RE: Managing installed Agents

[Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>]

I agree. I would just add that you may want to ensure what you're really wanting to monitor/execute. There are some 
tasks for security or maintenance that can be done without agents, so make sure you need an agent and that's the only 
way you get the desired functionality.

I tend to recommend not to install agents on critical servers unless you need to, because sometimes IT guys put all the 
effort on protecting CI and they overlook the A. Also, a secure network deployment may help in avoiding some agents, it 
depends on the architecture.

If the agent is needed, another thing you will look for in addition to what Mark states, is how the agent behaves 
during a crash or during mayor updates on dependencies or on the agent itself.

Regards.


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Eggleston, Mark
Enviado el: jueves, 06 de enero de 2011 10:26 a.m.
Para: hellkyng () gmail com
CC: security-basics () securityfocus com
Asunto: RE: Managing installed Agents

Hi Helly,

I don't believe there is a magic bullet here, but I do understand your
predicament.  May want to ensure only minimal services/agents are
installed in your security practice so choose carefully what is
absolutely needed.  A couple other suggestions so your team will know
what to expect:
- Get vendor to confirm in writing the maximum CPU/Memory the agent is
expected to consume and hold them accountable; 
- Get vendor to confirm past frequency of updates on the agent and hold
them accountable;
- Preferably only install those agents which log their activity and stop
automatically once a configurable threshold is exceeded; 
- Ensure who is responsible to install/update the agents via your change
management process to ensure buy-in from your colleagues; and
- Treat your Network Admins to lunch as they may not be happy <grin>.

Hope this helps,

Mark Eggleston, CISSP, GSEC, CHPS
Manager, Security and Business Continuity 




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of John Morrison
Sent: Wednesday, January 05, 2011 3:25 PM
To: hellkyng () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Managing installed Agents

Helly,

Would a suite approach help? For example, McAfee uses a single
management console (ePO), a single agent (and a less functional
agent-less), and the ability to push the agent.

On 3 January 2011 18:01,  <hellkyng () gmail com> wrote:
> I was hoping to get guidance from the pros on how they are managing
agents installed on servers etc.
> It seems like a lot of security products I evaluate today require an
agent to be installed on any machine to be monitored (Such as file
integrity monitoring or configuration control etc). Given the work
involved in installing and maintaining these agents it typically makes
the server admins groan.
> How are you managing the increasing number of agents required by
security products?
> Thanks,
> Helly
This message, together with any attachments, is intended only for
the use of the individual or entity to which it is addressed. It
may contain information that is confidential and prohibited from
disclosure. If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this message or any
attachment is strictly prohibited. If you have received this
message in error, please notify the original sender immediately by
telephone or by return e-mail and delete this message along with
any attachments, from your computer.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------