The Essentials Series: Security Management Tactics for the Network Administrator

by Mike Danseglio


Today's IT budget is tight. Determining how to meet growing demands for IT services and features while controlling spending is challenging. Interestingly, many organizations have widely deployed tools that can be used for more than one purpose. The administrators and technologists often have the tools at their fingertips to deliver on demands while keeping budgets flat and minimizing their own efforts.

Your own organization's IT assets may fit in this category today, especially if you have an effective network management infrastructure in place. In The Essentials Series:  Security Management Tactics for the Network Administrator you will learn about the similarities between effective network and security management. You'll see that many network monitoring and management tools, including event log management and event analysis tools, can be used very effectively for both security and management tasks. What you learn might just enable you to provide amazing network security and management functions today.


Article 1: Using Network Maps and Inventories for Security Compliance

Most administrators, and in fact most folks in the IT field, are familiar with an asset inventory. Whether it takes the form of a router-generated network map, a network sniffer tool, a physical count of systems in an enterprise, or any other method (and there are hundreds!) this information is the bread and butter of the IT department. Virtually every IT function flows from an inventory at some level: budgeting, system maintenance, software and hardware upgrades, and so on.

Assets can be hard to locate in today's infrastructure. For example, a single physical computer system running virtual hosting software might host a dozen virtual operating systems, all of which run part-time depending on network and user demand. And though most organizations running complex IT infrastructures usually implement highly proficient performance monitoring tools to manage these assets, they often use very basic security tools in the same space.

So why not use the data from performance monitoring tools for security? You may well want to after you read this article.

Article 2: Controlling and Managing Security with Performance Tools

There are as many facets of computer security as there are attackers trying to get through your firewall today. And that's a lot. Each system that you're responsible for needs to be protected, both individually and as part of the whole. For example, to comply with many government and industry regulations, you can't just lock down the network perimeter or the desktop computer. Holistic systems to implement, manage, and monitor the system security and configuration must be put in place and then regularly audited with the collection, storage, and analysis of system logs. Records must also be kept and regularly reviewed that track changes to systems to ensure continuous compliance with corporate and industry policy.

While this sounds like a daunting task, it doesn't have to be. Many options exist in today's IT landscape that can meet these needs. In fact, these tools are often already in place to provide performance management and monitoring. They just need to be tapped for a new function. This article shows features of these management tools that can be repurposed to provide additional functionality with no additional overhead or expenditure.

Article 3: Using Network Management Tools to Identify a Network Attack

Is someone watching your network? The days of the third-shift mainframe operator sitting at a VT100 terminal all night waiting for an SNMP trap that indicates a possible intrusion are long gone. He was just too expensive (and kept falling asleep). This function has been replaced by automated systems that watch every part of your infrastructure and gather detailed information that is processed, either on-demand or in real time, to determine whether issues exist. Often these systems not only detect the issues but remediate them as well as notifying the administrator.

If you have a network management system in place you probably have this capability. That's because the data that's gathered is very similar. All you need to do is use it for a new purpose. In this article you'll see that network performance and management data can usually be viewed from a security perspective to analyze, detect, remediate, and provide evidence of security issues.