[145346] in North American Network Operators' Group
Config files?
daemon@ATHENA.MIT.EDU (Green, Timothy)
Wed Oct 5 15:16:15 2011
From: "Green, Timothy" <Timothy.Green@ManTech.com>
To: NANOG <nanog@nanog.org>
Date: Wed, 5 Oct 2011 15:16:02 -0400
In-Reply-To: <CAKtE3zeC35qfrbMH=YyMMt7y0rsvq4vmU1hzsCXGEe3avWgJyA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hey all!
I'm a IT Security Manager (policy creation) that has been lurking on NANOG =
for about 3 years. I have some experience in networking but nothing like w=
hat is mostly talked about on here. I just love the talks you experts have=
and researching the tools you all mention. I was having a tough time yest=
erday explaining to one of my nosey co-workers why I had the word Octopussy=
on my screen yesterday!
I'm trying to put a baseline policy together for all my network equipment a=
nd I have a few questions:
1. Should config files be consistent? By this I mean; does the STIG apply =
its baseline to the config files or elsewhere?
2. Are config file change alerts necessary for the security of network equ=
ipment? We have just purchased the SolarWinds suite.
3. Should we obfuscate our Private addresses on our Network Diagram? What=
is the common practice?
4. How can I get a grip on my ACLs or is it even possible? How do you all=
maintain them without going insane!
If this isn't the correct forum for this "low level" stuff I understand; ju=
st guide me in the right direction.
Thanks in advance!
TG
