This week we will be talking about Border defense in networks. Lately I have heard some negative press on this topic. Not because people are opposed to border defense, but because many IT people over emphasize this aspect of network security. While I tend to agree that border defense is important, I would like to point out that it is not a total defensive strategy in and of itself. If you remember back in week one we talked about hardware inventory. This is going to come into play heavily this week.
Ok, so how do we define our border? In general I would state that it is the end of possible total control in our LAN networks. Most often this is characterized by a firewall, router, or both. Let's say we feel pretty good about our network and router configs. We reviewed them thoroughly because of Week 4. So the next question we have to ask is who is changing them. SANS recommends and I agree that logs of this type of information must be kept. Those logs should be e-mailed to whoever is responsible for security within an organization.
So what type of tools can do this? NIST recommends a Linux distribution called Security Onion. I have also seen this done with Splunk. Providing you are capturing logs, it's not too much effort to determine who is logging into a system. Those logs could be sent out daily, or weekly. In the end I see this week's topic as a matter of two things. 1. IS change management, while 2. Is maintaining control over access.
No comments:
Post a Comment