Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: enterprise security management

From: ant () notatla demon co uk (Antonomasia)
Date: Fri, 21 Feb 2003 09:51:16 +0000 (GMT)
From: SimonChan () lifeisgreat com sg


I have been recently tasked with another project that involves Enterprise
Security Managment.



The most imortant feature is policy enforcement, compliance checking and
monitoring.


You didn't tell us:
    what platforms
    roughly what policy to expect
    extent of your staff availability for maintainence


Does anyone have a comparison or reviews of any of the ESM products ?


When I tried Axent ESM 5.0 in 1999 I was not very impressed.  Anything that
forces me to view it through a Windoze console is likely to have that effect.

I started the security monitoring of hundreds of very insecure, very
disorganised Unix boxes using COPS104 (Perl version).  I got central
collection of results and over time have ported, improved and extended
it in many ways.  Development has been shaped by the results I saw.
You'd tend to think that COPS has fairly inclusive defaults and will tell
you most of what you want but there's nothing too stupid to check for
specifically.  I recommend this as a way of getting the checks that you
want in a form where you can search for all the hosts with a given property
or for relationships between hosts.

I get to see every month the diffs between the current outputs and the
previous ones for each host (what a fun day).  That shows me the new network
services, user accounts, setuid programs etc - and what has been fixed.

I've got a consistent (but arbitrary) scoring scheme so I can look at
"worst fault per host" or the ranking of all hosts so I can direct attention
to the worst ones.  A limited amount of stuff (mostly filemodes) gets
automatic fixes.

I'm unsure how this relates to firewalls (except that I'm eventually going
to have to get results delivered through them, almost certainly with SSH).

-- 
##############################################################
# Antonomasia   ant notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: