Network Management Tools (NMTs) are key for medium to enterprise network management. Without a centralized management suite, network administration becomes the Wild West. Network Management at first glance may not seem like a security topic however proper management reduces risk, which improves security. Its important to leverage NMTs to maintain policy by enforcing network management through a complete audit trail, standardize device software and configuration, automate changes and prevent failure with continuous backup.
The first step in reducing vulnerabilities is identifying what technologies contain sensitive data and enforcing Role Base Access Control to that data. Role based access control monitors individual administrators by user identity rather than a general administrator account accessed by all users. Best practice for role base access control for Network Management Tools is customizing user environments around access rights. For example, if there are two regions with separate managers, each region’s administrator should only have access to their region’s data. Configuration rights should match user roles meaning an analyst shouldn’t be able to make policy changes unless authorized by a network administrator.
Hackers thrive on vulnerabilities caused by poor network management practices. In many cases, network vulnerabilities are caused by human error or lack of enforcing network policy. Network Management Tools standardize all equipment on approved software as well as maintain critical updates. This includes identifying and updating new devices to ensure standardization is met. Configuration templates can be enforced so misconfigurations aka “fat fingering” commands won’t impact the network (for example configure the wrong default gateway). “Network Cowboys” can be tamed by quarantining configuration changes as pending until approved by a proper authority.
Automating tasks can save you tons of man-hours and avoid misconfigurations. Tedious exercises such as updating ACLs, VLANs or other configurations can be push to all associated devices using workflows that follow approved maintenance windows. NMTs configuration automation features are extremely important for deploying heavy configuration technology such as 802.1x, which typically requires multiple revisions during deployments. If a configuration vulnerability is discovered on one devices (examples could be permitting telnet or finger command), Network Management Tools can automate verifying the rest of the network for similar problems.
The worst thing in the network management world is having the network go down. A critical feature offered by Network Management Tools is automatically backing up configurations of all devices. Administrators can revert the network back to a stable state and audit all changes made to identify where the failure occurred. Some NMTs perform modeling functions, which predict impact of changes prior to applying commands to avoid future problems.
Network Management Tools have many other useful features such as network diagraming (layer 2, layer3, only certain devices, etc.), monitoring / troubleshooting and policy audits for common government and commercial security standards such as PCI, HIPPA, FISMA, etc. Features and device support may vary based on vendor. Regardless of which vendor you choose, consider the features covered in this blog and focus on man-hours saved for justifying the request to purchase a solution for your network.