Poland
Germany
France
Russia
LuxembourgComarch SecureAdmin
IT system monitoring is a significant tool in IT risk management because it delivers data on the extent and efficiency of system resource use. Comarch SecureAdmin is a user activity monitoring system which operates transparently at the level of the network layer (passive and active analysis).
These features mean that implementing Comarch SecureAdmin does not require the modification or reconfiguration of existing applications or systems and its presence is not visible to users. A further imposing feature is the capacity to monitor encrypted connections. This makes it an excellent supplementary system for monitoring user activity. It is based on application and system logs and may also be deployed to monitor administrator activity.
Comarch SecureAdmin System Architecture
System Components
Comarch SecureAdmin has been produced in three tier architecture and has the following components:
- Sensors – dedicated servers equipped with at least three network interfaces, including two operating in bridge mode. Their task is to monitor network traffic, analyze selected connections according to the required configurations and record the data collected
- Network Managing Server – the central server that manages the sensors and the data collection
- Administration Console – a www console enabling system administration and providing a view of the data collected by the system.
High Volume Protocol Analysis
There are two ways network traffic is analyzed:
- passively,
- actively using MITM (Man in The Middle).
Passive analysis is based on the incoming packet queue mechanism provided by iptables software. This is the way analyses for simple protocols in plain text such as Telnet, POP3, IMAP, FTP, SMTP, SMB, NFS, Oracle, MySQL, PostgreSQL and MSSQL are conducted.
MITM analysis techniques, though, involve a sensor intervening between the server and client and assuming their identities. Protocols using encryption or that require modifications to the transmitted packets such as SSH (versions 1 and 2), SSL (FTP, POP3, IMAP, LDAP, SMTP, HTTP) and X11 are analyzed in this way.
Transparency
The network traffic analysis and monitoring provided by Comarch SecureAdmin is transparent to users. This is easy to achieve with passive analysis because the packets transmitted in the connections are in no way modified.
Comarch SecureAdmin is exceptional because it also offers transparency in MITM connection analysis. In this mode the sensor uses iptables mechanisms to transfer connections to a local port and simulate the client’s connection. Meanwhile, the sensor connects with the server in the name of the client. The server hides behind the IP addresses of real servers and clients so that it is invisible both to the client and the server.
Managing SSH keys and SSL certificates and keys is performed centrally from the administration console.
Logging User Activity
Comarch SecureAdmin monitors network traffic and conducts protocol analyses to log user activity. This means recording their actions and the consequences of those actions. Were they performed successfully or were errors committed?
The following information is logged for each connection analyzed:
- Time connection began
- Duration of connection
- Source address and port
- Destination address and port
- MAC and DNS addresses, if available
- Protocol type
- User name and password, if available
- Information specific to the monitored protocol.
Download:
- Comarch Makes a Personal Finance Management Application for Bank BPH
- Erste Bank Ukraine implemented Internet - Banking System by Comarch
- Comarch deploys a mobile insurance solution with BRE Ubezpieczenia
- State of the Art Comarch electronic banking platform was launched in Rabobank Polska S.A.
- Comarch PFM featured in recent Gartner report
Follow our updates on Twitter
Watch us on YouTube
Save to AddThis.com
Connect with us on LinkedIn
