Latest Posts

IBM Guardium Tasks List to Onboard new DB servers

I was working on IBM Guardium project to onboard some DB servers into system.
To demonstrate how much work it will be , I created this tasks list. It is a draft for my own usage. I am sharing it out through my blog post. Hopefully there are more feedback coming to get this list fulfilled.

It will only cover three main requirements, creating a new Collector, DB Vulnerability Assessment, and Data Security Policy.




Note: This list is still to keep updating.


No. Tasks Sub Tasks Progress ETA
1 Install a new collector One Week
1.1 Prepare Environment for Installing new collector: IP Address, Network Mask, Default Route, DNS, NTP, SMTP
1.2 Set up virtual appliance for new collector - same specification as existing one (192.23.1.9)
1.3 Download same version image as existing collector, load guardium image do standard installation
1.4 set up initial and basic configuration through command line: IP, Gateway, DNS, NTP, SMTP, change default password, timezone, reboot system
1.5 install license key, apply patches, snapshot system. 
2 New Collector Integration with Guardium Mgmt Server (192.23.1.8) One Week
2.1 Verification CLI installation
2.2 Log Aggregating to Aggreator / Central Manager
2.3 Configure log shippment from new collector to Aggregator
2.4 AD Integration, Configuration sync/push from Aggregator to Collector
2.5 System backup Configuration
3 Install GIM Agent / Stap on DB Servers Two Weeks
3.1 Generate Installation Scripts for each server and DB
3.2 Create user and group on DB Servers
3.3 Install GIM Agent and Stap software
3.4 Verification GIM and Stap installation
4 Create System Monitor Alert for new DB and Collector One Week
4.1 monitor S-tap on both servers
4.2 monitor collector status
4.3 Monitor collector local disk usage
4.4 Data Archive Policy , Data Export / Import / Purge Configuration
5 VA Two Weeks
5.1 Datasource Definition
5.2 Discover Sensitive Data (Optional) , Discover Database (Optional)
5.3 Buiding DB2 / MS sQL Security Assessment
5.4 Verify results and schedule Audit reports
5.5 Review results with DBAs (Hardening policy)
6 Policy for Data Security Three Weeks
6.1 collecting Sensitive Fields
6.2 Collecting Priviledge Accounts
6.3 Define Use Cases (Optional) - Same Use Cases
6.4 Create same Data Security Policy as Pilot projects but for different DBs.
6.5 Create alerts / reports etc.
6.6 Use Cases Testing / Tuning






1 comment:

  1. This is a draft version. You might want to add more columns into this list, such as comments, description, Due Date, Resource Name, etc.

    ReplyDelete