Yesterday I was in Washington DC speaking about building frameworks for secure network management. It was a 4 hour session and we had experts from several different organizations and specialities including network design, network management, systems administration, and security. When I was preparing for the session I was worried that we wouldn't be able to fill all 4 hours but as usually occurs - we filled all the time and then some.
It's always intesting to me that security doesn't come up earlier in most network management discussions. I think this is because of the relationship between the security and network managment teams within many companies. Logically, they should be best buddies. You know, like the kind of pals that would give up the last bottle of Bud Light for one another or the kind of friends that would share a secret fishing hole or lend out their pickup trucks. Problem is, in many organizations they're nothing like that. Oftentimes these teams are adversaries reminiscent of the Greeks and Persians at the Battle of Thermopylae. I'll leave it to you to decide which is which...
It's really a shame because this animosity has some very negative impacts on both areas. For the network management team, they're so afraid to bring up the subject of security that they sometimes ignore this aspect of their network management architecture and framework until late in the game. For example, out of the attendees in yesterday's seminar under 10% were using SNMPv3 as opposed to earlier versions even though their hardware and their network management applications supported it. About 50% were using telnet in place of SSH and several hadn't put in any acess lists or filters to limit management traffic.
It's a little scary when you think about it. With today's available technologies and products you can deploy a powerful, scalable, easy to use, and secure network management system. You just need to plan ahead, choose your products wisely, and know the right places to compromise.
If you missed the event in DC and you'd like to learn more about this ping me and we'll host a webcast on the same subject.
Follow me on Twitter