Link: Moving Your Novell GroupWise System to Linux

Rationalize Software Licenses

An inventory of licenses should uncover those that are idle, underused, and even incorrect. Tools like Zenworks Asset Management can be used to create an inventory of all applications used across the enterprise and reconcile those numbers with the existing licenses. That can be a base for a comprehensive review of how many licenses are truly necessary, to retire those that aren’t, and to then negotiate greater discounts by consolidating licenses.

Standardise technologies

As a company grows it acquires a diversity of technologies including programming languages, operating systems, and integration tools. This runs contrary to the notion of accomplishing work with a minimum expenditure of time and effort. A careful review will point out redundant versions, unsupported technologies, and nonstandard tools that should give way to fewer, more standard systems. The cost savings come from simpler and consolidated procurement, as well as lower support and maintenance expenditures.

Securelinx advises choosing a single Linux vendor, be it Red Hat, Novell/SUSE or another vendor. This helps to avoid the problem of having patchwork systems that require substantially more time and money for support and maintenance, at the expense of budgets, new IT capabilities, and innovation. It may also be the opportunity to accelerate a move away from an expensive Unix platform. For a number of years we have observed migrations from legacy Unix systems, to Intel-based hardware coupled with a Linux Operating System. This duo provides a number of advantages. From the financial perspective – commoditized hardware reduces costs and puts the company in a good bargaining position, as it can play various hardware vendors against each other. From a staff perspective – the similarities between Unix and Linux allow, with little training, the transfer of existing skills to support the new environment.

Encourage reuse

Too many companies spend precious IT resources reinventing the wheel. A serious review of an existing project portfolio will probably uncover a number of opportunities to reuse existing solutions and build a common repository of services and solutions. The starting point is to learn what systems exist in the organisation, what application(s) they run, and what level of resources they consume. These apparently obvious questions often prove difficult to answer without historical data that tracks resource usage. A number of software vendors address this problem by offering solutions for availability and performance monitoring. The most popular commercial ones are OP5 Monitor, ManageEngine’s Applications Manager, or Solarwinds. There are also open source projects, lead by the long-established and highly customisable, Nagios.

Consolidate systems that do similar things

Different business units in the same company often have their own versions of essential systems, such as payments and Internet applications. Consolidating these systems at the corporate level can bring substantial savings and make processes simpler and more efficient. The effectiveness of the task depends on intra-departamental communication. In addressing each opportunity, the CIO and business leaders must evaluate trade-offs between short-term convenience and short- and long-term costs and complexity for company as a whole.

Knowledge of usage patterns we mentioned previously may (for example) identify candidates for virtualisation. Most of the commercial Linux vendors bundle virtualisation technology as a part of the operating system and even basic subscription options allow users to run multiple virtual machines on a single host. Consolidation of physical servers and applications increases server utilization, thus lowering hardware, maintenance and electrical costs. It may be done at the unit level, offering some savings, but the most gains from consolidation can be realised if it is agreed and supported at organisational level.

Here we will present five quick wins which, while easy to implement can significantly improve security. This should not replace traditional platform hardening process which is the recommended course of action, but to draw attention to the tools available out of the box that can be easily switched on even on the system already in production environment.

1. Activate Internal Firewall.

IPtables software is installed by default on SLES and can be used to secure your server from unnecessary or damaging traffic,Yast provides easy and intuitive graphical interface which allows restrict access to the system only on specific ports. This is easy task and the main challenge very often turns to be the identification of the TCP and UDP ports that should be allowed.

2. Patch your server.

Failure to keep operating system and application software up to date is the most common mistake made by information system professionals and users. Novell publishes list of released patches on Patch Support Database website.

The easiest way to ensure the compliance is by using Online Patch Management Tool available trough Yast. For multiple systems or when security policies do not allow direct connections to the internet better choice may be the Subscription Management Tool. It is is a proxy system integrated with Novell Customer Center and provides key Novell Customer Center capabilities locally at the customer site, allowing a more secure centralized deployment.

Enterprises may consider implementation of Zenworks Linux Management which can scale to support large IT systems. In addition to standard patching ZLM can provide build management, bare metal installations, configuration management and software and hardware inventory.

3. Disable unnecessary services.

Aside from consuming resources some of the default services can be used as a door by which attackers can gain access to the system. The typical candidates are portmap (if nfs is not used), cups (if printers are not configured on the system).

Another service – SSH is typically used for remote management and if it can not be disabled for practical reasons, direct root logins should at least be disabled and only SSH protocol version 2 allowed.

4. Use sudo.

Sudo is great little tool which deserves more attention from Linux administrators. First benefit is that it makes unnecessary to use root password for day to day management tasks. Secondly it allows granular delegation of tasks between staff. For example database administrators can be given right to start/stop applications they manage and mount disks, while being forbidden from altering network configuration or creating new users.

5. Enable audit subsystem

The audit subsystem provides quite extensive list of rules that can be set to audit events on the system. The choice may be overwhelming but with little effort auditing of login events can be enabled. This is done through setting AUDITD_DISABLE_CONTEXTS=”no” variable in /etc/sysconfig/auditd configuration file and then ensuring auditd service is started automatically during boot time.

The Subscription Management Tool provides an alternative to the default configuration, which requires opening the firewall to outbound connections for each device to receive updates. That requirement often violates corporate security policies and can be seen as a threat to regulatory compliance by some organizations. Through its integration with Novell Customer Center, the Subscription Management Tool ensures that each device can receive its appropriate updates without the need to open the firewall, and without any redundant bandwidth requirements.

In a nutshell, the Subscription Management Tool for SUSE Linux Enterprise provides you with:

* Assurance of firewall and regulatory compliance
* Reduced bandwidth usage during software updates
* Full support under active subscription from Novell
* Maintenance of existing customer interface with Novell Customer Center
* Accurate server entitlement tracking and effective measurement of subscription usage
* Automated process to easily tally entitlement totals (no more spreadsheets!)
* Simple installation process that automatically synchronizes server entitlement with Novell Customer Center

Support for the Subscription Management Tool for SUSE Linux Enterprise 11 is included with any SUSE Linux Enterprise subscription at no additional cost.

Contact Securelinx for additional information and professional advice on managing your Linux infrastructure.

The ability to search, sort and filter vast data volumes has been greatly improved with pagination for views of hosts and services. The new improved search feature includes auto suggestion and let you search on hosts, services host groups and service groups.

A new module for network visualization  has been included in op5 Monitor which allows to visualize the infrastructure using three different map types;
* Auto map, a auto drawn topology map using parent / child relationships.
* Static Map makes it possible to put any object (host, service, host group or service group) on an image of choice.
* Geo map, uses Google maps API, drawing a map by using addresses or gps coordinates on your monitored objects. Object and status information as well as links can be included in the map. The maps can be visualized as widgets on the tactical overview or be used on big monitors in operation centers.

More Screenshots.
Download Demo

Contact Securelinx for further details.

Redhat published detailed instructions on how to take advantage of the new system here.

You can’t rely on infrastructure solutions to protect this critical information, because in many cases the infrastructure simply isn’t involved: both the information and the attacker trying to steal it are on a customer site, in a hotel, or at a wireless hotspot. And even if the notebook or workstation itself is not stolen, gigabytes of data can be copied to a thumbdrive and taken away in a matter of seconds.

To protect this data from prying eyes, you need to use encryption. This can ensure that even if an attacker gets their hands on the data, it is unreadable and unusable. But not just any encryption solution will work in the enterprise setting: the encryption system and its key-management need to be centrally controlled and coordinated, because otherwise each protected notebook or workstation becomes cut off from the others and productivity is badly hurt.

ZENworks Endpoint Security Management gives you the ability to protect your mobile data by actively enforcing corporate encryption policy on Windows 2000, Windows XP and Windows Vista endpoints.

• Centrally create, distribute, enforce and audit encryption policies on all endpoints and removable storage devices
• Encrypt all files saved or copied to a specific directory on a volume
• Encrypt all files copied to removable storage devices
• Manage keys through the Management Console, which also controls firewall, wireless security, VPN enforcement, endpoint integrity and removable storage device security
• Share files freely within an organization while blocking unauthorized access to files
• Share password-protected, encrypted files with people outside the organization through an available decryption utility
• Easily update, backup and recover keys according to policy without losing data

Related: 
Zenworks Endpoint Security Management Features and Benefits
Securelinx implementation and support services

What is Novell On-demand Training?

On-demand Training provides a convenient and flexible delivery method that is available whenever and wherever you are available. Accessible online anytime and anywhere a high-speed broadband Internet connection is available, this is the perfect option if you don’t have the time or budget for onsite or even scheduled online classroom training. It’s ready and waiting when you have just a small amount of time, for example, while you’re waiting for a backup to finish running before going to lunch.

Consisting of demos of technologies as well as recorded instructor lectures, On-demand Training eliminates the need for time away from work for travel and training, reducing expenses and lost productivity while still giving you the expertise you need to remain competitive.

Available Courses

With more than 40 courses available, the Novell On-demand Training library provides training at four different levels:

* First Look courses cover the fundamentals of installation, basic configuration and new features of a product. This training prepares you to continue on your learning path toward other Novell courses and certifications.

* End-user courses are targeted directly at your end users, for example, everyone in your company that uses GroupWise or all those migrating to SUSE Linux Enterprise Desktop. These courses give them a working knowledge of those client applications and operating systems.

* Administrator-level courses teach the basic, day-to-day operations of products that enable you to use them productively. Many of these administrator-level courses cover necessary information for Novell certifications.

* Engineer-level courses provide intermediate to advanced training on special products and their uses. While not as advanced as Advanced Technical Training, or Novell ATT, engineer-level courses go far beyond normal day-to-day administration topics and allow you to function as if you have had some of the most advanced training available!

Contact Us for further information and purchasing options.

——————————