The reporting capabilities of ProCurve Manager (PCM), Identity-Driven Manager (IDM) and Network Immunity Manager (NIM) can be of great help in achieving compliance with governmental regulations and reporting requirements. This document describes how to set up features of this software to generate reports for auditing and regulatory compliance.

» Return to top

This application note assumes you have a Windows Server 2003 installed, along with PCM, IDM and NIM. Examples are based on a configuration using a ProCurve Switch 5400zl and a ProCurve Switch 3500yl.

» Return to top

Figure 1. Network diagram used for generating reports in these examples

This sections consists of step-by-step instructions for generating useful reports

4.1 Customize the report header

You can customize the report header information that will appear on all reports. For example, you might wish to add the name and address of your company. To customize the report header:

• In ProCurve Manager, go to Tools > Preferences > Global > Reports. You see the Global: Reports panel where you can customize the Report Header Information. This header information will appear on all reports:
  
  
  For example:

» Return to top

4.2 Create a report on the change history for a device’s credentials
You can easily create a report documenting the change history for access credentials such as login names and passwords. The access credentials include SNMP community names (read and write and SNMPv3 credentials, if specified), and Telnet manager and operator usernames and passwords. This report can be on a per-device basis. The following example illustrates how to create the report.

» Return to top

4.2.1 To generate the initial report:

1. Connect the Windows 2003/PCM server to port A2 on the ProCurve Switch 5400.
2. Open Reports > Security > Credential Change History:
   
   
   This launches the Report Wizard.
3. In the Report Wizard’s Select Device Group window, choose the group Interconnect Devices: 4.
   
4. In the Change Selection Criteria window, leave the selection criteria at the default setting: passwords that have changed in the last 90 days:
   
5. Click Finish to generate the report. You see for each password or community name the date and time of last change:
   

» Return to top

4.2.2 To change CLI credentials:

To use PCM to change CLI credentials for the ProCurve Switch 5400:

1. Highlight the 5400 (10.1.1.1) in the Devices List, then select the Communication Parameters in Device icon from the Device Manager menu to launch the wizard for configuring communication parameters in the device. PCM checks whether CLI and SNMP passwords are enabled, a process that it takes about 15 seconds:
   
   
2. In the wizard, choose CLI Settings to be configured on the device:
   
3. At the next screen, choose Telnet for the CLI Mode to be enabled on the device:
   
4. In the User Credentials Configuration window, ensure the Mgr Username is set to admin, and the Opr Username is set to operator. Then set the passwords for these users to hp:
5. Review the configuration summary:
6. Finally, check the Result window and note that the new CLI parameters have been applied with success:
   
7. Now generate the report again. You see that manager and operator credentials for device 10.1.1.1 have changed:

» Return to top

4.3 Create a report on device access security
The Device Access Configuration Report shows the security settings for a device or a list of devices. It shows type of access (SSH, Console, Telnet), type of authentication (Radius, TACACs, Local), and the number of ports locked and running a secure protocol (Web-auth, MAC-auth, 802.1X). For example:

» Return to top

4.4 Create a device access password audit report
This audit and report enable the administrator to ensure that the passwords and community names configured on network equipment are adequately secure—that is, that they are at least the minimum length and contain at least the specified number of lowercase characters, uppercase characters, numbers, and special characters.

To create a device access password audit report:

1. Connect the server to port A2 on the 5400.
2. Open Reports > Security > Device Access Password Audit: This launches
   
   
   This launches the Report Wizard.
3. In the Report Wizard’s Device Access Password Audit window, for Group, choose Interconnect Devices:
   
4. Then specify the Password Policy. Enter a Minimum Length, a Maximum Length, and the number of Lowercase letters:
   
5. Choose the fields to verify: here, CLI Operator Password and CLI Manager Password:
   
6. Click on Finish to generate the report:

7. Now modify the passwords on the switch using the Communication Parameters in PCM wizard: Highlight the switch in the Devices List, then select the Communication Parameters in PCM icon and change the passwords so their parameters are compliant.
8. Generate the report again. This time the passwords are in compliance with the rules:
   

» Return to top

4.5 Create a report of IDM user session history
The IDM Session History Report shows information about the sessions of authenticated users. To generate an IDM user session history:

1. Open Reports > IDM > Session History Report:
   
   
   This launches the Report Wizard.
2. On the Report Filter window, choose Show Most Recently Started Sessions only, and All Dates:
   
3. Choose the columns that you want to see in the reports: for example, Radius Server IP, MAC Address, Device Port, Location, Device, VLAN, Endpoint Integrity and ACL:
   
4. Click Finish to generate the report. It gives you detailed info about a user session, including:
• Start and end time, duration
• User location (device, port) and VLAN
• Input and output bytes, which can be useful for billing purposes
• MAC address of the client, and the endpoint integrity state

» Return to top

4.6 Confirm network immunity with a report on actions by policy name
The Actions by Policy Name report shows the results of network actions taken to enforce policies. It gives an indication of your network’s immunity.

To generate the report:

1. Open Reports > Security > Actions by Policy Name:
   
   
   This launches the Report Wizard.
2. In the Actions by Policy name window, choose the Policy for which you want to generate the report, for example, MAC lockout:
   
3. Click Finish to view the results. You see the different actions associated with each application of the policy, the device on which they occurred, their status, and whether the policy was rolled back:

» Return to top

4.7 Confirm network immunity with reports on offenders
There are two types of reports about offenders in Reports > Security:

• Alerts by Device and Offender: Shows for each switch the list of offenders, classified by the number of alerts they generated. For example:

• Most Active Offenders and Security Alerts by Severity: This gives you a list of offenders, showing their IP and MAC addresses and Usernames. This report gives you the ability to correlate information from IDM and NIM. For example:

» Return to top

This concludes the procedures for using ProCurve Manager, Identity-Driven Manager, and Network Immunity Manager to generate reports on ProCurve switches.

For further information about how to configure ProCurve switches to support security, please refer to the following links:

• For user manuals for ProCurve 3500yl-5400zl-8212zl switches:
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=3500-6200-5400-ChapterFiles
• For PCM+, IDM, and NIM manuals:
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=ProCurve-Manager
  http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=IDM
http://h40060.www4.hp.com/procurve/includes/manuals/index.php?cc=uk&lc=en&content=NIM

» Return to top