as the future development plans for the product. Working closely with both Blue Lance and Altman Technologies, BT were able to satisfy themselves that both suppliers met these requirements. Both Blue Lance and Altman Technologies have been in business since the late 1980s and serve an extensive list of clients in the corporate, government, financial and public sectors.

    Since the initial roll-out of LT Auditor+ on the NetWare platform, BT has commenced the deployment of LT Auditor+ within their Active Directory* environment that supports some 100,000 users in authenticating to Microsoft services. LT Auditor+ is also being deployed within three new large NetWare 6 environments including the LDAP directory supporting the authentication and authorization of Web services.

    conclusion
    Living with LT Auditor+ has been simple and has brought significant benefits to BT. The auditor’s responsibility for mitigating risk has been addressed using LT Auditor+. Furthermore, the IT infrastructure has been able to deliver these services without any overhead on their staff resources or network infrastructure. Within BT’s team that were closely involved with all stages of the investigation, evaluation, decision-making process, implementation and ongoing deployment, there were two key figures. Firstly, Ashok Patel, manager of BT's Network & Systems Division, whose team is responsible for BT’s distributed Platform Strategy and Design. Secondly, Dr Mike Hopkins, Senior Technical Specialist in Ashok’s team who was leading the technical evaluation and subsequent roll-out.

    "LT Auditor+ enabled us to address the requirements of our internal auditors and consequently comply with our corporate security policy," says Hopkins. "Key issues were scalability and ease of deployment and we were very happy on both counts with the LT Auditor+ solution. A significant benefit provided by LT Auditor+ was the centralized management, configuration and reporting capabilities which enabled us to complete our initial roll-out to 350 servers in just two months, some three months ahead of the auditors’ deadline. During the initial evaluation stages, Blue Lance proved very reactive in producing product enhancements to fulfill specific audit requirements that BT had."

    for more information
    http://www.bluelance.com Blue Lance, Inc.
    ©2003 Novell, Inc. All rights reserved. Novell, NetWare, and NDS are registered trademarks, and eDirectory is a trademark of Novell, Inc. in the United States and other countries.

    * LT Auditor+ is a trademark of Blue Lance, Inc. Active Directory, Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. All other third-party trademarks are the property of their respective owners.