When a network needs repair, modification, expansion or upgrading, the administrator Network Configuration Management refers to the network configuration management database to determine the best course of action.
A main focus to consider when discussing network configuration management is Policy checking capabilities. There are three key policy checking capabilities which should not be ignored, and they are as follows
- Regulatory Compliance Policy
- Vendor Default Policy
- Security Access Policy
Regulatory compliance policy
The obvious one is regulatory compliance policy. If you have a network configuration system you should always implement a regular checking system to ensure consistency with design standards, processes and directives with internal and external regulators.
In the past people would use manual processes this is something that was time intensive, costly, inaccurate and more importantly, your business was at risk and open to potential attacks through not having the desired real-time visibility.
Now thanks to the infamous cloud this is all a thing of the past.
Vendor default policy
Vendor default policy is a best practice recommendation to scan the configurations of your infrastructure devices and to eradicate potential holes so that the risk can be mitigated. Furthermore so that the infrastructure security access is maintained to the highest possible levels.
Such holes may arise due to your configuration settings being overlooked. Sometimes a default username and passwords, or SNMP ‘public’ and ‘private’ community strings etc. are not removed, leaving a hole in your security for potential attacks.
Security Access Policy
Access to infrastructure devices are policed and controlled with the use of AAA (Authentication, Authorization, Accounting), TACACS+, RADIUS servers, and ACLs (Access Control Lists) so as to increase security access into device operating systems.
It is very important therefore that the configuration elements of infrastructure devices have the consistency across the managed estate. It is highly recommended to create security policies so that the configurations of security access can be policed for consistency and reported on if changed, or vital elements of the configuration are missing.
Thanks to NMSaaS for the article.