[145433] in North American Network Operators' Group
Re: Config files?
daemon@ATHENA.MIT.EDU (isabel dias)
Sat Oct 8 09:14:18 2011
Date: Sat, 8 Oct 2011 06:12:41 -0700 (PDT)
From: isabel dias <isabeldias1@yahoo.com>
To: David Swafford <david@davidswafford.com>,
"Green, Timothy" <Timothy.Green@mantech.com>
In-Reply-To: <CAA8=vb7OuUawQE=AiOB1qDjzta=EK7EeuL=DFr5psNey36Gt-A@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Reply-To: isabel dias <isabeldias1@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Tim, How long have you been on that position? IT Security Manager =0A=A0=
=0Aare you self-employed or running your own limited company?=0A=A0=0Awhat =
areas of knowledge are you mostly interested in? where about are you based?=
what do you think the role of an IT Security Manager is about?=0A=A0=0A=A0=
=0A=A0=0A=0AFrom: David Swafford <david@davidswafford.com>=0ATo: "Green, Ti=
mothy" <Timothy.Green@mantech.com>=0ACc: NANOG <nanog@nanog.org>=0ASent: Sa=
turday, October 8, 2011 12:56 PM=0ASubject: Re: Config files?=0A=0AHey Tim,=
=0A=0AWe recently bought the NCM tool by SolarWinds as well.=A0 We've had i=
t=0Afor two months, and I personally am quite happy with it.=A0 We had=0ACi=
sco's CiscoWorks product for the last 5-6 years but ditched it=0Abecause of=
it never quite works consistently.=A0 The thing to be aware=0Aof for confi=
g auditing, like with NCM's reports, is that in some=0Aenvironments config =
is ALWAYS changing.=A0 I'm in a small enterprise=0Asetup with a very dynami=
c datacenter and it is not abnormal to have a=0Afew hundred changes across =
a week with the number of server=0Amoves/rebuilds/expansions going on in ou=
r place.=A0 So in our case, we=0Aare primarily using NCM for pushing config=
s, and using the alerting of=0Achanges mostly to do spot checks on the fell=
ow team-members.=A0 Since=0Athere are so many changes, it is nice to have v=
isibility to make sure=0Athat appropriate standards are being met.=0A=0ADav=
id.=0A=0A=0AOn Wed, Oct 5, 2011 at 3:16 PM, Green, Timothy=0A<Timothy.Green=
@mantech.com> wrote:=0A> Hey all!=0A>=0A>=0A>=0A> I'm a IT Security Manager=
(policy creation) that has been lurking on NANOG for about 3 years. =A0I h=
ave some experience in networking but nothing like what is mostly talked ab=
out on here. =A0I just love the talks you experts have and researching the =
tools you all mention. =A0I was having a tough time yesterday explaining to=
one of my nosey co-workers why I had the word Octopussy on my screen yeste=
rday!=0A>=0A>=0A>=0A> I'm trying to put a baseline policy together for all =
my network equipment and I have a few questions:=0A>=0A>=0A>=0A> 1. =A0Shou=
ld config files be consistent? By this I mean; does the STIG apply its base=
line to the config files or elsewhere?=0A>=0A> 2. =A0Are config file change=
alerts necessary for the security of network equipment? =A0We have just pu=
rchased the SolarWinds suite.=0A>=0A> 3. =A0Should we obfuscate our Private=
addresses on our Network Diagram? =A0What is the common practice?=0A>=0A> =
4. =A0How can I get a grip on my ACLs or is it even possible? =A0How do you=
all maintain them without going insane!=0A>=0A>=0A>=0A> If this isn't the =
correct forum for this "low level" stuff I understand; just guide me in the=
right direction.=0A>=0A>=0A>=0A> Thanks in advance!=0A>=0A>=0A>=0A> TG=0A>
