Firewall Wizards mailing list archives
Re: enterprise security management
From: ant () notatla demon co uk (Antonomasia)
Date: Fri, 21 Feb 2003 09:51:16 +0000 (GMT)
From: SimonChan () lifeisgreat com sg
I have been recently tasked with another project that involves Enterprise Security Managment.
The most imortant feature is policy enforcement, compliance checking and monitoring.
You didn't tell us: what platforms roughly what policy to expect extent of your staff availability for maintainence
Does anyone have a comparison or reviews of any of the ESM products ?
When I tried Axent ESM 5.0 in 1999 I was not very impressed. Anything that forces me to view it through a Windoze console is likely to have that effect. I started the security monitoring of hundreds of very insecure, very disorganised Unix boxes using COPS104 (Perl version). I got central collection of results and over time have ported, improved and extended it in many ways. Development has been shaped by the results I saw. You'd tend to think that COPS has fairly inclusive defaults and will tell you most of what you want but there's nothing too stupid to check for specifically. I recommend this as a way of getting the checks that you want in a form where you can search for all the hosts with a given property or for relationships between hosts. I get to see every month the diffs between the current outputs and the previous ones for each host (what a fun day). That shows me the new network services, user accounts, setuid programs etc - and what has been fixed. I've got a consistent (but arbitrary) scoring scheme so I can look at "worst fault per host" or the ranking of all hosts so I can direct attention to the worst ones. A limited amount of stuff (mostly filemodes) gets automatic fixes. I'm unsure how this relates to firewalls (except that I'm eventually going to have to get results delivered through them, almost certainly with SSH). -- ############################################################## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ############################################################## _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- enterprise security management SimonChan (Feb 20)
- Re: enterprise security management Anton A. Chuvakin (Feb 21)
- <Possible follow-ups>
- Re: enterprise security management Antonomasia (Feb 21)