Introduction to Babel Enterprise 2.0
Babel Enterprise 2.0 is a security dashboard.
Babel Enterprise 1.2 is more focused on technical aspects. It is a powerful tool able to audit the main technologies of operative systems of the market. There are agents of Babel Enterprise that can be executed in last versions of Microsoft™, such as Windows 2003, or Windows XP and in Unix systems more commons like Solaris™ 9, AIX™5.1, SUSE GNU/Linux 9 ES and Debian/Ubuntu Dapper. Also Babel Enterprise agents can be easily adopted for another versions or another systems such as BSD o HPUX™). With this agents it is posibly to verify the fullfillment of security policies, according to the installation and maintenance of systems. And besides, as results are normalized, it allows to compare the results among themselves
But Babel 1.2 is not a security control panel, to be, it lacks three fundamental things:
- The capacity of adding data of different sources in concrete assets.
- The capacity to be able to work on policies, that act like a filter on the data obtained of the different sources. These policies are the metrics that measure the fulfillment of the objectives dialed by a level company of security
- The capacity of integrating interactive data for part of a security director as the data obtained of automatic form by the agents can be fullfilled.
With these premises, it has been developed Babel Enterprise 2.0, like an estructure that is able to integrate different data of different sources, selecting those of interest in the multiple assets of an organization- by means of different filters-. The sources in each organization will be several and each corporation will be free to develop specific models, and to integrate them in the structure that right now is developed.
Babel Enterprise 2,0 is designed to manage the security of systems in a big and complex ground with different technologies and different Operating Systems with different versions and configurations. It can managed by different human teams with different capabilities and responsibilities. And it allows being installed with redundance of all his components.
Babel Enterprise 2.0 use a pragmatic point of view and it try to evaluate the points that represent a risk for the security and that can be improved with help of the administrator. It is a non intrusive tool that does not introduce any change in the sistems that audit,only execute the test that are needed and it give the results in an detailed report, which includes a numerical indicator that show the security level of the system.
Babel Enterprise 2.0 is a plataform that allows to build that is called " A Security Dashboard" 100% adapted to the necesities of each company. The dashboard in this version, is delimited by the following aspects:
- Capacity of evaluating the fullfillment level of a normative(in Spain LOPD, LSSI e ISO/UNE 17799). In International corporations, mainly SOX (Sarbanes-Oxley).
- Capacity of implementing software test to validate the fullfillment of these policies.
- Capacity of evaluating the risks of the actives(this is verified by Babel 1.2)
- Capacity of evaluating the risks comming from outside. It has been integrated with Nessus, and Snort and it has the capacity for integration with almost all aplication of this kind.
- Capacity of monitoring levels of service (SLA) and disponibility of the services and proceses of bussines, integrating this with Pandora FMS.
- Management of security events reported by security actives through the integration with Pandora FMS, event collectors, Antivirus or AntiSpam. This means that Babel can present and relating between them those data already procesed by each of the tools before mentioned,not to do Babel "collect" all this information.
- Capacity of saving all this information for a limited time for keeping this information for a while for consultation from an independent auditing.
Babel Enterprise 2.0 is Open Software, has got an open API, all his internal details are open, has got a public repository (Subversion) and all the documentation has been generated using open standards, such as DocBook SGML,and edited using Open Software (eMacs, OpenJade). The WEB page of the project is http://babel.sourceforge.net.
Advanced users can modify them and adapt them to their sistems.
The architecture of Babel 2.0 can be graphicaly on the image that follows:
Babel Enterprise has gor an architecture distributed on serveral items.
Babel has been designed with a very modular structure, easy to expand and customize. The agents are defined with independent modules. The modules have .bem extension (Babel Executable Module). Each module executes a diferent portion of the audit (users, permissions,services, etc).
Some of them have asociated a small database in plain text or different elements of configuration. They works as a white list or black list, allowing to de administrator to parametrize an configurate the way each agent works, filtering the information gathered.These files have the same name as the module, but with .lst extension. For example, in the password module, the library file (.lst) contains those words that we will use as dictionary and that usually are the tipical passawords that are used in our corporation (name of the department, enterprise, "corporative"passwords, etc).
Each version of Babel Enterprise has diferences between the modules acording to the architecture it is going to be implemented on, for exemple, in GNU/Linux it exist one module named xined.conf, while his equivalent in Solaris™ o AIX™ is named inetd.conf.The internal developement of each module has been adapted to the original arquitecture, and the modules for Solaris™ are not executed without changes in AIX™. Is for this reason that it exists different agents of Babel Enterprise for each arquitecture.
The server(Babel Data Server) is the main component that proceses the file data (xml) generated by the agents. Each XML contains an information sequence separated by modules. Each module is of a special kind that has to be previously defined in Babel console and store by it in the Database.
With this server, these data files are procesed and they become visible data with the help of the user from the administration console of Babel Enterprise. The server generate "raw" audit data (without risk evaluation) for the whole of the procesed data. Also, it generate the diferents policies (with risk evaluation) for the whole of procesed data. As well, it is able to process related information becooming of data like plugin, that links the information get by the agent with information asociated of plugins which are linked to specific data modules got by the agent.
Finally, the server, after procesing the data file, delete it from the file sistem where it has been received.
The WEB Console is the user's graphic interface. It visualize information and allows to have access to all kinds of detailed graphic reports regarding executions of security policies. This ground also allows to manage the Babel Enterprise infrastructure and get information of each agent condition.
The Database keeps all information concerning Babel Enterprise: information about the agents, user's profiles, audit elements, configuration items, and of course, data if each audit performed. The database works with MySQL, and a cluster MySQL can be used for improving the performance and escalability
Babel Enterprise collectors are new components of Babel that allow to process information from several different sources. The main difference between a collector and an agent is that the colector allows to process from one only time the information coming from several sources, creating different audits and policies needed for each agent (asociating the data from the IP of the agent that works in Babel)
The collector's arquitecture is divided in:
- Collector agent: Small aplication (that can be developed in almost all lenguage)and that allows to generate,through a data file, a XML specific of Babel Collector so this can be procesed by the collector server. The XML includes all data procesed by the beginning. This generated file will contain all information for all the machines that are in Babel (clasificated by IP direction) and all the modules that contain a module associated to these machines.
- Collector Server: Server that processeses the XML generated by the Collector Agent and that is able to translate the original format into a XML such as Babel Collector.
The first collector developed has been the collector for Nessus policies. This colector agent is developed in Python and it processes a Nessus audit on .nbe format, generating a data file of babel collector following the XML Collector structure before mentioned. When the XML has been generated, you have only to make a call to the Collector Server to it processes the data file that has been generated by the Nessus Collector Agent.
New organization of Babel 2.0
The new version of Babel Enterprise 2.0 has drastically changed the way of understanding and processing the information that comes to the agents.
Babel has been divided into different groups:
- Domains: It is an organizational division, it can be, for exemple, one group of subsidiary enterprises in a root enterprise, a series of departments or
simply, different clients. The agents are asociated to domains.
- Areas: They are groups of logic knowledge, where the information is keept.
As an example we can talk about: LOPD Regulation, ISO 17799 Regulation, External Vulnerabilities, Security in Systems, IDS, Perimetral Security, Security Management,physical Security, Availability, etc.
- Policies: They are a filter of information with secutity metrics for each kind of reported item. These policies are aplied on domains, and at the same time these are executed in the agents that belong to these domains and that contains data included in the defined policies. According to the metric contained in each policy, an index of risk for each module is generated in each policy. As an exemple, policies can be: Snort Policy, Nessus Policy, Patch Management Policy, Fullfillment of 1799, Sistems Hardening and LOPD
Technical Groups: It is a technical group that classify the agents that will send data to Babel Server.l.