Config files?

["Green, Timothy" <Timothy.Green () ManTech com>]

Hey all!



I'm a IT Security Manager (policy creation) that has been lurking on NANOG for about 3 years.  I have some experience 
in networking but nothing like what is mostly talked about on here.  I just love the talks you experts have and 
researching the tools you all mention.  I was having a tough time yesterday explaining to one of my nosey co-workers 
why I had the word Octopussy on my screen yesterday!



I'm trying to put a baseline policy together for all my network equipment and I have a few questions:



1.  Should config files be consistent? By this I mean; does the STIG apply its baseline to the config files or 
elsewhere?

2.  Are config file change alerts necessary for the security of network equipment?  We have just purchased the 
SolarWinds suite.

3.  Should we obfuscate our Private addresses on our Network Diagram?  What is the common practice?

4.  How can I get a grip on my ACLs or is it even possible?  How do you all maintain them without going insane!



If this isn't the correct forum for this "low level" stuff I understand; just guide me in the right direction.



Thanks in advance!



TG