Automating Network Compliance and Security

The Shortcut Guide to Automating Network Management and Compliance By, Don Jones eBook; Free of charge Realtimepublishers

In the end, nearly every action that happens or doesn't happen to your network can affect your state of compliance. Making a small, improper change to a Simple Network Management Protocol (SNMP) ACL in a router, for example, can result in unauthorized, unaudited data access. Failing to apply a patch can result in the same outcome. A network in stasis—that is, one that doesn't receive the latest patches and secure configuration changes—is sure to be a compliance problem eventually; conversely, a network in flux—one in which configuration changes are being made—is just as susceptible to becoming a security vulnerability. You can afford to neither leave the network nor make changes. Manually, that is: manual change of any kind is what ultimately leads to errors, inconsistencies, poor practices, and oversights—all of which lead to compliance and security problems.

More Information Want more from The Shortcut Guide to Automating Network Management and Compliance? Read the rest of the Chapter 2 excerpt. From Sarbanes-Oxley to patch management processes, our Information Security Bookshelf has the resources you need to troubleshoot your most technical problems.

Sometimes the path to non-compliance can be circuitous: Suppose an administrator deploys a new device and fails to change the configuration template's SNMP community string settings. Because the template might be accessible to a broader range of people (after all, it's just a text file with no special security significant in and of itself), that default SNMP community string might be well-known. That information can be used to reconfigure portions of the new device, thus compromising the device. Once compromised, the device can become a gateway for bleeding data off the network unnoticed or for introducing malicious software into the network. A seemingly innocent mistake—simply failing to change a text string consisting of a dozen characters or so—could result in an entire organization accidentally disclosing sensitive data with no accountability—a double hit on compliance.

The key, then, is to remove the manual configuration and administration from the loop. Your organization probably has, or is at least developing, business processes designed to ensure that changes don't create problems, and that the network is properly administered. Automating and enforcing that process is the way to a secure, compliant network.

How Automation Affects Security and Compliance

Automation is a concept that many IT managers and senior administrators hear constantly but don't always appreciate. They often think they know what automation is—scripts, written by administrators, to help make configuring multiple devices easier. That is certainly one form of automation, but frankly, it's the least-useful form. Although scripts are certainly better than manually typing configuration settings into devices, they still present many of the same problems as fully manual network management. If you must run the script manually, the process is still manual. True automation, however, goes far beyond mere scripts. And it's not just a marketing term invented by the companies who offer automation solutions; automation offers true business benefits that have a marked, positive impact on security and compliance.

How Automation Improves Daily Administration

Automation—that is, fully automated network configuration management solutions—can improve day-to-day network administration in a number of ways. Specific to security and compliance, automation can:

• Help ensure that no changes are made that violate specific compliance-sensitive portions of the network.
• Help ensure that changes are made consistently across devices, improving security.
• Help ensure that changes are made only when approved by a business process (which may include elements such as peer review), reducing errors that can compromise security or compliance.
• Help ensure that multiple changes to a device don't conflict by queuing changes and notifying change developers if the device's starting configuration is no longer the same as when a change was originally developed.
• Enable rapid deployment of changes to network devices.
• Allow illustration of ineffective or dangerous security changes before they are implemented.

Interested in learning other ways automation can benefit your organization? Read the rest of the excerpt here.

BROWSE BY TAG Enterprise Data Protection,   Enterprise Data Governance,   Application and Platform Security,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Data Governance Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Compliance in the cloud How to write technology outsourcing contracts Vulnerability Risk Assessment Screencast: How to launch an OpenVAS scan Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Newest malware threats Are Web application penetration tests still important? PCI compliance requirement 6: Systems and applications Cybercrime and threat management McAfee to acquire Solidcore Systems for whitelisting Vulnerability Risk Assessment Research Information Security Policies, Procedures and Guidelines Essential guide: Pandemic planning for H1N1 Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Should enterprises be concerned with Twitter in the workplace? Information security management hype: Debunking best practices Data breach avoidance begins with security basics, panel says Expert: Information security spending often restricts innovation GAO report cites government weaknesses, data leakage

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data masking  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary