Course Description

IBM Tivoli Risk Manager is an open, cross-platform, standards-based enterprise security management solution based on the Tivoli Enterprise Console. It enables customers to seamlessly manage security intrusions and vulnerabilities across networks, hosts, operating systems, applications, servers, and desktops. This is especially important as attacks and intrusions increasingly target the entire enterprise, rather than just a sub-system. Consequently, defending against these threats requires an enterprise view of securitya coordinated approach that harnesses the intelligence of the different security checkpoints within an enterprise.

In this course, students will learn about the overall Risk Manager 4.2 architecture, and the installation and configuration steps for deploying a successful Risk Manager installation.

Simulated exercises will provide hands on experience installing and configuring the product, and monitoring and viewing events.

Class Length
3 days

Objectives

After completing the Risk Manager Instructor Led Training Course, students should be able to accomplish the following:

• Describe the different physical and logical components of Risk Manager 4.2
• Describe sensor events, incidents, and incident groups in Risk Manager 4.2
• Design a basic Risk Manager architecture based upon business security requirements
• Install the different components of Risk Manager 4.2
• Configure the Tivoli Enterprise Console Server to receive, process, and correlate Risk Manager events
• Configure the Risk Manager Event Adapter
• Configure the Web IDS adapter and use it to monitor web server intrusion events
• Configure the Network IDS Adapter and use it to monitor network intrusion events
• Configure and Customize the Web Advisor application
• View and close Risk Manager events through the Tivoli Enterprise Console
• View reports analyzing events detected by Risk Manager

Integrators will need prerequisite knowledge in the use of the enabling technology (Tivoli Framework and Tivoli Event Console - TEC) which security administrators do not need.

This course is focused on general product capabilities, it is not intended to review security issues, nor does it cover the all of the numerous event adapters available for Risk Manager 4.2

Who will benefit from this course
Customers, Internal Audiences, and business partners will benefit from the installation and configuration, use, and simple troubleshooting of Risk Manager 4.2.

Required Skills Knowledge
Student should have a moderate level of Windows NT/2000 and UNIX system administration skills, HTML/XML/Text editing skills, and TCP/IP networking. Tivoli Management Framework and Tivoli Enterprise Console skills are helpful but not essential.

Prerequisites
IBM Tivoli Enterprise Console 3.8

Course Outline

• Unit 1: Introduction to Tivoli Risk Manager
• Lesson 1: Why Tivoli Risk Manager?
• Lesson 2: Features of Risk Manager
• Unit 2: The Tivoli Risk Manager Architecture
• Lesson 1: Overview of the Tivoli Risk Manager Architecture
• Lesson 2: Risk Manager Agent
• Lesson 3: Event Sources, Sensors, and Adapters
• Lesson 4: Tivoli Risk Manager Client
• Lesson 5: Event Server
• Lesson 6: Distributed Correlation Servers and Gateways
• Lesson 7: Event Archive, Web Information Services, and Reporting
• Unit 3: Events and Event Flow
• Lesson 1: Events
• Lesson 2: Incidents
• Lesson 3: Incident Groups
• Lesson 4: Event Transport
• Unit 4: Installing the Risk Manager Event Server
• Lesson 1: Planning the Installation
• Lesson 2: Installing Tivoli Risk Manager Event Server Components
• Lesson 3: Configuration of the Tivoli Enterprise Console Server
• Unit 5: Installing Risk Manager Clients, Gateways, and Distributed Correlation Servers
• Lesson 1: Installing a Risk Manager Client
• Lesson 2: Installing a Risk Manager Gateway
• Lesson 3: Installing a Risk Manager Distributed Correlation Server
• Unit 6: Configuration and Customization of Risk Manager
• Lesson 1: Overview of Risk Manager Agent Customization Files
• Lesson 2: Customizing Summarization
• Lesson 3: Customizing First Level Correlation
• Lesson 4: Configuring Heartbeat Monitoring
• Lesson 5: DNS Look-up Configuration
• Lesson 6: Customization and Tuning of Risk Manager for Scalability
• Unit 7: Installing and Configuring Adapters and Sensors
• Lesson 1: Installation and Configuration of Web IDS
• Lesson 2: Installation and Configuration of the Network IDS Sensor
• Lesson 3: Installation and Configuration of the Windows Host IDS Adapter
• Unit 8: Using Tivoli Risk Manager
• Lesson 1: The Risk Manager Event Console
• Lesson 2: Web Applications: Event Details
• Lesson 3: Web Applications: System Information
• Unit 9: Web Advisor
• Lesson 1: Configuration of Web Advisor
• Lesson 2: Using Web Advisor
• Unit 10: Risk Manager Commands
• Lesson 1: Risk Manager Commands