Configuring Regulation Audit Profiles

Before you can audit your network for compliance with PCI DSS or SOX requirements, you must define a regulation profile where you specify the components in your environment that are used in the audit tests. You can configure many profiles to accurately represent your environment. The compliance tests run automatically when:

  • A revision is received for the specified targets
  • The network topology changes the path calculations
  • The profile is changed and saved, for example when you add a new device

For each profile you can configure syslog and email notifications that are sent when a new violation is found. The notification includes a summary of new and existing violations.

The SOX audit profile requires you to select the devices that you want to audit.

The PCI DSS audit profile includes:

  • Targets - You can define multiple devices to audit for PCI DSS compliance.
    • Target - The devices or policies that are tested for compliance
  • Networks - You can have these automatically defined based on the network topology or you can define them manually with SecureTrack zones, IP addresses and network objects
    • DMZ Networks - Networks that are considered as the DMZ networks, such as a web server farm
    • Internal Networks - Networks that are considered as the internal networks, such as the internal office network
  • Network components with PCI DSS-related data - You can define these with SecureTrack zones, IP addresses and network objects
    • PCI Applications - Servers that have applications that handle PCI DSS-related data, such as a retail purchasing application
    • PCI Data - Servers that store PCI DSS-related data, such as a network storage device
    • PCI Web - Servers that host web sites that handle PCI DSS-related data, such as an online store
    • Wireless Networks - Networks that use wireless networking
  • Services - You can select from the list of predefined services, add services from your network devices or add custom services
    • PCI Service - Services that are used to transfer PCI DSS-related data between the networks and network components, such as https and PostgreSQL
    • PCI Risky Service - Services that are considered risky by the PCI DSS requirements, such as telnet and ftp

When you configure each of these components, a green check mark is shown next to the component name. For the tests to successfully run, all components must be configured.

To configure a SOX profile:

  1. Click New Profile and enter the profile preferences, including the profile name, the SOX profile type, and the alert notification settings.

    To access the profile preferences of an existing profile, select the profile and click .

    Select the alert notification settings for the profile:

    • Select Syslog to have syslogs sent to the syslog server configured in Notifications.
    • Select Mail to have emails sent to the SecureTrack users that you select in Users, and to the addresses that you enter in Email addresses.
    • Select the Alert severity for the alert notification for the profile.

    Profiles that have notifications configured are marked in the list of profiles.

    Click OK to save the profile configuration and continue to the profile configuration.

  2. Identify the network components for each section of the audit and click Add to include them in the SOX profile.
  3. Click Save.

The results are shown in Regulations.

To configure a PCI DSS profile:

  1. Click New Profile and enter the profile preferences, including the profile name, the PCI DSS profile type, and the alert notification settings.

    To access the profile preferences of an existing profile, select the profile and click .

    Select the alert notification settings for the profile:

    • Select Syslog to have syslogs sent to the syslog server configured in Notifications.
    • Select Mail to have emails sent to the SecureTrack users that you select in Users, and to the addresses that you enter in Email addresses.
    • Select the Alert severity for the alert notification for the profile.

    Profiles that have notifications configured are marked in the list of profiles.

    Click OK to save the profile configuration and continue to the profile configuration.

    To access the profile configuration of an existing profile, select the profile and click Edit.

  2. Identify the network components for each section of the audit and click Add to include them in the PCI DSS profile.
    • Target - Select each device that you want to audit for the profile.

      For Check Point devices, you can select a policy from the list of available policies or select Any to audit all policies on the device.

    • Networks - For the Internal and DMZ networks you can either select:
      • By Topology - SecureTrack uses the networks identified in topology as the networks for the audit.
      • Manual - You can manually specify zones, network objects from the devices, or IP address subnets or ranges as the networks for the audit.
    • Network components - You can manually specify zones, network objects from the devices, or IP address subnets or ranges as the networks for the audit.

      If you don't have any wireless networks, select Ignore so that the PCI DSS results state that there is no wireless networks.

    • Services - You can select from the list of predefined services, select objects from the network devices, or manually enter custom protocol and port information.
  3. Click Save.

The results are shown in in Regulations and you can see the critical violations in the Violations browser.

How Do I Get Here?

In SecureTrack, go to Settings > Configuration > Regulations