Communication Between The Server And The Database; Communication Between The Collector Managers And Event Sources; Communication With Web Browsers; Communication Between The Database And Other Clients - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

ESM knows to use SSL by reading the following information in
:
configuration.xml
<strategy active="yes" id="proxied_client"
location="com.esecurity.common.communication.strategy.proxystrategy.ProxiedCl
ientStrategyFactory">
<transport type="ssl">
<ssl host="164.99.18.132" port="10013" keystore="./novell/sentinel/
.proxyClientKeystore" />
</transport>
</strategy>

2.1.3 Communication between the Server and the Database

The protocol used for communication between the server and the database is defined by a JDBC*
driver.
Sentinel Log Manager uses the PostgreSQL* driver (
connect to the PostgreSQL database, which is a Java (Type IV) implementation. This driver supports
encryption for data communication. To download the driver, refer to the
Page (http://jdbc.postgresql.org/download.html). To configure the encryption, refer to
Encryption Options (http://www.postgresql.org/docs/8.1/static/encryption-options.html).
NOTE: Turning encryption on has a negative impact on the performance of the system. Therefore,
this security concern needs to be weighed against your performance needs. The database
communication is not encrypted by default for this reason. Lack of encryption is not a major concern
because communication with the database occurs over the localhost network interface.
2.1.4 Communication between the Collector Managers and
Event Sources
You can configure Sentinel Log Manager to securely collect data from various event sources.
However, secured data collection is determined by the specific protocols supported with the event
source. For example, the Check Point LEA, Syslog, and Audit Connectors can be configured to
encrypt their communication with event sources.
For more information on the possible security features that can be enabled, refer to the Connector
and Event source vendor documentation.

2.1.5 Communication with Web Browsers

The Web server is by default configured to communicate via HTTPS. For more information, see the
Tomcat documentation (http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html).

2.1.6 Communication between the Database and Other Clients

You can configure the PostgreSQL SIEM database to allow connections from any client machine
that uses pgAdmin or another third-party application.
To allow pgAdmin to connect from any client machine, add the following line in the
Install_Dirirectory/3rdparty/postgresql/data/pg_hba.conf
Install_Directory/config/
postgresql-version.jdbc3.jar
PostgreSQL Download
file:
Security Considerations for Sentinel Log Manager
) to
PostgreSQL
15