Config files?

isabel dias isabeldias1 at yahoo.com
Sat Oct 8 08:12:41 CDT 2011


Hi Tim, How long have you been on that position? IT Security Manager 
 
are you self-employed or running your own limited company?
 
what areas of knowledge are you mostly interested in? where about are you based? what do you think the role of an IT Security Manager is about?
 
 
 

From: David Swafford <david at davidswafford.com>
To: "Green, Timothy" <Timothy.Green at mantech.com>
Cc: NANOG <nanog at nanog.org>
Sent: Saturday, October 8, 2011 12:56 PM
Subject: Re: Config files?

Hey Tim,

We recently bought the NCM tool by SolarWinds as well.  We've had it
for two months, and I personally am quite happy with it.  We had
Cisco's CiscoWorks product for the last 5-6 years but ditched it
because of it never quite works consistently.  The thing to be aware
of for config auditing, like with NCM's reports, is that in some
environments config is ALWAYS changing.  I'm in a small enterprise
setup with a very dynamic datacenter and it is not abnormal to have a
few hundred changes across a week with the number of server
moves/rebuilds/expansions going on in our place.  So in our case, we
are primarily using NCM for pushing configs, and using the alerting of
changes mostly to do spot checks on the fellow team-members.  Since
there are so many changes, it is nice to have visibility to make sure
that appropriate standards are being met.

David.


On Wed, Oct 5, 2011 at 3:16 PM, Green, Timothy
<Timothy.Green at mantech.com> wrote:
> Hey all!
>
>
>
> I'm a IT Security Manager (policy creation) that has been lurking on NANOG for about 3 years.  I have some experience in networking but nothing like what is mostly talked about on here.  I just love the talks you experts have and researching the tools you all mention.  I was having a tough time yesterday explaining to one of my nosey co-workers why I had the word Octopussy on my screen yesterday!
>
>
>
> I'm trying to put a baseline policy together for all my network equipment and I have a few questions:
>
>
>
> 1.  Should config files be consistent? By this I mean; does the STIG apply its baseline to the config files or elsewhere?
>
> 2.  Are config file change alerts necessary for the security of network equipment?  We have just purchased the SolarWinds suite.
>
> 3.  Should we obfuscate our Private addresses on our Network Diagram?  What is the common practice?
>
> 4.  How can I get a grip on my ACLs or is it even possible?  How do you all maintain them without going insane!
>
>
>
> If this isn't the correct forum for this "low level" stuff I understand; just guide me in the right direction.
>
>
>
> Thanks in advance!
>
>
>
> TG
>


More information about the NANOG mailing list