[145432] in North American Network Operators' Group
Re: Config files?
daemon@ATHENA.MIT.EDU (David Swafford)
Sat Oct 8 07:58:05 2011
In-Reply-To: <DD17DCA4DBB14A44870126211203BE9D022C04C74F2C@CHNMICMBX02.ManTech.com>
Date: Sat, 8 Oct 2011 07:56:26 -0400
From: David Swafford <david@davidswafford.com>
To: "Green, Timothy" <Timothy.Green@mantech.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hey Tim,
We recently bought the NCM tool by SolarWinds as well. We've had it
for two months, and I personally am quite happy with it. We had
Cisco's CiscoWorks product for the last 5-6 years but ditched it
because of it never quite works consistently. The thing to be aware
of for config auditing, like with NCM's reports, is that in some
environments config is ALWAYS changing. I'm in a small enterprise
setup with a very dynamic datacenter and it is not abnormal to have a
few hundred changes across a week with the number of server
moves/rebuilds/expansions going on in our place. So in our case, we
are primarily using NCM for pushing configs, and using the alerting of
changes mostly to do spot checks on the fellow team-members. Since
there are so many changes, it is nice to have visibility to make sure
that appropriate standards are being met.
David.
On Wed, Oct 5, 2011 at 3:16 PM, Green, Timothy
<Timothy.Green@mantech.com> wrote:
> Hey all!
>
>
>
> I'm a IT Security Manager (policy creation) that has been lurking on NANO=
G for about 3 years. =A0I have some experience in networking but nothing li=
ke what is mostly talked about on here. =A0I just love the talks you expert=
s have and researching the tools you all mention. =A0I was having a tough t=
ime yesterday explaining to one of my nosey co-workers why I had the word O=
ctopussy on my screen yesterday!
>
>
>
> I'm trying to put a baseline policy together for all my network equipment=
and I have a few questions:
>
>
>
> 1. =A0Should config files be consistent? By this I mean; does the STIG ap=
ply its baseline to the config files or elsewhere?
>
> 2. =A0Are config file change alerts necessary for the security of network=
equipment? =A0We have just purchased the SolarWinds suite.
>
> 3. =A0Should we obfuscate our Private addresses on our Network Diagram? =
=A0What is the common practice?
>
> 4. =A0How can I get a grip on my ACLs or is it even possible? =A0How do y=
ou all maintain them without going insane!
>
>
>
> If this isn't the correct forum for this "low level" stuff I understand; =
just guide me in the right direction.
>
>
>
> Thanks in advance!
>
>
>
> TG
>
