Implementing Security with NCM

Blog 2



Security threats are growing every hour and frankly every minute…  I remember my first security class and my instructor telling us “Hacking at all levels just takes time, willpower, and egos. If you think you can secure your server take it to DEFCON and wait”. 


Needless to say we did this and everyone’s server was easily hacked into. (Was there a doubt...) So from that point on I was pretty confident security was a myth or a false sense of security.  Until, I realized the most common attacks are on the simplest of overlooked mistakes!


Eureka, this brought me to pursue ways to block out easily forgotten open gateways. That’s security being able to have a checks and balances in place to ensure that even the little things are not being accidentally overlooked.

 

This is where SolarWinds Network Configuration Manager (NCM) becomes a crucial piece to the bigger puzzle in security.  There are many ways to use NCM for added security with Automation backups, Real-time change notification (RTN), Change Approval, and Compliance Reports for your company’s security needs, management of policies, and reports that instantly provides you value from your product. 


This blog should jump start your security uses with NCM by leveraging these features together.  Next week’s blog will be over NCM 7.4 release and showcase some of the new additions and uses!


Automation Backups

First we should setup a scheduled job to back up your network devices.  To do this open your website to the configs location and click on “jobs” from the toolbar.  Here you can check the weekly or nightly config backup and edit to your liking. 


Jobs View

1.png

Some Engineers may only want certain devices while others will setup all devices within NCM.  This is really up to you as the Engineer.  Once you have this enabled and scheduled we will turn on your Real-time change notification (RTN). Here is link to how you can do this: Enable Real-time Chance Notification


Real-Time Change Notification

RTN allows you as the Network Engineer to be on top of any changes to your devices. Giving you automatic notifications and the ability to revert these once they have been made.  This can help against errors, sabotage, and defective equipment. 


When you are focusing on network security you need to make sure that changes are correctly being made and accounted for.  The built in auditing of who made the change and when also allows you to audit who is on your network and what they are doing.


Real-Time Change View

2.png


Change Approval

This leads me to the next part of great security practices, Change Approval Systems. You may ask why this would be such a great security tool or you may be thinking “OF COURSE”.  Either way implementing an approval system is key to securing your network right out of the box with NCM.


There are more requirements coming down the pipeline to businesses where change approval has to be bare minimum one tier.  This is because it vastly decreases your chances for human error that can cause horrible network issues and downtime.  If there is even a slight bit of a chance you can prevent unauthorized or incorrect changes on your network, then I’d say that is a win for all network engineers.


You are able to set this up quickly with the approval setup wizard found under the NCM settings>Config Management Change Approval>Setup Wizard (bottom right of the NCM settings page).  This will take you through a step by step implementation of activating your approval system.


Setup wizard location:

3.png

Once complete you now have email alerts and website resources that bring yourself or a different approver aware of a change to be made.  From the website resource of “Pending Approval List” you are able to see all pending and past changes.

 

So in essence you are able to prevent unexpected config changes that could cause downtime.  Which is a great investment in your network reliability since downtime cost more and more as applications and services are being used within more businesses.


From the pending location you are able to now view the change completely. You have choices you can make as an approver like view the script or change being requested, Edit the script if you notice it is incorrect or perhaps needs just an extra line of commands to make it official, approve this to be executed immediately or schedule to be made at a later time.


Change Approval View

5.png

Compliance Reports

Since we have the basics enabled lets dive into the compliance reporting.  These are key on monitoring your configurations for security errors, standardization of configs, and are fully customizable to adhere to your organizational needs.  If you are being audited or foresee this in your future, NCM takes the burden from countless hours of manually auditing your configs or piecing together programs to provide this information accurately.


Choose the Compliance portion of the Config toolbar and you will see out of the box best practices and awareness of compliance reporting.  I will be focusing on the “Cisco Reports” for this blog to get your feet wet in the compliance realm. 


When I click on the Cisco Reports folder I see two that populate Cisco Policy Report and Cisco Security Audit.  Check the policy report and then click the “view report” above.  Notice this will bring up your report and show you any violations.  If you click on the red x violation and you are presented with remediation options. How easy is that?


From this Violation Details popup you are presented with 3 options.  1. View the configuration of the device that’s config was found out of compliance.  2. Execute remediation Script on this node.  3. Execute remediation Script on all nodes in violation.


Compliance Report View

6.png


This is valuable and time saving for a few reasons.  For instance, you are new to a company and you’re wanting to bring things up to date or verify best practices currently within your environment. Standardization is key to efficiency on networks and you now have a way to carefully adjust and bring your configs to standardization with the help of these reports.


What if you are handed a new security policy that has to be enforced? NCM is fully customizable to your needs. You can edit an existing report or create a new report.  This allows you to manually setup your own rules to be checked against your configs. Then you are able to set a group of rules as your own policy.  Once this is complete move the policies and or rules to create a report that you need for your company.  Implement and run to verify your configurations and you’re done!


The customization and ease of implementation allows you to stay on top of your network needs in the ever changing security realm.  Compliance is a great defense for you company to ensure standardization, security, and reporting for auditing.

 

How can you set remediation scripts:

  • Click on compliance from toolbar
  • Then Manage policy reports

8.png

  • Click on manage rules
  • then choose are rule and click edit
    • or create a new rule

9.png

  • Scroll to remediation
  • add script to match your need to the rule

10.png

Security policies are only as good as the ones in place.  Time to dust off the policy book and start implementing and maintaining your network with the help of NCM’s security features like Real-time change notification, Change approval, and compliance reports.


Don’t miss next week’s blog on 7.4 new features and improvements.  Not to spoil anything, but there is more security and better troubleshooting coming your way! 

 

Tell me about your uses with NCM and Security as I would love to hear from everyone!  Also, comment on any ideas you have or things you want within NCM that helps or would help your security needs.

 

~Dez