Security Basics mailing list archives
Re: Logical access controle to network segments and boxes
From: Tim Syratt <tims () syratt com>
Date: Fri, 12 Sep 2003 07:54:28 +1000 (EST)
Neb, Do a google search and have a good read... thats how I put together my last CIRP.. (Which was 3 years ago, but I've since left that company) learn from those who already have similar plans in action, chances are they've learned from someone else who's learned from their mistakes :-) HTH T. On Thu, 11 Sep 2003, MeaCulpa wrote:
Hi all, We are currently setting up a security management system (or, what needs to become one anyways). Now I need to produce a document (by tomorrow, I do love the timely way my corp uses) which describes the "logical access control to other segments". I don't mind thinking this up, but I am more a techie guy then a management guy, so this is a little tought for me : ) I was thinking the following: I limit the scope to accessing the firewalls, switches, routers, management tools and so on and will focus on an admin account per admin. Preferable I want to limit access to firewalls, ids, switch and router components to those admins who are either trained or skilled enough to know what they are doing. I want to use AAA where possible and local accounts where needed. As a backup I also want a (on a need to know basis) local account on routers and switches with an extremely hard password (auditing needed!), which should only be used when the AAA box isn't available and access is needed. Managing these accounts will not take place in the dept. where this document is to be used. Reporting on usage of these accounts is an issue, since central logging is not in place, so I want central loggin implemented, otherwise reporting is almost undoable (I mean, Firewalls are centrally logged, IDS is elsewhere logged and there are over 60 other components with logging which ALL log locally only....) And finally it might be an idea to introduce a readonly acocunt which can be used when I need to train people on reading and analysing logfiles. But this is not really necessary. However, I feel I am missing a few items but I just can't figure out what I am missing... Anyone any ideas, thoughs, remarks? TIA nebula --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- arpwatch zidan (Sep 10)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch John T. Hollyoak (Sep 11)
- RE: arpwatch ted koenig (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch John T. Hollyoak (Sep 11)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- <Possible follow-ups>
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
- Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
- RE: arpwatch David Gillett (Sep 15)