When you hear the phrase ”Information Security,” the first thing that comes to mind to most people are topics like access control, application hardening and policy enforcement. While these are all valid areas that need consideration, there’s one element that remains that is not necessarily captured by those areas – the human element.
Maintaining a secure infrastructure isn’t just about making technology choices and defining policies; it’s also about maintaining the underlying architecture for which you have designed your environment around.
Configuration changes in an environment don’t happen by themselves; they happen as a result of the human element, which brings us to the topic of conversation – Configuration Management.
Monitoring the configuration state of your environment is critical to making sure that your design architecture is being adhered to, and it is a tremendous part of keeping your network secure. If you aren’t tracking changes to your devices, all of a sudden firewall changes can go unnoticed, access controls can be bypassed, and security flaws can be exposed.
This is why it’s of critical importance that you know what changes are being made, when they are being made, and who is making them.
The first step in configuration management is developing a methodology to monitor the state of your devices and understand when changes have occurred. By archiving baseline configuration data, you can define a ‘normal’ state, and when deviations from this state occur, you move into the next step – tracking the changes that were made – and then the third step – understanding who made them.
You can even take this further and talk about change control processes and approval (were these changes approved?), but I’ll save that conversation for another time.
So now that we’ve talked about the strategy for configuration management, lets talk about the ‘how to get the job done’. There are a lot of tools at our disposal, scripting languages, automated jobs, SNMP, SSH, syslog, and a myriad of other technologies.
It’s not important what tools you choose or what process you employ; what matters is that you come up with a strategy that works for you, that you test it and that you execute it regularly.
Detect that changes have been made, determine if they should have been made, and update your ‘new norm’ – your baseline configuration, if you will. Lather, rinse and repeat. But don’t take my word for it – and you don’t have to follow my exact strategy or implementation approach, but use this as food for thought on rolling your own configuration management solution.
In my personal experience I have run into the dilemma of the ‘unknown’ when it comes to my network devices. To combat this, I built a custom solution that has worked for my situation.
Join my talk at BSides Winnipeg on Sunday, November 15th at 1700 – 1730, at the Kings Head, where I will walk you through how I dealt with configuration management.
My presentation is to inspire you and to provoke thought on how to look at configuration management in a different light.
About the Author: Zoë Rose works on securing and maintaining networks in her daytime. She is a guardian of ferrets and the interwebz in her spare time, as well she takes a deep interest into Infosec. She has a degree in Information Technology, specialized in Network Management, and continues to expand her knowledge one packet at a time.”
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock